1 /* 2 * Copyright (C) 2012 by Darren Reed. 3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 * 6 * $Id: interror.c,v 1.9.2.12 2012/07/22 08:03:39 darren_r Exp $ 7 */ 8 9 #include "ipf.h" 10 #include <fcntl.h> 11 #include <sys/ioctl.h> 12 13 typedef struct { 14 int iee_number; 15 char *iee_text; 16 } ipf_error_entry_t; 17 18 static ipf_error_entry_t *find_error(int); 19 20 #define IPF_NUM_ERRORS 477 21 22 /* 23 * NO REUSE OF NUMBERS! 24 * 25 * IF YOU WANT TO ADD AN ERROR TO THIS TABLE, _ADD_ A NEW NUMBER. 26 * DO _NOT_ USE AN EMPTY NUMBER OR FILL IN A GAP. 27 */ 28 static ipf_error_entry_t ipf_errors[IPF_NUM_ERRORS] = { 29 { 1, "auth table locked/full" }, 30 { 2, "" }, 31 { 3, "copyinptr received bad address" }, 32 { 4, "copyoutptr received bad address" }, 33 { 5, "" }, 34 { 6, "cannot load a rule with FR_T_BUILTIN flag set" }, 35 { 7, "internal rule without FR_T_BUILDINT flag set" }, 36 { 8, "no data provided with filter rule" }, 37 { 9, "invalid ioctl for rule" }, 38 { 10, "rule protocol is not 4 or 6" }, 39 { 11, "cannot find rule function" }, 40 { 12, "cannot find rule group" }, 41 { 13, "group in/out does not match rule in/out" }, 42 { 14, "rule without in/out does not belong to a group" }, 43 { 15, "cannot determine where to append rule" }, 44 { 16, "malloc for rule data failed" }, 45 { 17, "copyin for rule data failed" }, 46 { 18, "" }, 47 { 19, "zero data size for BPF rule" }, 48 { 20, "BPF validation failed" }, 49 { 21, "incorrect data size for IPF rule" }, 50 { 22, "'keep state' rule included 'with oow'" }, 51 { 23, "bad interface index with dynamic source address" }, 52 { 24, "bad interface index with dynamic dest. address" }, 53 { 25, "match array verif failed for filter rule" }, 54 { 26, "bad filter rule type" }, 55 { 27, "rule not found for zero'stats" }, 56 { 28, "copyout failed for zero'ing stats" }, 57 { 29, "rule not found for removing" }, 58 { 30, "cannot remove internal rule" }, 59 { 31, "rule in use" }, 60 { 32, "rule already exists" }, 61 { 33, "no memory for another rule" }, 62 { 34, "could not find function" }, 63 { 35, "copyout failed for resolving function name -> addr" }, 64 { 36, "copyout failed for resolving function addr -> name" }, 65 { 37, "function name/addr resolving search failed" }, 66 { 38, "group map cannot find it's hash table" }, 67 { 39, "group map hash-table in/out do not match rule" }, 68 { 40, "bcopyout failed for SIOCIPFINTERROR" }, 69 { 41, "" }, 70 { 42, "ipfilter not enabled for NAT ioctl" }, 71 { 43, "ipfilter not enabled for state ioctl" }, 72 { 44, "ipfilter not enabled for auth ioctl" }, 73 { 45, "ipfilter not enabled for sync ioctl" }, 74 { 46, "ipfilter not enabled for scan ioctl" }, 75 { 47, "ipfilter not enabled for lookup ioctl" }, 76 { 48, "unrecognised device minor number for ioctl" }, 77 { 49, "unrecognised object type for copying in ipfobj" }, 78 { 50, "mismatching object type for copying in ipfobj" }, 79 { 51, "object size too small for copying in ipfobj" }, 80 { 52, "object size mismatch for copying in ipfobj" }, 81 { 53, "compat object size too small for copying in ipfobj" }, 82 { 54, "compat object size mismatch for copying in ipfobj" }, 83 { 55, "error doing copyin of data for in ipfobj" }, 84 { 56, "unrecognised object type for size copy in ipfobj" }, 85 { 57, "object size too small for size copy in ipfobj" }, 86 { 58, "mismatching object type for size copy in ipfobj" }, 87 { 59, "object size mismatch for size copy in ipfobj" }, 88 { 60, "compat object size mismatch for size copy in ipfobj" }, 89 { 61, "error doing size copyin of data for in ipfobj" }, 90 { 62, "bad object type for size copy out ipfobj" }, 91 { 63, "mismatching object type for size copy out ipfobj" }, 92 { 64, "object size mismatch for size copy out ipfobj" }, 93 { 65, "compat object size wrong for size copy out ipfobj" }, 94 { 66, "error doing size copyout of data for out ipfobj" }, 95 { 67, "unrecognised object type for copying out ipfobj" }, 96 { 68, "mismatching object type for copying out ipfobj" }, 97 { 69, "object size too small for copying out ipfobj" }, 98 { 70, "object size mismatch for copying out ipfobj" }, 99 { 71, "compat object size too small for copying out ipfobj" }, 100 { 72, "compat object size mismatch for copying out ipfobj" }, 101 { 73, "error doing copyout of data for out ipfobj" }, 102 { 74, "attempt to add existing tunable name" }, 103 { 75, "cannot find tunable name to delete" }, 104 { 76, "internal data too big for next tunable" }, 105 { 77, "could not find tunable" }, 106 { 78, "tunable can only be changed when ipfilter disabled" }, 107 { 79, "new tunable value outside accepted range" }, 108 { 80, "ipftune called for unrecognised ioctl" }, 109 { 81, "" }, 110 { 82, "could not find token to delete" }, 111 { 83, "" }, 112 { 84, "attempt to get next rule when no more exist" }, 113 { 85, "value for iri_inout outside accepted range" }, 114 { 86, "value for iri_active outside accepted range" }, 115 { 87, "value for iri_nrules is 0" }, 116 { 88, "NULL pointer specified for where to copy rule to" }, 117 { 89, "copyout of rule failed" }, 118 { 90, "" }, 119 { 91, "could not get token for rule iteration" }, 120 { 92, "unrecognised generic iterator" }, 121 { 93, "could not find token for generic iterator" }, 122 { 94, "need write permissions to disable/enable ipfilter" }, 123 { 95, "error copying in enable/disable value" }, 124 { 96, "need write permissions to set ipf tunable" }, 125 { 97, "need write permissions to set ipf flags" }, 126 { 98, "error doing copyin of ipf flags" }, 127 { 99, "error doing copyout of ipf flags" }, 128 { 100, "need write permissions to add another rule" }, 129 { 101, "need write permissions to insert another rule" }, 130 { 102, "need write permissions to swap active rule set" }, 131 { 103, "error copying out current active rule set" }, 132 { 104, "need write permissions to zero ipf stats" }, 133 { 105, "need write permissions to flush ipf v4 rules" }, 134 { 106, "error copying out v4 flush results" }, 135 { 107, "error copying in v4 flush command" }, 136 { 108, "need write permissions to flush ipf v6 rules" }, 137 { 109, "error copying out v6 flush results" }, 138 { 110, "error copying in v6 flush command" }, 139 { 111, "error copying in new lock state for ipfilter" }, 140 { 112, "need write permissions to flush ipf logs" }, 141 { 113, "error copying out results of log flush" }, 142 { 114, "need write permissions to resync ipf" }, 143 { 115, "unrecognised ipf ioctl" }, 144 { 116, "error copying in match array" }, 145 { 117, "match array type is not IPFOBJ_IPFEXPR" }, 146 { 118, "bad size for match array" }, 147 { 119, "cannot allocate memory for match array" }, 148 { 120, "error copying in match array" }, 149 { 121, "error verifying contents of match array" }, 150 { 122, "need write permissions to set ipf lock status" }, 151 { 123, "error copying in data for function resolution" }, 152 { 124, "error copying in ipfobj structure" }, 153 { 125, "error copying in ipfobj structure" }, 154 { 126, "error copying in ipfobj structure" }, 155 { 127, "error copying in ipfobj structure" }, 156 { 128, "no memory for filter rule comment" }, 157 { 129, "error copying in filter rule comment" }, 158 { 130, "error copying out filter rule comment" }, 159 { 131, "no memory for new rule alloc buffer" }, 160 { 132, "cannot find source lookup pool" }, 161 { 133, "unknown source address type" }, 162 { 134, "cannot find destination lookup pool" }, 163 { 135, "unknown destination address type" }, 164 { 136, "icmp head group name index incorrect" }, 165 { 137, "group head name index incorrect" }, 166 { 138, "group name index incorrect" }, 167 { 139, "to interface name index incorrect" }, 168 { 140, "dup-to interface name index incorrect" }, 169 { 141, "reply-to interface name index incorrect" }, 170 { 142, "could not initialise call now function" }, 171 { 143, "could not initialise call function" }, 172 { 144, "could not find destination list" }, 173 { 145, "auth rules cannot have dup/to/fastroute" }, 174 { 146, "incorrect size for object to copy out" }, 175 { 147, "object type out of bounds for kernel copyout" }, 176 { 148, "object size too small for kernel copyout" }, 177 { 149, "object size validation failed for kernel copyout" }, 178 { 150, "error copying data out for kernel copyout" }, 179 { 151, "version mismatch for kernel copyout" }, 180 /* -------------------------------------------------------------------------- */ 181 { 10001, "could not find token for auth iterator" }, 182 { 10002, "write permissions require to add/remove auth rule" }, 183 { 10003, "need write permissions to set auth lock" }, 184 { 10004, "error copying out results of auth flush" }, 185 { 10005, "unknown auth ioctl" }, 186 { 10006, "can only append or remove preauth rules" }, 187 { 10007, "NULL pointers passed in for preauth remove" }, 188 { 10008, "preauth rule not found to remove" }, 189 { 10009, "could not malloc memory for preauth entry" }, 190 { 10010, "unrecognised preauth rule ioctl command" }, 191 { 10011, "iterator data supplied with NULL pointer" }, 192 { 10012, "unknown auth iterator type" }, 193 { 10013, "iterator error copying out auth data" }, 194 { 10014, "sleep waiting for auth packet interrupted" }, 195 { 10015, "bad index supplied in auth reply" }, 196 { 10016, "error injecting outbound packet back into kernel" }, 197 { 10017, "error injecting inbound packet back into kernel" }, 198 { 10018, "could not attempt to inject packet back into kernel" }, 199 { 10019, "packet id does not match" }, 200 /* -------------------------------------------------------------------------- */ 201 { 20001, "invalid frag token data pointer supplied" }, 202 { 20002, "error copying out frag token data" }, 203 { 20003, "can only copy one fragment state entry at a time" }, 204 /* -------------------------------------------------------------------------- */ 205 { 30001, "incorrect object size to get hash table stats" }, 206 { 30002, "could not malloc memory for new hash table" }, 207 { 30003, "error coping in hash table structure" }, 208 { 30004, "hash table already exists" }, 209 { 30005, "mismatch between new hash table and operation unit" }, 210 { 30006, "could not malloc memory for hash table base" }, 211 { 30007, "could not find hash table" }, 212 { 30008, "mismatch between hash table and operation unit" }, 213 { 30009, "could not find hash table for iterators next node" }, 214 { 30010, "unknown iterator tpe" }, 215 { 30011, "iterator error copying out hash table" }, 216 { 30012, "iterator error copying out hash table entry" }, 217 { 30013, "error copying out hash table statistics" }, 218 { 30014, "table node delete structure wrong size" }, 219 { 30015, "error copying in node to delete" }, 220 { 30016, "table to delete node from does not exist" }, 221 { 30017, "could not find table to remove node from" }, 222 { 30018, "table node add structure wrong size" }, 223 { 30019, "error copying in node to add" }, 224 { 30020, "could not find table to add node to" }, 225 { 30021, "node already exists in the table" }, 226 { 30022, "could not find node to delete in table" }, 227 { 30023, "uid mismatch on node to delete" }, 228 { 30024, "object size incorrect for hash table" }, 229 { 30025, "hash table size must be at least 1"}, 230 { 30026, "cannot allocate memory for hash table context" }, 231 /* -------------------------------------------------------------------------- */ 232 { 40001, "invalid minor device number for log read" }, 233 { 40002, "read size too small" }, 234 { 40003, "interrupted waiting for log data to read" }, 235 { 40004, "interrupted waiting for log data to read" }, 236 { 40005, "read size too large" }, 237 { 40006, "uiomove for read operation failed" }, 238 /* -------------------------------------------------------------------------- */ 239 { 50001, "unknown lookup ioctl" }, 240 { 50002, "error copying in object data for add node" }, 241 { 50003, "invalid unit for lookup add node" }, 242 { 50004, "incorrect size for adding a pool node" }, 243 { 50005, "error copying in pool node structure" }, 244 { 50006, "mismatch in pool node address/mask families" }, 245 { 50007, "could not find pool name" }, 246 { 50008, "node already exists in pool" }, 247 { 50009, "incorrect size for adding a hash node" }, 248 { 50010, "error copying in hash node structure" }, 249 { 50011, "could not find hash table name" }, 250 { 50012, "unrecognised object type for lookup add node" }, 251 { 50013, "invalid unit for lookup delete node" }, 252 { 50014, "incorrect size for deleting a pool node" }, 253 { 50015, "error copying in pool node structure" }, 254 { 50016, "could not find pool name" }, 255 { 50017, "could not find pool node" }, 256 { 50018, "incorrect size for removing a hash node" }, 257 { 50019, "error copying in hash node structure" }, 258 { 50020, "could not find hash table name" }, 259 { 50021, "unrecognised object type for lookup delete node" }, 260 { 50022, "error copying in add table data" }, 261 { 50023, "invalid unit for lookup add table" }, 262 { 50024, "pool name already exists" }, 263 { 50025, "hash table name already exists" }, 264 { 50026, "unrecognised object type for lookup add table" }, 265 { 50027, "error copying table data back out" }, 266 { 50028, "error copying in remove table data" }, 267 { 50029, "invalid unit for lookup remove table" }, 268 { 50030, "unrecognised object type for lookup remove table" }, 269 { 50031, "error copying in lookup stats structure" }, 270 { 50032, "invalid unit for lookup stats" }, 271 { 50033, "unrecognised object type for lookup stats" }, 272 { 50034, "error copying in flush lookup data" }, 273 { 50035, "invalid unit for lookup flush" }, 274 { 50036, "incorrect table type for lookup flush" }, 275 { 50037, "error copying out lookup flush results" }, 276 { 50038, "invalid unit for lookup iterator" }, 277 { 50039, "invalid unit for lookup iterator" }, 278 { 50040, "could not find token for lookup iterator" }, 279 { 50041, "unrecognised object type for lookup iterator" }, 280 { 50042, "error copying in lookup delete node operation" }, 281 /* -------------------------------------------------------------------------- */ 282 { 60001, "insufficient privilege for NAT write operation" }, 283 { 60002, "need write permissions to flush NAT logs" }, 284 { 60003, "need write permissions to turn NAT logging on/off" }, 285 { 60004, "error copying out current NAT log setting" }, 286 { 60005, "error copying out bytes waiting to be read in NAT \ 287 log" }, 288 { 60006, "need write permissions to add NAT rule" }, 289 { 60007, "NAT rule already exists" }, 290 { 60008, "could not allocate memory for NAT rule" }, 291 { 60009, "need write permissions to remove NAT rule" }, 292 { 60010, "NAT rule could not be found" }, 293 { 60011, "could not find NAT entry for redirect lookup" }, 294 { 60012, "need write permissions to flush NAT table" }, 295 { 60013, "error copying in NAT flush command" }, 296 { 60014, "need write permissions to do matching NAT flush" }, 297 { 60015, "need write permissions to set NAT lock" }, 298 { 60016, "need write permissions to add entry to NAT table" }, 299 { 60017, "NAT not locked for size retrieval" }, 300 { 60018, "NAT not locked for fetching NAT table entry" }, 301 { 60019, "error copying in NAT token data for deletion" }, 302 { 60020, "unknown NAT ioctl" }, 303 { 60021, "" }, 304 { 60022, "resolving proxy name in NAT rule failed" }, 305 { 60023, "only reply age specified in NAT rule" }, 306 { 60024, "error doing copyin to determine NAT entry size" }, 307 { 60025, "error copying out NAT size of 0" }, 308 { 60026, "NAT entry not found" }, 309 { 60027, "error doing copyout of NAT entry size" }, 310 { 60028, "invalid data size for getting NAT entry" }, 311 { 60029, "could not malloc temporary space for NAT entry" }, 312 { 60030, "no NAT table entries present" }, 313 { 60031, "NAT entry to get next from not found" }, 314 { 60032, "not enough space for proxy structure" }, 315 { 60033, "not enough space for private proxy data" }, 316 { 60034, "NAT entry size is too large" }, 317 { 60035, "could not malloc memory for NAT entry sratch space" }, 318 { 60036, "" }, 319 { 60037, "could not malloc memory for NAT entry" }, 320 { 60038, "could not malloc memory for NAT entry rule" }, 321 { 60039, "could not resolve NAT entry rule's proxy" }, 322 { 60040, "cannot add outbound duplicate NAT entry" }, 323 { 60041, "cannot add inbound duplicate NAT entry" }, 324 { 60042, "cannot add NAT entry that is neither IN nor OUT" }, 325 { 60043, "could not malloc memory for NAT proxy data" }, 326 { 60044, "proxy data size too big" }, 327 { 60045, "could not malloc proxy private data for NAT entry" }, 328 { 60046, "could not malloc memory for new NAT filter rule" }, 329 { 60047, "could not find existing filter rule for NAT entry" }, 330 { 60048, "insertion into NAT table failed" }, 331 { 60049, "iterator error copying out hostmap data" }, 332 { 60050, "iterator error copying out NAT rule data" }, 333 { 60051, "iterator error copying out NAT entry data" }, 334 { 60052, "iterator data supplied with NULL pointer" }, 335 { 60053, "unknown NAT iterator type" }, 336 { 60054, "unknown next address type" }, 337 { 60055, "iterator suppled with unknown type for get-next" }, 338 { 60056, "unknown lookup group for next address" }, 339 { 60057, "error copying out NAT log flush results" }, 340 { 60058, "bucket table type is incorrect" }, 341 { 60059, "error copying out NAT bucket table" }, 342 { 60060, "function not found for lookup" }, 343 { 60061, "address family not supported with SIOCSTPUT" }, 344 { 60062, "unknown timeout name" }, 345 { 60063, "cannot allocate new inbound NAT entry table" }, 346 { 60064, "cannot allocate new outbound NAT entry table" }, 347 { 60065, "cannot allocate new inbound NAT bucketlen table" }, 348 { 60066, "cannot allocate new outbound NAT bucketlen table" }, 349 { 60067, "cannot allocate new NAT rules table" }, 350 { 60068, "cannot allocate new NAT hostmap table" }, 351 { 60069, "new source lookup type is not dstlist" }, 352 { 60070, "cannot allocate NAT rule scratch space" }, 353 { 60071, "new destination lookup type is not dstlist" }, 354 { 60072, "function not found for lookup (ipv6)" }, 355 { 60073, "unknown lookup group for next address (ipv6)" }, 356 { 60074, "unknown next address type (ipv6)" }, 357 { 60075, "one object at a time must be copied" }, 358 { 60076, "NAT ioctl denied in jail without VNET" }, 359 /* -------------------------------------------------------------------------- */ 360 { 70001, "incorrect object size to get pool stats" }, 361 { 70002, "could not malloc memory for new pool node" }, 362 { 70003, "invalid address length for new pool node" }, 363 { 70004, "invalid mask length for new pool node" }, 364 { 70005, "error adding node to pool" }, 365 { 70006, "pool already exists" }, 366 { 70007, "could not malloc memory for new pool" }, 367 { 70008, "could not allocate radix tree for new pool" }, 368 { 70009, "could not find pool" }, 369 { 70010, "unknown pool name for iteration" }, 370 { 70011, "unknown pool iterator" }, 371 { 70012, "error copying out pool head" }, 372 { 70013, "error copying out pool node" }, 373 { 70014, "add node size incorrect" }, 374 { 70015, "error copying in pool node" }, 375 { 70016, "" }, 376 { 70017, "cannot find pool for node" }, 377 { 70018, "node entry already present in pool" }, 378 { 70019, "delete node size incorrect" }, 379 { 70020, "error copying in node to delete" }, 380 { 70021, "cannot find pool to delete node from" }, 381 { 70022, "cannot find node to delete in pool" }, 382 { 70023, "pool name already exists" }, 383 { 70024, "uid mismatch for node removal" }, 384 { 70025, "stats device unit is invalid" }, 385 { 70026, "error copying out statistics" }, 386 { 70027, "could not remove node from radix tree" }, 387 { 70028, "incorrect address length in pool node add" }, 388 { 70029, "incorrect mask length in pool node add" }, 389 { 70030, "incorrect address length in pool node remove" }, 390 { 70031, "incorrect mask length in pool node remove" }, 391 { 70032, "cannot allocate memory for pool context" }, 392 { 70033, "cannot allocate memory for radix tree context" }, 393 { 70034, "adding IPv6 node with incorrect address length" }, 394 { 70035, "IPv4 address not masked" }, 395 { 70036, "IPv6 address not masked" }, 396 { 70037, "removing IPv6 node with incorrect address length" }, 397 /* -------------------------------------------------------------------------- */ 398 { 80001, "could not find proxy" }, 399 { 80002, "proxy does not support control operations" }, 400 { 80003, "could not allocate data to hold proxy operation" }, 401 { 80004, "unknown proxy ioctl" }, 402 { 80005, "could not copyin proxy control structure" }, 403 { 80006, "DNS proxy could not find rule to delete" }, 404 { 80007, "DNS proxy found existing matching rule" }, 405 { 80008, "DNS proxy could not allocate memory for new rule" }, 406 { 80009, "DNS proxy unknown command request" }, 407 /* -------------------------------------------------------------------------- */ 408 { 90001, "could not malloc space for new scan structure" }, 409 { 90002, "scan tag already exists" }, 410 { 90003, "scan structure in use" }, 411 { 90004, "could not find matching scan tag for filter rule" }, 412 { 90005, "could not copyout scan statistics" }, 413 /* -------------------------------------------------------------------------- */ 414 { 100001, "cannot find matching state entry to remove" }, 415 { 100002, "error copying in v4 state flush command" }, 416 { 100003, "error copying out v4 state flush results" }, 417 { 100004, "error copying in v6 state flush command" }, 418 { 100005, "error copying out v6 state flush results" }, 419 { 100006, "" }, 420 { 100007, "" }, 421 { 100008, "need write permissions to flush state log" }, 422 { 100009, "error copyout results of flushing state log" }, 423 { 100010, "need write permissions to turn state logging on/off" }, 424 { 100011, "error copying in new state logging state" }, 425 { 100012, "error copying out current state logging state" }, 426 { 100013, "error copying out bytes waiting to be read in state \ 427 log" }, 428 { 100014, "need write permissions to set state lock" }, 429 { 100015, "need write permissions to add entry to state table" }, 430 { 100016, "state not locked for size retrieval" }, 431 { 100017, "error copying out hash table bucket lengths" }, 432 { 100018, "could not find token for state iterator" }, 433 { 100019, "error copying in state token data for deletion" }, 434 { 100020, "unknown state ioctl" }, 435 { 100021, "no state table entries present" }, 436 { 100022, "state entry to get next from not found" }, 437 { 100023, "could not malloc memory for state entry" }, 438 { 100024, "could not malloc memory for state entry rule" }, 439 { 100025, "could not copy back state entry to user space" }, 440 { 100026, "iterator data supplied with NULL pointer" }, 441 { 100027, "iterator supplied with 0 item count" }, 442 { 100028, "iterator type is incorrect" }, 443 { 100029, "invalid state token data pointer supplied" }, 444 { 100030, "error copying out next state entry" }, 445 { 100031, "unrecognised table request" }, 446 { 100032, "error copying out bucket length data" }, 447 { 100033, "could not find existing filter rule for state entry" }, 448 { 100034, "could not find timeout name" }, 449 { 100035, "could not allocate new state table" }, 450 { 100036, "could not allocate new state bucket length table" }, 451 /* -------------------------------------------------------------------------- */ 452 { 110001, "sync write header magic number is incorrect" }, 453 { 110002, "sync write header protocol is incorrect" }, 454 { 110003, "sync write header command is incorrect" }, 455 { 110004, "sync write header table number is incorrect" }, 456 { 110005, "data structure too small for sync write operation" }, 457 { 110006, "zero length data with sync write header" }, 458 { 110007, "insufficient data for sync write" }, 459 { 110008, "bad sync read size" }, 460 { 110009, "interrupted sync read (solaris)" }, 461 { 110010, "interrupted sync read (hpux)" }, 462 { 110011, "interrupted sync read (osf)" }, 463 { 110012, "interrupted sync read" }, 464 { 110013, "could not malloc memory for sync'd state" }, 465 { 110014, "could not malloc memory for sync-state list item" }, 466 { 110015, "sync update could not find state" }, 467 { 110016, "unrecognised sync state command" }, 468 { 110017, "could not malloc memory for new sync'd NAT entry" }, 469 { 110018, "could not malloc memory for sync-NAT list item" }, 470 { 110019, "sync update could not find NAT entry" }, 471 { 110020, "unrecognised sync NAT command" }, 472 { 110021, "ioctls are not handled with sync" }, 473 /* -------------------------------------------------------------------------- */ 474 { 120001, "null data pointer for iterator" }, 475 { 120002, "unit outside of acceptable range" }, 476 { 120003, "unknown iterator subtype" }, 477 { 120004, "cannot find dest. list for iteration" }, 478 { 120005, "error copying out destination iteration list" }, 479 { 120006, "error copying out destination iteration node" }, 480 { 120007, "wrong size for frdest_t structure" }, 481 { 120008, "cannot allocate memory for new destination node" }, 482 { 120009, "error copying in destination node to add" }, 483 { 120010, "could not find destination list to add node to" }, 484 { 120011, "error copying in destination node to remove" }, 485 { 120012, "could not find dest. list to remove node from" }, 486 { 120013, "destination list already exists" }, 487 { 120014, "could not allocate new destination table" }, 488 { 120015, "could not find destination list to remove" }, 489 { 120016, "destination list cannot be removed - it is busy" }, 490 { 120017, "error copying in names for destination" }, 491 { 120018, "destination name is too long/short" }, 492 { 120019, "unrecognised address family in destination" }, 493 { 120020, "" }, 494 { 120021, "error copying in new destination table" }, 495 { 120022, "cannot allocate memory for node table" }, 496 { 120023, "stats object size is incorrect for dest. lists" }, 497 { 120024, "stats device unit is invalid for dest. lists" }, 498 { 120025, "error copying out dest. list statistics" }, 499 { 120026, "cannot allocate memory for destination node" }, 500 { 120027, "error copying in destination node" }, 501 { 120028, "cannot allocate memory for destination context " }, 502 /* -------------------------------------------------------------------------- */ 503 { 130001, "ioctl denied by system security level" }, 504 { 130002, "ioctl operation on invalid minor device" }, 505 { 130003, "ioctl on device denied, ipfitler is disabled" }, 506 { 130004, "ioctl command not allowed when disabled" }, 507 { 130005, "ioctl denied due to insufficient authorisation" }, 508 { 130006, "cannot read while ipfilter is disabled" }, 509 { 130007, "read on minor device not supported" }, 510 { 130008, "cannot write while ipfilter is disabled" }, 511 { 130009, "write on minor device not supported" }, 512 { 130010, "poll on minor device is not supported" }, 513 { 130011, "error removing IPv4 filter hooks" }, 514 { 130012, "error removing IPv6 filter hooks" }, 515 { 130013, "attaching IPv4 hook failed" }, 516 { 130014, "attaching IPv6 hook failed" }, 517 { 130015, "ipf_init_all failed" }, 518 { 130016, "finding pfil head failed" }, 519 { 130017, "ipfilter is already initialised and running" }, 520 { 130018, "ioctl denied in jail without VNET" }, 521 }; 522 523 524 static ipf_error_entry_t * 525 find_error(int errnum) 526 { 527 ipf_error_entry_t *ie; 528 529 int l = -1, r = IPF_NUM_ERRORS + 1, step; 530 step = (r - l) / 2; 531 532 while (step != 0) { 533 ie = ipf_errors + l + step; 534 if (ie->iee_number == errnum) 535 return (ie); 536 step = l + step; 537 if (ie->iee_number > errnum) 538 r = step; 539 else 540 l = step; 541 step = (r - l) / 2; 542 } 543 544 return (NULL); 545 } 546 547 char * 548 ipf_geterror(int fd, ioctlfunc_t *func) 549 { 550 static char text[80]; 551 ipf_error_entry_t *ie; 552 int errnum; 553 554 if ((*func)(fd, SIOCIPFINTERROR, &errnum) == 0) { 555 556 ie = find_error(errnum); 557 if (ie != NULL) 558 return (ie->iee_text); 559 snprintf(text, sizeof(text), "unknown error %d", errnum); 560 } else { 561 snprintf(text, sizeof(text), "retrieving error number failed (%d)", errno); 562 } 563 return (text); 564 } 565 566 567 char * 568 ipf_strerror(int errnum) 569 { 570 static char text[80]; 571 ipf_error_entry_t *ie; 572 573 574 ie = find_error(errnum); 575 if (ie != NULL) 576 return (ie->iee_text); 577 578 snprintf(text, sizeof(text), "unknown error %d", errnum); 579 return (text); 580 } 581