xref: /freebsd/sbin/pfctl/pfctl_radix.c (revision 5dae51da3da0cc94d17bd67b308fad304ebec7e0)
1 /*	$OpenBSD: pfctl_radix.c,v 1.27 2005/05/21 21:03:58 henning Exp $ */
2 
3 /*
4  * Copyright (c) 2002 Cedric Berger
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  *    - Redistributions of source code must retain the above copyright
12  *      notice, this list of conditions and the following disclaimer.
13  *    - Redistributions in binary form must reproduce the above
14  *      copyright notice, this list of conditions and the following
15  *      disclaimer in the documentation and/or other materials provided
16  *      with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
23  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
26  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
28  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  *
31  */
32 
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
35 
36 #include <sys/types.h>
37 #include <sys/ioctl.h>
38 #include <sys/socket.h>
39 
40 #include <net/if.h>
41 #include <net/pfvar.h>
42 
43 #include <errno.h>
44 #include <string.h>
45 #include <ctype.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <limits.h>
49 #include <err.h>
50 
51 #include "pfctl.h"
52 
53 #define BUF_SIZE 256
54 
55 extern int dev;
56 
57 static int	 pfr_next_token(char buf[], FILE *);
58 
59 
60 int
61 pfr_clr_tables(struct pfr_table *filter, int *ndel, int flags)
62 {
63 	struct pfioc_table io;
64 
65 	bzero(&io, sizeof io);
66 	io.pfrio_flags = flags;
67 	if (filter != NULL)
68 		io.pfrio_table = *filter;
69 	if (ioctl(dev, DIOCRCLRTABLES, &io))
70 		return (-1);
71 	if (ndel != NULL)
72 		*ndel = io.pfrio_ndel;
73 	return (0);
74 }
75 
76 int
77 pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags)
78 {
79 	struct pfioc_table io;
80 
81 	if (size < 0 || (size && tbl == NULL)) {
82 		errno = EINVAL;
83 		return (-1);
84 	}
85 	bzero(&io, sizeof io);
86 	io.pfrio_flags = flags;
87 	io.pfrio_buffer = tbl;
88 	io.pfrio_esize = sizeof(*tbl);
89 	io.pfrio_size = size;
90 	if (ioctl(dev, DIOCRADDTABLES, &io))
91 		return (-1);
92 	if (nadd != NULL)
93 		*nadd = io.pfrio_nadd;
94 	return (0);
95 }
96 
97 int
98 pfr_del_tables(struct pfr_table *tbl, int size, int *ndel, int flags)
99 {
100 	struct pfioc_table io;
101 
102 	if (size < 0 || (size && tbl == NULL)) {
103 		errno = EINVAL;
104 		return (-1);
105 	}
106 	bzero(&io, sizeof io);
107 	io.pfrio_flags = flags;
108 	io.pfrio_buffer = tbl;
109 	io.pfrio_esize = sizeof(*tbl);
110 	io.pfrio_size = size;
111 	if (ioctl(dev, DIOCRDELTABLES, &io))
112 		return (-1);
113 	if (ndel != NULL)
114 		*ndel = io.pfrio_ndel;
115 	return (0);
116 }
117 
118 int
119 pfr_get_tables(struct pfr_table *filter, struct pfr_table *tbl, int *size,
120 	int flags)
121 {
122 	struct pfioc_table io;
123 
124 	if (size == NULL || *size < 0 || (*size && tbl == NULL)) {
125 		errno = EINVAL;
126 		return (-1);
127 	}
128 	bzero(&io, sizeof io);
129 	io.pfrio_flags = flags;
130 	if (filter != NULL)
131 		io.pfrio_table = *filter;
132 	io.pfrio_buffer = tbl;
133 	io.pfrio_esize = sizeof(*tbl);
134 	io.pfrio_size = *size;
135 	if (ioctl(dev, DIOCRGETTABLES, &io))
136 		return (-1);
137 	*size = io.pfrio_size;
138 	return (0);
139 }
140 
141 int
142 pfr_get_tstats(struct pfr_table *filter, struct pfr_tstats *tbl, int *size,
143 	int flags)
144 {
145 	struct pfioc_table io;
146 
147 	if (size == NULL || *size < 0 || (*size && tbl == NULL)) {
148 		errno = EINVAL;
149 		return (-1);
150 	}
151 	bzero(&io, sizeof io);
152 	io.pfrio_flags = flags;
153 	if (filter != NULL)
154 		io.pfrio_table = *filter;
155 	io.pfrio_buffer = tbl;
156 	io.pfrio_esize = sizeof(*tbl);
157 	io.pfrio_size = *size;
158 	if (ioctl(dev, DIOCRGETTSTATS, &io))
159 		return (-1);
160 	*size = io.pfrio_size;
161 	return (0);
162 }
163 
164 int
165 pfr_clr_addrs(struct pfr_table *tbl, int *ndel, int flags)
166 {
167 	struct pfioc_table io;
168 
169 	if (tbl == NULL) {
170 		errno = EINVAL;
171 		return (-1);
172 	}
173 	bzero(&io, sizeof io);
174 	io.pfrio_flags = flags;
175 	io.pfrio_table = *tbl;
176 	if (ioctl(dev, DIOCRCLRADDRS, &io))
177 		return (-1);
178 	if (ndel != NULL)
179 		*ndel = io.pfrio_ndel;
180 	return (0);
181 }
182 
183 int
184 pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
185     int *nadd, int flags)
186 {
187 	struct pfioc_table io;
188 
189 	if (tbl == NULL || size < 0 || (size && addr == NULL)) {
190 		errno = EINVAL;
191 		return (-1);
192 	}
193 	bzero(&io, sizeof io);
194 	io.pfrio_flags = flags;
195 	io.pfrio_table = *tbl;
196 	io.pfrio_buffer = addr;
197 	io.pfrio_esize = sizeof(*addr);
198 	io.pfrio_size = size;
199 	if (ioctl(dev, DIOCRADDADDRS, &io))
200 		return (-1);
201 	if (nadd != NULL)
202 		*nadd = io.pfrio_nadd;
203 	return (0);
204 }
205 
206 int
207 pfr_del_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
208     int *ndel, int flags)
209 {
210 	struct pfioc_table io;
211 
212 	if (tbl == NULL || size < 0 || (size && addr == NULL)) {
213 		errno = EINVAL;
214 		return (-1);
215 	}
216 	bzero(&io, sizeof io);
217 	io.pfrio_flags = flags;
218 	io.pfrio_table = *tbl;
219 	io.pfrio_buffer = addr;
220 	io.pfrio_esize = sizeof(*addr);
221 	io.pfrio_size = size;
222 	if (ioctl(dev, DIOCRDELADDRS, &io))
223 		return (-1);
224 	if (ndel != NULL)
225 		*ndel = io.pfrio_ndel;
226 	return (0);
227 }
228 
229 int
230 pfr_set_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
231     int *size2, int *nadd, int *ndel, int *nchange, int flags)
232 {
233 	struct pfioc_table io;
234 
235 	if (tbl == NULL || size < 0 || (size && addr == NULL)) {
236 		errno = EINVAL;
237 		return (-1);
238 	}
239 	bzero(&io, sizeof io);
240 	io.pfrio_flags = flags;
241 	io.pfrio_table = *tbl;
242 	io.pfrio_buffer = addr;
243 	io.pfrio_esize = sizeof(*addr);
244 	io.pfrio_size = size;
245 	io.pfrio_size2 = (size2 != NULL) ? *size2 : 0;
246 	if (ioctl(dev, DIOCRSETADDRS, &io))
247 		return (-1);
248 	if (nadd != NULL)
249 		*nadd = io.pfrio_nadd;
250 	if (ndel != NULL)
251 		*ndel = io.pfrio_ndel;
252 	if (nchange != NULL)
253 		*nchange = io.pfrio_nchange;
254 	if (size2 != NULL)
255 		*size2 = io.pfrio_size2;
256 	return (0);
257 }
258 
259 int
260 pfr_get_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int *size,
261     int flags)
262 {
263 	struct pfioc_table io;
264 
265 	if (tbl == NULL || size == NULL || *size < 0 ||
266 	    (*size && addr == NULL)) {
267 		errno = EINVAL;
268 		return (-1);
269 	}
270 	bzero(&io, sizeof io);
271 	io.pfrio_flags = flags;
272 	io.pfrio_table = *tbl;
273 	io.pfrio_buffer = addr;
274 	io.pfrio_esize = sizeof(*addr);
275 	io.pfrio_size = *size;
276 	if (ioctl(dev, DIOCRGETADDRS, &io))
277 		return (-1);
278 	*size = io.pfrio_size;
279 	return (0);
280 }
281 
282 int
283 pfr_get_astats(struct pfr_table *tbl, struct pfr_astats *addr, int *size,
284     int flags)
285 {
286 	struct pfioc_table io;
287 
288 	if (tbl == NULL || size == NULL || *size < 0 ||
289 	    (*size && addr == NULL)) {
290 		errno = EINVAL;
291 		return (-1);
292 	}
293 	bzero(&io, sizeof io);
294 	io.pfrio_flags = flags;
295 	io.pfrio_table = *tbl;
296 	io.pfrio_buffer = addr;
297 	io.pfrio_esize = sizeof(*addr);
298 	io.pfrio_size = *size;
299 	if (ioctl(dev, DIOCRGETASTATS, &io))
300 		return (-1);
301 	*size = io.pfrio_size;
302 	return (0);
303 }
304 
305 int
306 pfr_clr_tstats(struct pfr_table *tbl, int size, int *nzero, int flags)
307 {
308 	struct pfioc_table io;
309 
310 	if (size < 0 || (size && !tbl)) {
311 		errno = EINVAL;
312 		return (-1);
313 	}
314 	bzero(&io, sizeof io);
315 	io.pfrio_flags = flags;
316 	io.pfrio_buffer = tbl;
317 	io.pfrio_esize = sizeof(*tbl);
318 	io.pfrio_size = size;
319 	if (ioctl(dev, DIOCRCLRTSTATS, &io))
320 		return (-1);
321 	if (nzero)
322 		*nzero = io.pfrio_nzero;
323 	return (0);
324 }
325 
326 int
327 pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
328     int *nmatch, int flags)
329 {
330 	struct pfioc_table io;
331 
332 	if (tbl == NULL || size < 0 || (size && addr == NULL)) {
333 		errno = EINVAL;
334 		return (-1);
335 	}
336 	bzero(&io, sizeof io);
337 	io.pfrio_flags = flags;
338 	io.pfrio_table = *tbl;
339 	io.pfrio_buffer = addr;
340 	io.pfrio_esize = sizeof(*addr);
341 	io.pfrio_size = size;
342 	if (ioctl(dev, DIOCRTSTADDRS, &io))
343 		return (-1);
344 	if (nmatch)
345 		*nmatch = io.pfrio_nmatch;
346 	return (0);
347 }
348 
349 int
350 pfr_ina_define(struct pfr_table *tbl, struct pfr_addr *addr, int size,
351     int *nadd, int *naddr, int ticket, int flags)
352 {
353 	struct pfioc_table io;
354 
355 	if (tbl == NULL || size < 0 || (size && addr == NULL)) {
356 		errno = EINVAL;
357 		return (-1);
358 	}
359 	bzero(&io, sizeof io);
360 	io.pfrio_flags = flags;
361 	io.pfrio_table = *tbl;
362 	io.pfrio_buffer = addr;
363 	io.pfrio_esize = sizeof(*addr);
364 	io.pfrio_size = size;
365 	io.pfrio_ticket = ticket;
366 	if (ioctl(dev, DIOCRINADEFINE, &io))
367 		return (-1);
368 	if (nadd != NULL)
369 		*nadd = io.pfrio_nadd;
370 	if (naddr != NULL)
371 		*naddr = io.pfrio_naddr;
372 	return (0);
373 }
374 
375 /* interface management code */
376 
377 int
378 pfi_get_ifaces(const char *filter, struct pfi_kif *buf, int *size)
379 {
380 	struct pfioc_iface io;
381 
382 	if (size == NULL || *size < 0 || (*size && buf == NULL)) {
383 		errno = EINVAL;
384 		return (-1);
385 	}
386 	bzero(&io, sizeof io);
387 	if (filter != NULL)
388 		if (strlcpy(io.pfiio_name, filter, sizeof(io.pfiio_name)) >=
389 		    sizeof(io.pfiio_name)) {
390 			errno = EINVAL;
391 			return (-1);
392 		}
393 	io.pfiio_buffer = buf;
394 	io.pfiio_esize = sizeof(*buf);
395 	io.pfiio_size = *size;
396 	if (ioctl(dev, DIOCIGETIFACES, &io))
397 		return (-1);
398 	*size = io.pfiio_size;
399 	return (0);
400 }
401 
402 /* buffer management code */
403 
404 const size_t buf_esize[PFRB_MAX] = { 0,
405 	sizeof(struct pfr_table), sizeof(struct pfr_tstats),
406 	sizeof(struct pfr_addr), sizeof(struct pfr_astats),
407 	sizeof(struct pfi_kif), sizeof(struct pfioc_trans_e)
408 };
409 
410 /*
411  * add one element to the buffer
412  */
413 int
414 pfr_buf_add(struct pfr_buffer *b, const void *e)
415 {
416 	size_t bs;
417 
418 	if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX ||
419 	    e == NULL) {
420 		errno = EINVAL;
421 		return (-1);
422 	}
423 	bs = buf_esize[b->pfrb_type];
424 	if (b->pfrb_size == b->pfrb_msize)
425 		if (pfr_buf_grow(b, 0))
426 			return (-1);
427 	memcpy(((caddr_t)b->pfrb_caddr) + bs * b->pfrb_size, e, bs);
428 	b->pfrb_size++;
429 	return (0);
430 }
431 
432 /*
433  * return next element of the buffer (or first one if prev is NULL)
434  * see PFRB_FOREACH macro
435  */
436 void *
437 pfr_buf_next(struct pfr_buffer *b, const void *prev)
438 {
439 	size_t bs;
440 
441 	if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX)
442 		return (NULL);
443 	if (b->pfrb_size == 0)
444 		return (NULL);
445 	if (prev == NULL)
446 		return (b->pfrb_caddr);
447 	bs = buf_esize[b->pfrb_type];
448 	if ((((caddr_t)prev)-((caddr_t)b->pfrb_caddr)) / bs >= b->pfrb_size-1)
449 		return (NULL);
450 	return (((caddr_t)prev) + bs);
451 }
452 
453 /*
454  * minsize:
455  *    0: make the buffer somewhat bigger
456  *    n: make room for "n" entries in the buffer
457  */
458 int
459 pfr_buf_grow(struct pfr_buffer *b, int minsize)
460 {
461 	caddr_t p;
462 	size_t bs;
463 
464 	if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX) {
465 		errno = EINVAL;
466 		return (-1);
467 	}
468 	if (minsize != 0 && minsize <= b->pfrb_msize)
469 		return (0);
470 	bs = buf_esize[b->pfrb_type];
471 	if (!b->pfrb_msize) {
472 		if (minsize < 64)
473 			minsize = 64;
474 		b->pfrb_caddr = calloc(bs, minsize);
475 		if (b->pfrb_caddr == NULL)
476 			return (-1);
477 		b->pfrb_msize = minsize;
478 	} else {
479 		if (minsize == 0)
480 			minsize = b->pfrb_msize * 2;
481 		if (minsize < 0 || minsize >= SIZE_T_MAX / bs) {
482 			/* msize overflow */
483 			errno = ENOMEM;
484 			return (-1);
485 		}
486 		p = realloc(b->pfrb_caddr, minsize * bs);
487 		if (p == NULL)
488 			return (-1);
489 		bzero(p + b->pfrb_msize * bs, (minsize - b->pfrb_msize) * bs);
490 		b->pfrb_caddr = p;
491 		b->pfrb_msize = minsize;
492 	}
493 	return (0);
494 }
495 
496 /*
497  * reset buffer and free memory.
498  */
499 void
500 pfr_buf_clear(struct pfr_buffer *b)
501 {
502 	if (b == NULL)
503 		return;
504 	if (b->pfrb_caddr != NULL)
505 		free(b->pfrb_caddr);
506 	b->pfrb_caddr = NULL;
507 	b->pfrb_size = b->pfrb_msize = 0;
508 }
509 
510 int
511 pfr_buf_load(struct pfr_buffer *b, char *file, int nonetwork,
512     int (*append_addr)(struct pfr_buffer *, char *, int))
513 {
514 	FILE	*fp;
515 	char	 buf[BUF_SIZE];
516 	int	 rv;
517 
518 	if (file == NULL)
519 		return (0);
520 	if (!strcmp(file, "-"))
521 		fp = stdin;
522 	else {
523 		fp = pfctl_fopen(file, "r");
524 		if (fp == NULL)
525 			return (-1);
526 	}
527 	while ((rv = pfr_next_token(buf, fp)) == 1)
528 		if (append_addr(b, buf, nonetwork)) {
529 			rv = -1;
530 			break;
531 		}
532 	if (fp != stdin)
533 		fclose(fp);
534 	return (rv);
535 }
536 
537 int
538 pfr_next_token(char buf[BUF_SIZE], FILE *fp)
539 {
540 	static char	next_ch = ' ';
541 	int		i = 0;
542 
543 	for (;;) {
544 		/* skip spaces */
545 		while (isspace(next_ch) && !feof(fp))
546 			next_ch = fgetc(fp);
547 		/* remove from '#' until end of line */
548 		if (next_ch == '#')
549 			while (!feof(fp)) {
550 				next_ch = fgetc(fp);
551 				if (next_ch == '\n')
552 					break;
553 			}
554 		else
555 			break;
556 	}
557 	if (feof(fp)) {
558 		next_ch = ' ';
559 		return (0);
560 	}
561 	do {
562 		if (i < BUF_SIZE)
563 			buf[i++] = next_ch;
564 		next_ch = fgetc(fp);
565 	} while (!feof(fp) && !isspace(next_ch));
566 	if (i >= BUF_SIZE) {
567 		errno = EINVAL;
568 		return (-1);
569 	}
570 	buf[i] = '\0';
571 	return (1);
572 }
573 
574 char *
575 pfr_strerror(int errnum)
576 {
577 	switch (errnum) {
578 	case ESRCH:
579 		return "Table does not exist";
580 	case ENOENT:
581 		return "Anchor or Ruleset does not exist";
582 	default:
583 		return strerror(errnum);
584 	}
585 }
586