12cef6288SAlexander V. Chernikov /*-
22cef6288SAlexander V. Chernikov * SPDX-License-Identifier: BSD-2-Clause
32cef6288SAlexander V. Chernikov *
42cef6288SAlexander V. Chernikov * Copyright (c) 2023 Alexander V. Chernikov <melifaro@FreeBSD.org>
52cef6288SAlexander V. Chernikov * Copyright (c) 2023 Rubicon Communications, LLC (Netgate)
62cef6288SAlexander V. Chernikov *
72cef6288SAlexander V. Chernikov * Redistribution and use in source and binary forms, with or without
82cef6288SAlexander V. Chernikov * modification, are permitted provided that the following conditions
92cef6288SAlexander V. Chernikov * are met:
102cef6288SAlexander V. Chernikov * 1. Redistributions of source code must retain the above copyright
112cef6288SAlexander V. Chernikov * notice, this list of conditions and the following disclaimer.
122cef6288SAlexander V. Chernikov * 2. Redistributions in binary form must reproduce the above copyright
132cef6288SAlexander V. Chernikov * notice, this list of conditions and the following disclaimer in the
142cef6288SAlexander V. Chernikov * documentation and/or other materials provided with the distribution.
152cef6288SAlexander V. Chernikov *
162cef6288SAlexander V. Chernikov * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
172cef6288SAlexander V. Chernikov * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
182cef6288SAlexander V. Chernikov * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
192cef6288SAlexander V. Chernikov * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
202cef6288SAlexander V. Chernikov * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
212cef6288SAlexander V. Chernikov * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
222cef6288SAlexander V. Chernikov * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
232cef6288SAlexander V. Chernikov * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
242cef6288SAlexander V. Chernikov * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
252cef6288SAlexander V. Chernikov * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
262cef6288SAlexander V. Chernikov * SUCH DAMAGE.
272cef6288SAlexander V. Chernikov *
282cef6288SAlexander V. Chernikov */
2971d3c704SKristof Provost #include <sys/cdefs.h>
3071d3c704SKristof Provost #include "opt_inet.h"
3171d3c704SKristof Provost #include "opt_inet6.h"
322cef6288SAlexander V. Chernikov
332cef6288SAlexander V. Chernikov #include <sys/param.h>
342cef6288SAlexander V. Chernikov #include <sys/malloc.h>
352cef6288SAlexander V. Chernikov #include <sys/mbuf.h>
36e774c1efSKristof Provost #include <sys/priv.h>
372cef6288SAlexander V. Chernikov #include <sys/socket.h>
387b2ab18fSKonstantin Belousov #include <sys/ucred.h>
392cef6288SAlexander V. Chernikov
402cef6288SAlexander V. Chernikov #include <net/pfvar.h>
412cef6288SAlexander V. Chernikov
422cef6288SAlexander V. Chernikov #include <netlink/netlink.h>
432cef6288SAlexander V. Chernikov #include <netlink/netlink_ctl.h>
442cef6288SAlexander V. Chernikov #include <netlink/netlink_generic.h>
452cef6288SAlexander V. Chernikov #include <netlink/netlink_message_writer.h>
462cef6288SAlexander V. Chernikov
472cef6288SAlexander V. Chernikov #include <netpfil/pf/pf_nl.h>
482cef6288SAlexander V. Chernikov
492cef6288SAlexander V. Chernikov #define DEBUG_MOD_NAME nl_pf
502cef6288SAlexander V. Chernikov #define DEBUG_MAX_LEVEL LOG_DEBUG3
512cef6288SAlexander V. Chernikov #include <netlink/netlink_debug.h>
522cef6288SAlexander V. Chernikov _DECLARE_DEBUG(LOG_DEBUG);
532cef6288SAlexander V. Chernikov
542cef6288SAlexander V. Chernikov struct nl_parsed_state {
552cef6288SAlexander V. Chernikov uint8_t version;
562cef6288SAlexander V. Chernikov uint32_t id;
572cef6288SAlexander V. Chernikov uint32_t creatorid;
58044eef6aSKristof Provost char ifname[IFNAMSIZ];
59044eef6aSKristof Provost uint16_t proto;
60044eef6aSKristof Provost sa_family_t af;
61044eef6aSKristof Provost struct pf_addr addr;
62044eef6aSKristof Provost struct pf_addr mask;
632cef6288SAlexander V. Chernikov };
642cef6288SAlexander V. Chernikov
652cef6288SAlexander V. Chernikov #define _IN(_field) offsetof(struct genlmsghdr, _field)
662cef6288SAlexander V. Chernikov #define _OUT(_field) offsetof(struct nl_parsed_state, _field)
672cef6288SAlexander V. Chernikov static const struct nlattr_parser nla_p_state[] = {
682cef6288SAlexander V. Chernikov { .type = PF_ST_ID, .off = _OUT(id), .cb = nlattr_get_uint32 },
692cef6288SAlexander V. Chernikov { .type = PF_ST_CREATORID, .off = _OUT(creatorid), .cb = nlattr_get_uint32 },
70044eef6aSKristof Provost { .type = PF_ST_IFNAME, .arg = (const void *)IFNAMSIZ, .off = _OUT(ifname), .cb = nlattr_get_chara },
71e8ff5e56SKristof Provost { .type = PF_ST_AF, .off = _OUT(af), .cb = nlattr_get_uint8 },
72044eef6aSKristof Provost { .type = PF_ST_PROTO, .off = _OUT(proto), .cb = nlattr_get_uint16 },
73044eef6aSKristof Provost { .type = PF_ST_FILTER_ADDR, .off = _OUT(addr), .cb = nlattr_get_in6_addr },
74044eef6aSKristof Provost { .type = PF_ST_FILTER_MASK, .off = _OUT(mask), .cb = nlattr_get_in6_addr },
752cef6288SAlexander V. Chernikov };
762cef6288SAlexander V. Chernikov static const struct nlfield_parser nlf_p_generic[] = {
772cef6288SAlexander V. Chernikov { .off_in = _IN(version), .off_out = _OUT(version), .cb = nlf_get_u8 },
782cef6288SAlexander V. Chernikov };
792cef6288SAlexander V. Chernikov #undef _IN
802cef6288SAlexander V. Chernikov #undef _OUT
812cef6288SAlexander V. Chernikov NL_DECLARE_PARSER(state_parser, struct genlmsghdr, nlf_p_generic, nla_p_state);
822cef6288SAlexander V. Chernikov
832cef6288SAlexander V. Chernikov static void
dump_addr(struct nl_writer * nw,int attr,const struct pf_addr * addr,int af)842cef6288SAlexander V. Chernikov dump_addr(struct nl_writer *nw, int attr, const struct pf_addr *addr, int af)
852cef6288SAlexander V. Chernikov {
862cef6288SAlexander V. Chernikov switch (af) {
872cef6288SAlexander V. Chernikov case AF_INET:
882cef6288SAlexander V. Chernikov nlattr_add(nw, attr, 4, &addr->v4);
892cef6288SAlexander V. Chernikov break;
902cef6288SAlexander V. Chernikov case AF_INET6:
912cef6288SAlexander V. Chernikov nlattr_add(nw, attr, 16, &addr->v6);
922cef6288SAlexander V. Chernikov break;
932cef6288SAlexander V. Chernikov };
942cef6288SAlexander V. Chernikov }
952cef6288SAlexander V. Chernikov
962cef6288SAlexander V. Chernikov static bool
dump_state_peer(struct nl_writer * nw,int attr,const struct pf_state_peer * peer)972cef6288SAlexander V. Chernikov dump_state_peer(struct nl_writer *nw, int attr, const struct pf_state_peer *peer)
982cef6288SAlexander V. Chernikov {
992cef6288SAlexander V. Chernikov int off = nlattr_add_nested(nw, attr);
1002cef6288SAlexander V. Chernikov if (off == 0)
1012cef6288SAlexander V. Chernikov return (false);
1022cef6288SAlexander V. Chernikov
1032cef6288SAlexander V. Chernikov nlattr_add_u32(nw, PF_STP_SEQLO, peer->seqlo);
1042cef6288SAlexander V. Chernikov nlattr_add_u32(nw, PF_STP_SEQHI, peer->seqhi);
1052cef6288SAlexander V. Chernikov nlattr_add_u32(nw, PF_STP_SEQDIFF, peer->seqdiff);
1062cef6288SAlexander V. Chernikov nlattr_add_u16(nw, PF_STP_MAX_WIN, peer->max_win);
1072cef6288SAlexander V. Chernikov nlattr_add_u16(nw, PF_STP_MSS, peer->mss);
1082cef6288SAlexander V. Chernikov nlattr_add_u8(nw, PF_STP_STATE, peer->state);
1092cef6288SAlexander V. Chernikov nlattr_add_u8(nw, PF_STP_WSCALE, peer->wscale);
1102cef6288SAlexander V. Chernikov
1112cef6288SAlexander V. Chernikov if (peer->scrub != NULL) {
1122cef6288SAlexander V. Chernikov struct pf_state_scrub *sc = peer->scrub;
1132cef6288SAlexander V. Chernikov uint16_t pfss_flags = sc->pfss_flags & PFSS_TIMESTAMP;
1142cef6288SAlexander V. Chernikov
1152cef6288SAlexander V. Chernikov nlattr_add_u16(nw, PF_STP_PFSS_FLAGS, pfss_flags);
1162cef6288SAlexander V. Chernikov nlattr_add_u32(nw, PF_STP_PFSS_TS_MOD, sc->pfss_ts_mod);
1172cef6288SAlexander V. Chernikov nlattr_add_u8(nw, PF_STP_PFSS_TTL, sc->pfss_ttl);
1182cef6288SAlexander V. Chernikov nlattr_add_u8(nw, PF_STP_SCRUB_FLAG, PFSYNC_SCRUB_FLAG_VALID);
1192cef6288SAlexander V. Chernikov }
1202cef6288SAlexander V. Chernikov nlattr_set_len(nw, off);
1212cef6288SAlexander V. Chernikov
1222cef6288SAlexander V. Chernikov return (true);
1232cef6288SAlexander V. Chernikov }
1242cef6288SAlexander V. Chernikov
1252cef6288SAlexander V. Chernikov static bool
dump_state_key(struct nl_writer * nw,int attr,const struct pf_state_key * key)1262cef6288SAlexander V. Chernikov dump_state_key(struct nl_writer *nw, int attr, const struct pf_state_key *key)
1272cef6288SAlexander V. Chernikov {
1282cef6288SAlexander V. Chernikov int off = nlattr_add_nested(nw, attr);
1292cef6288SAlexander V. Chernikov if (off == 0)
1302cef6288SAlexander V. Chernikov return (false);
1312cef6288SAlexander V. Chernikov
1322cef6288SAlexander V. Chernikov dump_addr(nw, PF_STK_ADDR0, &key->addr[0], key->af);
1332cef6288SAlexander V. Chernikov dump_addr(nw, PF_STK_ADDR1, &key->addr[1], key->af);
1342cef6288SAlexander V. Chernikov nlattr_add_u16(nw, PF_STK_PORT0, key->port[0]);
1352cef6288SAlexander V. Chernikov nlattr_add_u16(nw, PF_STK_PORT1, key->port[1]);
136ebe11b46SKristof Provost nlattr_add_u8(nw, PF_STK_AF, key->af);
137ebe11b46SKristof Provost nlattr_add_u16(nw, PF_STK_PROTO, key->proto);
1382cef6288SAlexander V. Chernikov
1392cef6288SAlexander V. Chernikov nlattr_set_len(nw, off);
1402cef6288SAlexander V. Chernikov
1412cef6288SAlexander V. Chernikov return (true);
1422cef6288SAlexander V. Chernikov }
1432cef6288SAlexander V. Chernikov
1442cef6288SAlexander V. Chernikov static int
dump_state(struct nlpcb * nlp,const struct nlmsghdr * hdr,struct pf_kstate * s,struct nl_pstate * npt)1452cef6288SAlexander V. Chernikov dump_state(struct nlpcb *nlp, const struct nlmsghdr *hdr, struct pf_kstate *s,
1462cef6288SAlexander V. Chernikov struct nl_pstate *npt)
1472cef6288SAlexander V. Chernikov {
1482cef6288SAlexander V. Chernikov struct nl_writer *nw = npt->nw;
1492cef6288SAlexander V. Chernikov int error = 0;
1502cef6288SAlexander V. Chernikov int af;
1512cef6288SAlexander V. Chernikov struct pf_state_key *key;
1522cef6288SAlexander V. Chernikov
153b1e0f0ffSKristof Provost PF_STATE_LOCK_ASSERT(s);
154b1e0f0ffSKristof Provost
1552cef6288SAlexander V. Chernikov if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
1562cef6288SAlexander V. Chernikov goto enomem;
1572cef6288SAlexander V. Chernikov
1582cef6288SAlexander V. Chernikov struct genlmsghdr *ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
1592cef6288SAlexander V. Chernikov ghdr_new->cmd = PFNL_CMD_GETSTATES;
1602cef6288SAlexander V. Chernikov ghdr_new->version = 0;
1612cef6288SAlexander V. Chernikov ghdr_new->reserved = 0;
1622cef6288SAlexander V. Chernikov
1632cef6288SAlexander V. Chernikov nlattr_add_u64(nw, PF_ST_VERSION, PF_STATE_VERSION);
1642cef6288SAlexander V. Chernikov
1652cef6288SAlexander V. Chernikov key = s->key[PF_SK_WIRE];
1662cef6288SAlexander V. Chernikov if (!dump_state_key(nw, PF_ST_KEY_WIRE, key))
1672cef6288SAlexander V. Chernikov goto enomem;
1682cef6288SAlexander V. Chernikov key = s->key[PF_SK_STACK];
1692cef6288SAlexander V. Chernikov if (!dump_state_key(nw, PF_ST_KEY_STACK, key))
1702cef6288SAlexander V. Chernikov goto enomem;
1712cef6288SAlexander V. Chernikov
1722cef6288SAlexander V. Chernikov af = s->key[PF_SK_WIRE]->af;
1732cef6288SAlexander V. Chernikov nlattr_add_u8(nw, PF_ST_PROTO, s->key[PF_SK_WIRE]->proto);
1742cef6288SAlexander V. Chernikov nlattr_add_u8(nw, PF_ST_AF, af);
1752cef6288SAlexander V. Chernikov
1762cef6288SAlexander V. Chernikov nlattr_add_string(nw, PF_ST_IFNAME, s->kif->pfik_name);
1772cef6288SAlexander V. Chernikov nlattr_add_string(nw, PF_ST_ORIG_IFNAME, s->orig_kif->pfik_name);
178c49c9da2SKajetan Staszkiewicz dump_addr(nw, PF_ST_RT_ADDR, &s->act.rt_addr, af);
17904932601SKristof Provost nlattr_add_u32(nw, PF_ST_CREATION, time_uptime - (s->creation / 1000));
1802cef6288SAlexander V. Chernikov uint32_t expire = pf_state_expires(s);
1812cef6288SAlexander V. Chernikov if (expire > time_uptime)
1822cef6288SAlexander V. Chernikov expire = expire - time_uptime;
1832cef6288SAlexander V. Chernikov nlattr_add_u32(nw, PF_ST_EXPIRE, expire);
1842cef6288SAlexander V. Chernikov nlattr_add_u8(nw, PF_ST_DIRECTION, s->direction);
1852cef6288SAlexander V. Chernikov nlattr_add_u8(nw, PF_ST_LOG, s->act.log);
1862cef6288SAlexander V. Chernikov nlattr_add_u8(nw, PF_ST_TIMEOUT, s->timeout);
1872cef6288SAlexander V. Chernikov nlattr_add_u16(nw, PF_ST_STATE_FLAGS, s->state_flags);
1882cef6288SAlexander V. Chernikov uint8_t sync_flags = 0;
18907e070efSKajetan Staszkiewicz if (s->sns[PF_SN_LIMIT] != NULL)
1902cef6288SAlexander V. Chernikov sync_flags |= PFSYNC_FLAG_SRCNODE;
19107e070efSKajetan Staszkiewicz if (s->sns[PF_SN_NAT] != NULL || s->sns[PF_SN_ROUTE])
1922cef6288SAlexander V. Chernikov sync_flags |= PFSYNC_FLAG_NATSRCNODE;
1932cef6288SAlexander V. Chernikov nlattr_add_u8(nw, PF_ST_SYNC_FLAGS, sync_flags);
1942cef6288SAlexander V. Chernikov nlattr_add_u64(nw, PF_ST_ID, s->id);
1952cef6288SAlexander V. Chernikov nlattr_add_u32(nw, PF_ST_CREATORID, htonl(s->creatorid));
1962cef6288SAlexander V. Chernikov
197e5c64b26SKajetan Staszkiewicz nlattr_add_u32(nw, PF_ST_RULE, s->rule ? s->rule->nr : -1);
198e5c64b26SKajetan Staszkiewicz nlattr_add_u32(nw, PF_ST_ANCHOR, s->anchor ? s->anchor->nr : -1);
199e5c64b26SKajetan Staszkiewicz nlattr_add_u32(nw, PF_ST_NAT_RULE, s->nat_rule ? s->nat_rule->nr : -1);
2002cef6288SAlexander V. Chernikov
2012cef6288SAlexander V. Chernikov nlattr_add_u64(nw, PF_ST_PACKETS0, s->packets[0]);
2022cef6288SAlexander V. Chernikov nlattr_add_u64(nw, PF_ST_PACKETS1, s->packets[1]);
2032cef6288SAlexander V. Chernikov nlattr_add_u64(nw, PF_ST_BYTES0, s->bytes[0]);
2042cef6288SAlexander V. Chernikov nlattr_add_u64(nw, PF_ST_BYTES1, s->bytes[1]);
205881bf881SKristof Provost nlattr_add_u32(nw, PF_ST_RTABLEID, s->act.rtableid);
206881bf881SKristof Provost nlattr_add_u8(nw, PF_ST_MIN_TTL, s->act.min_ttl);
207881bf881SKristof Provost nlattr_add_u16(nw, PF_ST_MAX_MSS, s->act.max_mss);
208881bf881SKristof Provost nlattr_add_u16(nw, PF_ST_DNPIPE, s->act.dnpipe);
209881bf881SKristof Provost nlattr_add_u16(nw, PF_ST_DNRPIPE, s->act.dnrpipe);
210c49c9da2SKajetan Staszkiewicz nlattr_add_u8(nw, PF_ST_RT, s->act.rt);
211c49c9da2SKajetan Staszkiewicz if (s->act.rt_kif != NULL)
212c49c9da2SKajetan Staszkiewicz nlattr_add_string(nw, PF_ST_RT_IFNAME, s->act.rt_kif->pfik_name);
21307e070efSKajetan Staszkiewicz uint8_t src_node_flags = 0;
21407e070efSKajetan Staszkiewicz if (s->sns[PF_SN_LIMIT] != NULL) {
21507e070efSKajetan Staszkiewicz src_node_flags |= PFSTATE_SRC_NODE_LIMIT;
21607e070efSKajetan Staszkiewicz if (s->sns[PF_SN_LIMIT]->rule == &V_pf_default_rule)
21707e070efSKajetan Staszkiewicz src_node_flags |= PFSTATE_SRC_NODE_LIMIT_GLOBAL;
21807e070efSKajetan Staszkiewicz }
21907e070efSKajetan Staszkiewicz if (s->sns[PF_SN_NAT] != NULL)
22007e070efSKajetan Staszkiewicz src_node_flags |= PFSTATE_SRC_NODE_NAT;
22107e070efSKajetan Staszkiewicz if (s->sns[PF_SN_ROUTE] != NULL)
22207e070efSKajetan Staszkiewicz src_node_flags |= PFSTATE_SRC_NODE_ROUTE;
22307e070efSKajetan Staszkiewicz nlattr_add_u8(nw, PF_ST_SRC_NODE_FLAGS, src_node_flags);
2242cef6288SAlexander V. Chernikov
2252cef6288SAlexander V. Chernikov if (!dump_state_peer(nw, PF_ST_PEER_SRC, &s->src))
2262cef6288SAlexander V. Chernikov goto enomem;
2272cef6288SAlexander V. Chernikov if (!dump_state_peer(nw, PF_ST_PEER_DST, &s->dst))
2282cef6288SAlexander V. Chernikov goto enomem;
2292cef6288SAlexander V. Chernikov
2302cef6288SAlexander V. Chernikov if (nlmsg_end(nw))
2312cef6288SAlexander V. Chernikov return (0);
2322cef6288SAlexander V. Chernikov
2332cef6288SAlexander V. Chernikov enomem:
2342cef6288SAlexander V. Chernikov error = ENOMEM;
2352cef6288SAlexander V. Chernikov nlmsg_abort(nw);
2362cef6288SAlexander V. Chernikov return (error);
2372cef6288SAlexander V. Chernikov }
2382cef6288SAlexander V. Chernikov
2392cef6288SAlexander V. Chernikov static int
handle_dumpstates(struct nlpcb * nlp,struct nl_parsed_state * attrs,struct nlmsghdr * hdr,struct nl_pstate * npt)2402cef6288SAlexander V. Chernikov handle_dumpstates(struct nlpcb *nlp, struct nl_parsed_state *attrs,
2412cef6288SAlexander V. Chernikov struct nlmsghdr *hdr, struct nl_pstate *npt)
2422cef6288SAlexander V. Chernikov {
2432cef6288SAlexander V. Chernikov int error = 0;
2442cef6288SAlexander V. Chernikov
2452cef6288SAlexander V. Chernikov hdr->nlmsg_flags |= NLM_F_MULTI;
2462cef6288SAlexander V. Chernikov
247271f1469SKristof Provost for (int i = 0; i <= V_pf_hashmask; i++) {
2482cef6288SAlexander V. Chernikov struct pf_idhash *ih = &V_pf_idhash[i];
2492cef6288SAlexander V. Chernikov struct pf_kstate *s;
2502cef6288SAlexander V. Chernikov
2512cef6288SAlexander V. Chernikov if (LIST_EMPTY(&ih->states))
2522cef6288SAlexander V. Chernikov continue;
2532cef6288SAlexander V. Chernikov
2542cef6288SAlexander V. Chernikov PF_HASHROW_LOCK(ih);
2552cef6288SAlexander V. Chernikov LIST_FOREACH(s, &ih->states, entry) {
256044eef6aSKristof Provost sa_family_t af = s->key[PF_SK_WIRE]->af;
257044eef6aSKristof Provost
258044eef6aSKristof Provost if (s->timeout == PFTM_UNLINKED)
259044eef6aSKristof Provost continue;
260044eef6aSKristof Provost
261044eef6aSKristof Provost /* Filter */
262044eef6aSKristof Provost if (attrs->creatorid != 0 && s->creatorid != attrs->creatorid)
263044eef6aSKristof Provost continue;
264044eef6aSKristof Provost if (attrs->ifname[0] != 0 &&
265044eef6aSKristof Provost strncmp(attrs->ifname, s->kif->pfik_name, IFNAMSIZ) != 0)
266044eef6aSKristof Provost continue;
267044eef6aSKristof Provost if (attrs->proto != 0 && s->key[PF_SK_WIRE]->proto != attrs->proto)
268044eef6aSKristof Provost continue;
269044eef6aSKristof Provost if (attrs->af != 0 && af != attrs->af)
270044eef6aSKristof Provost continue;
271044eef6aSKristof Provost if (pf_match_addr(1, &s->key[PF_SK_WIRE]->addr[0],
272044eef6aSKristof Provost &attrs->mask, &attrs->addr, af) &&
273044eef6aSKristof Provost pf_match_addr(1, &s->key[PF_SK_WIRE]->addr[1],
274044eef6aSKristof Provost &attrs->mask, &attrs->addr, af) &&
275044eef6aSKristof Provost pf_match_addr(1, &s->key[PF_SK_STACK]->addr[0],
276044eef6aSKristof Provost &attrs->mask, &attrs->addr, af) &&
277044eef6aSKristof Provost pf_match_addr(1, &s->key[PF_SK_STACK]->addr[1],
278044eef6aSKristof Provost &attrs->mask, &attrs->addr, af))
279044eef6aSKristof Provost continue;
280044eef6aSKristof Provost
2812cef6288SAlexander V. Chernikov error = dump_state(nlp, hdr, s, npt);
2822cef6288SAlexander V. Chernikov if (error != 0)
2832cef6288SAlexander V. Chernikov break;
2842cef6288SAlexander V. Chernikov }
2852cef6288SAlexander V. Chernikov PF_HASHROW_UNLOCK(ih);
2862cef6288SAlexander V. Chernikov }
2872cef6288SAlexander V. Chernikov
2882cef6288SAlexander V. Chernikov if (!nlmsg_end_dump(npt->nw, error, hdr)) {
2892cef6288SAlexander V. Chernikov NL_LOG(LOG_DEBUG, "Unable to finalize the dump");
2902cef6288SAlexander V. Chernikov return (ENOMEM);
2912cef6288SAlexander V. Chernikov }
2922cef6288SAlexander V. Chernikov
2932cef6288SAlexander V. Chernikov return (error);
2942cef6288SAlexander V. Chernikov }
2952cef6288SAlexander V. Chernikov
2962cef6288SAlexander V. Chernikov static int
handle_getstate(struct nlpcb * nlp,struct nl_parsed_state * attrs,struct nlmsghdr * hdr,struct nl_pstate * npt)2972cef6288SAlexander V. Chernikov handle_getstate(struct nlpcb *nlp, struct nl_parsed_state *attrs,
2982cef6288SAlexander V. Chernikov struct nlmsghdr *hdr, struct nl_pstate *npt)
2992cef6288SAlexander V. Chernikov {
300b1e0f0ffSKristof Provost struct pf_kstate *s;
301b1e0f0ffSKristof Provost int ret;
302b1e0f0ffSKristof Provost
303b1e0f0ffSKristof Provost s = pf_find_state_byid(attrs->id, attrs->creatorid);
3042cef6288SAlexander V. Chernikov if (s == NULL)
3052cef6288SAlexander V. Chernikov return (ENOENT);
306b1e0f0ffSKristof Provost ret = dump_state(nlp, hdr, s, npt);
307b1e0f0ffSKristof Provost PF_STATE_UNLOCK(s);
308b1e0f0ffSKristof Provost
309b1e0f0ffSKristof Provost return (ret);
3102cef6288SAlexander V. Chernikov }
3112cef6288SAlexander V. Chernikov
3122cef6288SAlexander V. Chernikov static int
dump_creatorid(struct nlpcb * nlp,const struct nlmsghdr * hdr,uint32_t creator,struct nl_pstate * npt)313a7191e5dSKristof Provost dump_creatorid(struct nlpcb *nlp, const struct nlmsghdr *hdr, uint32_t creator,
314a7191e5dSKristof Provost struct nl_pstate *npt)
315a7191e5dSKristof Provost {
316a7191e5dSKristof Provost struct nl_writer *nw = npt->nw;
317a7191e5dSKristof Provost
318a7191e5dSKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
319a7191e5dSKristof Provost goto enomem;
320a7191e5dSKristof Provost
321a7191e5dSKristof Provost struct genlmsghdr *ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
322a7191e5dSKristof Provost ghdr_new->cmd = PFNL_CMD_GETCREATORS;
323a7191e5dSKristof Provost ghdr_new->version = 0;
324a7191e5dSKristof Provost ghdr_new->reserved = 0;
325a7191e5dSKristof Provost
326a7191e5dSKristof Provost nlattr_add_u32(nw, PF_ST_CREATORID, htonl(creator));
327a7191e5dSKristof Provost
328a7191e5dSKristof Provost if (nlmsg_end(nw))
329a7191e5dSKristof Provost return (0);
330a7191e5dSKristof Provost
331a7191e5dSKristof Provost enomem:
332a7191e5dSKristof Provost nlmsg_abort(nw);
333a7191e5dSKristof Provost return (ENOMEM);
334a7191e5dSKristof Provost }
335a7191e5dSKristof Provost
336a7191e5dSKristof Provost static int
pf_handle_getstates(struct nlmsghdr * hdr,struct nl_pstate * npt)3372cef6288SAlexander V. Chernikov pf_handle_getstates(struct nlmsghdr *hdr, struct nl_pstate *npt)
3382cef6288SAlexander V. Chernikov {
3392cef6288SAlexander V. Chernikov int error;
3402cef6288SAlexander V. Chernikov
3412cef6288SAlexander V. Chernikov struct nl_parsed_state attrs = {};
3422cef6288SAlexander V. Chernikov error = nl_parse_nlmsg(hdr, &state_parser, npt, &attrs);
3432cef6288SAlexander V. Chernikov if (error != 0)
3442cef6288SAlexander V. Chernikov return (error);
3452cef6288SAlexander V. Chernikov
3462cef6288SAlexander V. Chernikov if (attrs.id != 0)
3472cef6288SAlexander V. Chernikov error = handle_getstate(npt->nlp, &attrs, hdr, npt);
3482cef6288SAlexander V. Chernikov else
3492cef6288SAlexander V. Chernikov error = handle_dumpstates(npt->nlp, &attrs, hdr, npt);
3502cef6288SAlexander V. Chernikov
3512cef6288SAlexander V. Chernikov return (error);
3522cef6288SAlexander V. Chernikov }
3532cef6288SAlexander V. Chernikov
354a7191e5dSKristof Provost static int
pf_handle_getcreators(struct nlmsghdr * hdr,struct nl_pstate * npt)355a7191e5dSKristof Provost pf_handle_getcreators(struct nlmsghdr *hdr, struct nl_pstate *npt)
356a7191e5dSKristof Provost {
357a7191e5dSKristof Provost uint32_t creators[16];
358a7191e5dSKristof Provost int error = 0;
359a7191e5dSKristof Provost
360a7191e5dSKristof Provost bzero(creators, sizeof(creators));
361a7191e5dSKristof Provost
362271f1469SKristof Provost for (int i = 0; i < V_pf_hashmask; i++) {
363a7191e5dSKristof Provost struct pf_idhash *ih = &V_pf_idhash[i];
364a7191e5dSKristof Provost struct pf_kstate *s;
365a7191e5dSKristof Provost
366a7191e5dSKristof Provost if (LIST_EMPTY(&ih->states))
367a7191e5dSKristof Provost continue;
368a7191e5dSKristof Provost
369a7191e5dSKristof Provost PF_HASHROW_LOCK(ih);
370a7191e5dSKristof Provost LIST_FOREACH(s, &ih->states, entry) {
371a7191e5dSKristof Provost int j;
372a7191e5dSKristof Provost if (s->timeout == PFTM_UNLINKED)
373a7191e5dSKristof Provost continue;
374a7191e5dSKristof Provost
375a7191e5dSKristof Provost for (j = 0; j < nitems(creators); j++) {
376a7191e5dSKristof Provost if (creators[j] == s->creatorid)
377a7191e5dSKristof Provost break;
378a7191e5dSKristof Provost if (creators[j] == 0) {
379a7191e5dSKristof Provost creators[j] = s->creatorid;
380a7191e5dSKristof Provost break;
381a7191e5dSKristof Provost }
382a7191e5dSKristof Provost }
383a7191e5dSKristof Provost if (j == nitems(creators))
384a7191e5dSKristof Provost printf("Warning: too many creators!\n");
385a7191e5dSKristof Provost }
386a7191e5dSKristof Provost PF_HASHROW_UNLOCK(ih);
387a7191e5dSKristof Provost }
388a7191e5dSKristof Provost
389a7191e5dSKristof Provost hdr->nlmsg_flags |= NLM_F_MULTI;
390a7191e5dSKristof Provost for (int i = 0; i < nitems(creators); i++) {
391a7191e5dSKristof Provost if (creators[i] == 0)
392a7191e5dSKristof Provost break;
393a7191e5dSKristof Provost error = dump_creatorid(npt->nlp, hdr, creators[i], npt);
394a7191e5dSKristof Provost }
395a7191e5dSKristof Provost
396a7191e5dSKristof Provost if (!nlmsg_end_dump(npt->nw, error, hdr)) {
397a7191e5dSKristof Provost NL_LOG(LOG_DEBUG, "Unable to finalize the dump");
398a7191e5dSKristof Provost return (ENOMEM);
399a7191e5dSKristof Provost }
400a7191e5dSKristof Provost
401a7191e5dSKristof Provost return (error);
402a7191e5dSKristof Provost }
403a7191e5dSKristof Provost
40481647eb6SKristof Provost static int
pf_handle_start(struct nlmsghdr * hdr __unused,struct nl_pstate * npt __unused)40581647eb6SKristof Provost pf_handle_start(struct nlmsghdr *hdr __unused, struct nl_pstate *npt __unused)
40681647eb6SKristof Provost {
40781647eb6SKristof Provost return (pf_start());
40881647eb6SKristof Provost }
40981647eb6SKristof Provost
41081647eb6SKristof Provost static int
pf_handle_stop(struct nlmsghdr * hdr __unused,struct nl_pstate * npt __unused)41181647eb6SKristof Provost pf_handle_stop(struct nlmsghdr *hdr __unused, struct nl_pstate *npt __unused)
41281647eb6SKristof Provost {
41381647eb6SKristof Provost return (pf_stop());
41481647eb6SKristof Provost }
41581647eb6SKristof Provost
416ffbf2595SKristof Provost #define _OUT(_field) offsetof(struct pf_addr_wrap, _field)
417ffbf2595SKristof Provost static const struct nlattr_parser nla_p_addr_wrap[] = {
418ffbf2595SKristof Provost { .type = PF_AT_ADDR, .off = _OUT(v.a.addr), .cb = nlattr_get_in6_addr },
419ffbf2595SKristof Provost { .type = PF_AT_MASK, .off = _OUT(v.a.mask), .cb = nlattr_get_in6_addr },
420ffbf2595SKristof Provost { .type = PF_AT_IFNAME, .off = _OUT(v.ifname), .arg = (void *)IFNAMSIZ,.cb = nlattr_get_chara },
421ffbf2595SKristof Provost { .type = PF_AT_TABLENAME, .off = _OUT(v.tblname), .arg = (void *)PF_TABLE_NAME_SIZE, .cb = nlattr_get_chara },
422ffbf2595SKristof Provost { .type = PF_AT_TYPE, .off = _OUT(type), .cb = nlattr_get_uint8 },
423ffbf2595SKristof Provost { .type = PF_AT_IFLAGS, .off = _OUT(iflags), .cb = nlattr_get_uint8 },
424ffbf2595SKristof Provost };
425ffbf2595SKristof Provost NL_DECLARE_ATTR_PARSER(addr_wrap_parser, nla_p_addr_wrap);
426ffbf2595SKristof Provost #undef _OUT
427ffbf2595SKristof Provost
428777a4702SKristof Provost static bool
nlattr_add_addr_wrap(struct nl_writer * nw,int attrtype,struct pf_addr_wrap * a)429777a4702SKristof Provost nlattr_add_addr_wrap(struct nl_writer *nw, int attrtype, struct pf_addr_wrap *a)
430777a4702SKristof Provost {
431777a4702SKristof Provost int off = nlattr_add_nested(nw, attrtype);
432777a4702SKristof Provost
433777a4702SKristof Provost nlattr_add_in6_addr(nw, PF_AT_ADDR, &a->v.a.addr.v6);
434777a4702SKristof Provost nlattr_add_in6_addr(nw, PF_AT_MASK, &a->v.a.mask.v6);
435777a4702SKristof Provost nlattr_add_u8(nw, PF_AT_TYPE, a->type);
436777a4702SKristof Provost nlattr_add_u8(nw, PF_AT_IFLAGS, a->iflags);
437777a4702SKristof Provost
438777a4702SKristof Provost if (a->type == PF_ADDR_DYNIFTL) {
439777a4702SKristof Provost nlattr_add_string(nw, PF_AT_IFNAME, a->v.ifname);
4401fc0dac5SKajetan Staszkiewicz nlattr_add_u32(nw, PF_AT_DYNCNT, a->p.dyncnt);
441777a4702SKristof Provost } else if (a->type == PF_ADDR_TABLE) {
442777a4702SKristof Provost nlattr_add_string(nw, PF_AT_TABLENAME, a->v.tblname);
4431fc0dac5SKajetan Staszkiewicz nlattr_add_u32(nw, PF_AT_TBLCNT, a->p.tblcnt);
444777a4702SKristof Provost }
445777a4702SKristof Provost
446777a4702SKristof Provost nlattr_set_len(nw, off);
447777a4702SKristof Provost
448777a4702SKristof Provost return (true);
449777a4702SKristof Provost }
450777a4702SKristof Provost
451ffbf2595SKristof Provost #define _OUT(_field) offsetof(struct pf_rule_addr, _field)
452ffbf2595SKristof Provost static const struct nlattr_parser nla_p_ruleaddr[] = {
453ffbf2595SKristof Provost { .type = PF_RAT_ADDR, .off = _OUT(addr), .arg = &addr_wrap_parser, .cb = nlattr_get_nested },
454ffbf2595SKristof Provost { .type = PF_RAT_SRC_PORT, .off = _OUT(port[0]), .cb = nlattr_get_uint16 },
455ffbf2595SKristof Provost { .type = PF_RAT_DST_PORT, .off = _OUT(port[1]), .cb = nlattr_get_uint16 },
456ffbf2595SKristof Provost { .type = PF_RAT_NEG, .off = _OUT(neg), .cb = nlattr_get_uint8 },
457ffbf2595SKristof Provost { .type = PF_RAT_OP, .off = _OUT(port_op), .cb = nlattr_get_uint8 },
458ffbf2595SKristof Provost };
459ffbf2595SKristof Provost NL_DECLARE_ATTR_PARSER(rule_addr_parser, nla_p_ruleaddr);
460ffbf2595SKristof Provost #undef _OUT
461ffbf2595SKristof Provost
462777a4702SKristof Provost static bool
nlattr_add_rule_addr(struct nl_writer * nw,int attrtype,struct pf_rule_addr * r)463777a4702SKristof Provost nlattr_add_rule_addr(struct nl_writer *nw, int attrtype, struct pf_rule_addr *r)
464777a4702SKristof Provost {
4651fc0dac5SKajetan Staszkiewicz struct pf_addr_wrap aw = {0};
466777a4702SKristof Provost int off = nlattr_add_nested(nw, attrtype);
467777a4702SKristof Provost
4681fc0dac5SKajetan Staszkiewicz bcopy(&(r->addr), &aw, sizeof(struct pf_addr_wrap));
4691fc0dac5SKajetan Staszkiewicz pf_addr_copyout(&aw);
4701fc0dac5SKajetan Staszkiewicz
4711fc0dac5SKajetan Staszkiewicz nlattr_add_addr_wrap(nw, PF_RAT_ADDR, &aw);
472777a4702SKristof Provost nlattr_add_u16(nw, PF_RAT_SRC_PORT, r->port[0]);
473777a4702SKristof Provost nlattr_add_u16(nw, PF_RAT_DST_PORT, r->port[1]);
474777a4702SKristof Provost nlattr_add_u8(nw, PF_RAT_NEG, r->neg);
475777a4702SKristof Provost nlattr_add_u8(nw, PF_RAT_OP, r->port_op);
476777a4702SKristof Provost
477777a4702SKristof Provost nlattr_set_len(nw, off);
478777a4702SKristof Provost
479777a4702SKristof Provost return (true);
480777a4702SKristof Provost }
481777a4702SKristof Provost
482ffbf2595SKristof Provost #define _OUT(_field) offsetof(struct pf_mape_portset, _field)
483ffbf2595SKristof Provost static const struct nlattr_parser nla_p_mape_portset[] = {
484ffbf2595SKristof Provost { .type = PF_MET_OFFSET, .off = _OUT(offset), .cb = nlattr_get_uint8 },
485ffbf2595SKristof Provost { .type = PF_MET_PSID_LEN, .off = _OUT(psidlen), .cb = nlattr_get_uint8 },
486ffbf2595SKristof Provost {. type = PF_MET_PSID, .off = _OUT(psid), .cb = nlattr_get_uint16 },
487ffbf2595SKristof Provost };
488ffbf2595SKristof Provost NL_DECLARE_ATTR_PARSER(mape_portset_parser, nla_p_mape_portset);
489ffbf2595SKristof Provost #undef _OUT
490ffbf2595SKristof Provost
491777a4702SKristof Provost static bool
nlattr_add_mape_portset(struct nl_writer * nw,int attrtype,const struct pf_mape_portset * m)492777a4702SKristof Provost nlattr_add_mape_portset(struct nl_writer *nw, int attrtype, const struct pf_mape_portset *m)
493777a4702SKristof Provost {
494777a4702SKristof Provost int off = nlattr_add_nested(nw, attrtype);
495777a4702SKristof Provost
496777a4702SKristof Provost nlattr_add_u8(nw, PF_MET_OFFSET, m->offset);
497777a4702SKristof Provost nlattr_add_u8(nw, PF_MET_PSID_LEN, m->psidlen);
498777a4702SKristof Provost nlattr_add_u16(nw, PF_MET_PSID, m->psid);
499777a4702SKristof Provost
500777a4702SKristof Provost nlattr_set_len(nw, off);
501777a4702SKristof Provost
502777a4702SKristof Provost return (true);
503777a4702SKristof Provost }
504777a4702SKristof Provost
505ffbf2595SKristof Provost struct nl_parsed_labels
506ffbf2595SKristof Provost {
507ffbf2595SKristof Provost char labels[PF_RULE_MAX_LABEL_COUNT][PF_RULE_LABEL_SIZE];
508ffbf2595SKristof Provost uint32_t i;
509ffbf2595SKristof Provost };
510ffbf2595SKristof Provost
511ffbf2595SKristof Provost static int
nlattr_get_pf_rule_labels(struct nlattr * nla,struct nl_pstate * npt,const void * arg,void * target)512ffbf2595SKristof Provost nlattr_get_pf_rule_labels(struct nlattr *nla, struct nl_pstate *npt,
513ffbf2595SKristof Provost const void *arg, void *target)
514ffbf2595SKristof Provost {
515ffbf2595SKristof Provost struct nl_parsed_labels *l = (struct nl_parsed_labels *)target;
516ffbf2595SKristof Provost int ret;
517ffbf2595SKristof Provost
518ffbf2595SKristof Provost if (l->i >= PF_RULE_MAX_LABEL_COUNT)
519ffbf2595SKristof Provost return (E2BIG);
520ffbf2595SKristof Provost
521ffbf2595SKristof Provost ret = nlattr_get_chara(nla, npt, (void *)PF_RULE_LABEL_SIZE,
522ffbf2595SKristof Provost l->labels[l->i]);
523ffbf2595SKristof Provost if (ret == 0)
524ffbf2595SKristof Provost l->i++;
525ffbf2595SKristof Provost
526ffbf2595SKristof Provost return (ret);
527ffbf2595SKristof Provost }
528ffbf2595SKristof Provost
529ffbf2595SKristof Provost #define _OUT(_field) offsetof(struct nl_parsed_labels, _field)
530ffbf2595SKristof Provost static const struct nlattr_parser nla_p_labels[] = {
531ffbf2595SKristof Provost { .type = PF_LT_LABEL, .off = 0, .cb = nlattr_get_pf_rule_labels },
532ffbf2595SKristof Provost };
533ffbf2595SKristof Provost NL_DECLARE_ATTR_PARSER(rule_labels_parser, nla_p_labels);
534ffbf2595SKristof Provost #undef _OUT
535ffbf2595SKristof Provost
536ffbf2595SKristof Provost static int
nlattr_get_nested_pf_rule_labels(struct nlattr * nla,struct nl_pstate * npt,const void * arg,void * target)537ffbf2595SKristof Provost nlattr_get_nested_pf_rule_labels(struct nlattr *nla, struct nl_pstate *npt, const void *arg, void *target)
538ffbf2595SKristof Provost {
539ffbf2595SKristof Provost struct nl_parsed_labels parsed_labels = { };
540ffbf2595SKristof Provost int error;
541ffbf2595SKristof Provost
542ffbf2595SKristof Provost /* Assumes target points to the beginning of the structure */
543ffbf2595SKristof Provost error = nl_parse_header(NLA_DATA(nla), NLA_DATA_LEN(nla), &rule_labels_parser, npt, &parsed_labels);
544ffbf2595SKristof Provost if (error != 0)
545ffbf2595SKristof Provost return (error);
546ffbf2595SKristof Provost
54784ff9e91SKristof Provost memcpy(target, parsed_labels.labels, sizeof(parsed_labels.labels));
548ffbf2595SKristof Provost
549ffbf2595SKristof Provost return (0);
550ffbf2595SKristof Provost }
551ffbf2595SKristof Provost
552777a4702SKristof Provost static bool
nlattr_add_labels(struct nl_writer * nw,int attrtype,const struct pf_krule * r)553777a4702SKristof Provost nlattr_add_labels(struct nl_writer *nw, int attrtype, const struct pf_krule *r)
554777a4702SKristof Provost {
555777a4702SKristof Provost int off = nlattr_add_nested(nw, attrtype);
556777a4702SKristof Provost int i = 0;
557777a4702SKristof Provost
558777a4702SKristof Provost while (r->label[i][0] != 0
559777a4702SKristof Provost && i < PF_RULE_MAX_LABEL_COUNT) {
560777a4702SKristof Provost nlattr_add_string(nw, PF_LT_LABEL, r->label[i]);
561777a4702SKristof Provost i++;
562777a4702SKristof Provost }
563777a4702SKristof Provost
564777a4702SKristof Provost nlattr_set_len(nw, off);
565777a4702SKristof Provost
566777a4702SKristof Provost return (true);
567777a4702SKristof Provost }
568777a4702SKristof Provost
569ffbf2595SKristof Provost #define _OUT(_field) offsetof(struct pf_kpool, _field)
570ffbf2595SKristof Provost static const struct nlattr_parser nla_p_pool[] = {
571ffbf2595SKristof Provost { .type = PF_PT_KEY, .off = _OUT(key), .arg = (void *)sizeof(struct pf_poolhashkey), .cb = nlattr_get_bytes },
572ffbf2595SKristof Provost { .type = PF_PT_COUNTER, .off = _OUT(counter), .cb = nlattr_get_in6_addr },
573ffbf2595SKristof Provost { .type = PF_PT_TBLIDX, .off = _OUT(tblidx), .cb = nlattr_get_uint32 },
574ffbf2595SKristof Provost { .type = PF_PT_PROXY_SRC_PORT, .off = _OUT(proxy_port[0]), .cb = nlattr_get_uint16 },
575ffbf2595SKristof Provost { .type = PF_PT_PROXY_DST_PORT, .off = _OUT(proxy_port[1]), .cb = nlattr_get_uint16 },
576ffbf2595SKristof Provost { .type = PF_PT_OPTS, .off = _OUT(opts), .cb = nlattr_get_uint8 },
577ffbf2595SKristof Provost { .type = PF_PT_MAPE, .off = _OUT(mape), .arg = &mape_portset_parser, .cb = nlattr_get_nested },
578ffbf2595SKristof Provost };
579ffbf2595SKristof Provost NL_DECLARE_ATTR_PARSER(pool_parser, nla_p_pool);
580ffbf2595SKristof Provost #undef _OUT
581ffbf2595SKristof Provost
582777a4702SKristof Provost static bool
nlattr_add_pool(struct nl_writer * nw,int attrtype,const struct pf_kpool * pool)583777a4702SKristof Provost nlattr_add_pool(struct nl_writer *nw, int attrtype, const struct pf_kpool *pool)
584777a4702SKristof Provost {
585777a4702SKristof Provost int off = nlattr_add_nested(nw, attrtype);
586777a4702SKristof Provost
587777a4702SKristof Provost nlattr_add(nw, PF_PT_KEY, sizeof(struct pf_poolhashkey), &pool->key);
588777a4702SKristof Provost nlattr_add_in6_addr(nw, PF_PT_COUNTER, (const struct in6_addr *)&pool->counter);
589777a4702SKristof Provost nlattr_add_u32(nw, PF_PT_TBLIDX, pool->tblidx);
590777a4702SKristof Provost nlattr_add_u16(nw, PF_PT_PROXY_SRC_PORT, pool->proxy_port[0]);
591777a4702SKristof Provost nlattr_add_u16(nw, PF_PT_PROXY_DST_PORT, pool->proxy_port[1]);
592777a4702SKristof Provost nlattr_add_u8(nw, PF_PT_OPTS, pool->opts);
593777a4702SKristof Provost nlattr_add_mape_portset(nw, PF_PT_MAPE, &pool->mape);
594777a4702SKristof Provost
595777a4702SKristof Provost nlattr_set_len(nw, off);
596777a4702SKristof Provost
597777a4702SKristof Provost return (true);
598777a4702SKristof Provost }
599777a4702SKristof Provost
600ffbf2595SKristof Provost #define _OUT(_field) offsetof(struct pf_rule_uid, _field)
601ffbf2595SKristof Provost static const struct nlattr_parser nla_p_rule_uid[] = {
602ffbf2595SKristof Provost { .type = PF_RUT_UID_LOW, .off = _OUT(uid[0]), .cb = nlattr_get_uint32 },
603ffbf2595SKristof Provost { .type = PF_RUT_UID_HIGH, .off = _OUT(uid[1]), .cb = nlattr_get_uint32 },
604ffbf2595SKristof Provost { .type = PF_RUT_OP, .off = _OUT(op), .cb = nlattr_get_uint8 },
605ffbf2595SKristof Provost };
606ffbf2595SKristof Provost NL_DECLARE_ATTR_PARSER(rule_uid_parser, nla_p_rule_uid);
607ffbf2595SKristof Provost #undef _OUT
608ffbf2595SKristof Provost
609777a4702SKristof Provost static bool
nlattr_add_rule_uid(struct nl_writer * nw,int attrtype,const struct pf_rule_uid * u)610777a4702SKristof Provost nlattr_add_rule_uid(struct nl_writer *nw, int attrtype, const struct pf_rule_uid *u)
611777a4702SKristof Provost {
612777a4702SKristof Provost int off = nlattr_add_nested(nw, attrtype);
613777a4702SKristof Provost
614777a4702SKristof Provost nlattr_add_u32(nw, PF_RUT_UID_LOW, u->uid[0]);
615777a4702SKristof Provost nlattr_add_u32(nw, PF_RUT_UID_HIGH, u->uid[1]);
616777a4702SKristof Provost nlattr_add_u8(nw, PF_RUT_OP, u->op);
617777a4702SKristof Provost
618777a4702SKristof Provost nlattr_set_len(nw, off);
619777a4702SKristof Provost
620777a4702SKristof Provost return (true);
621777a4702SKristof Provost }
622777a4702SKristof Provost
623ffbf2595SKristof Provost struct nl_parsed_timeouts
624ffbf2595SKristof Provost {
625ffbf2595SKristof Provost uint32_t timeouts[PFTM_MAX];
626ffbf2595SKristof Provost uint32_t i;
627ffbf2595SKristof Provost };
628ffbf2595SKristof Provost
629ffbf2595SKristof Provost static int
nlattr_get_pf_timeout(struct nlattr * nla,struct nl_pstate * npt,const void * arg,void * target)630ffbf2595SKristof Provost nlattr_get_pf_timeout(struct nlattr *nla, struct nl_pstate *npt,
631ffbf2595SKristof Provost const void *arg, void *target)
632ffbf2595SKristof Provost {
633ffbf2595SKristof Provost struct nl_parsed_timeouts *t = (struct nl_parsed_timeouts *)target;
634ffbf2595SKristof Provost int ret;
635ffbf2595SKristof Provost
636ffbf2595SKristof Provost if (t->i >= PFTM_MAX)
637ffbf2595SKristof Provost return (E2BIG);
638ffbf2595SKristof Provost
639ffbf2595SKristof Provost ret = nlattr_get_uint32(nla, npt, NULL, &t->timeouts[t->i]);
640ffbf2595SKristof Provost if (ret == 0)
641ffbf2595SKristof Provost t->i++;
642ffbf2595SKristof Provost
643ffbf2595SKristof Provost return (ret);
644ffbf2595SKristof Provost }
645ffbf2595SKristof Provost
646ffbf2595SKristof Provost #define _OUT(_field) offsetof(struct nl_parsed_timeout, _field)
647ffbf2595SKristof Provost static const struct nlattr_parser nla_p_timeouts[] = {
648ffbf2595SKristof Provost { .type = PF_TT_TIMEOUT, .off = 0, .cb = nlattr_get_pf_timeout },
649ffbf2595SKristof Provost };
650ffbf2595SKristof Provost NL_DECLARE_ATTR_PARSER(timeout_parser, nla_p_timeouts);
651ffbf2595SKristof Provost #undef _OUT
652ffbf2595SKristof Provost
653ffbf2595SKristof Provost static int
nlattr_get_nested_timeouts(struct nlattr * nla,struct nl_pstate * npt,const void * arg,void * target)654ffbf2595SKristof Provost nlattr_get_nested_timeouts(struct nlattr *nla, struct nl_pstate *npt, const void *arg, void *target)
655ffbf2595SKristof Provost {
656ffbf2595SKristof Provost struct nl_parsed_timeouts parsed_timeouts = { };
657ffbf2595SKristof Provost int error;
658ffbf2595SKristof Provost
659ffbf2595SKristof Provost /* Assumes target points to the beginning of the structure */
660ffbf2595SKristof Provost error = nl_parse_header(NLA_DATA(nla), NLA_DATA_LEN(nla), &timeout_parser, npt, &parsed_timeouts);
661ffbf2595SKristof Provost if (error != 0)
662ffbf2595SKristof Provost return (error);
663ffbf2595SKristof Provost
664ffbf2595SKristof Provost memcpy(target, parsed_timeouts.timeouts, sizeof(parsed_timeouts.timeouts));
665ffbf2595SKristof Provost
666ffbf2595SKristof Provost return (0);
667ffbf2595SKristof Provost }
668ffbf2595SKristof Provost
669777a4702SKristof Provost static bool
nlattr_add_timeout(struct nl_writer * nw,int attrtype,uint32_t * timeout)670777a4702SKristof Provost nlattr_add_timeout(struct nl_writer *nw, int attrtype, uint32_t *timeout)
671777a4702SKristof Provost {
672777a4702SKristof Provost int off = nlattr_add_nested(nw, attrtype);
673777a4702SKristof Provost
674777a4702SKristof Provost for (int i = 0; i < PFTM_MAX; i++)
675777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_TIMEOUT, timeout[i]);
676777a4702SKristof Provost
677777a4702SKristof Provost nlattr_set_len(nw, off);
678777a4702SKristof Provost
679777a4702SKristof Provost return (true);
680777a4702SKristof Provost }
681777a4702SKristof Provost
682ffbf2595SKristof Provost #define _OUT(_field) offsetof(struct pf_krule, _field)
683ffbf2595SKristof Provost static const struct nlattr_parser nla_p_rule[] = {
684ffbf2595SKristof Provost { .type = PF_RT_SRC, .off = _OUT(src), .arg = &rule_addr_parser,.cb = nlattr_get_nested },
685ffbf2595SKristof Provost { .type = PF_RT_DST, .off = _OUT(dst), .arg = &rule_addr_parser,.cb = nlattr_get_nested },
686ffbf2595SKristof Provost { .type = PF_RT_RIDENTIFIER, .off = _OUT(ridentifier), .cb = nlattr_get_uint32 },
687ffbf2595SKristof Provost { .type = PF_RT_LABELS, .off = _OUT(label), .arg = &rule_labels_parser,.cb = nlattr_get_nested_pf_rule_labels },
688ffbf2595SKristof Provost { .type = PF_RT_IFNAME, .off = _OUT(ifname), .arg = (void *)IFNAMSIZ, .cb = nlattr_get_chara },
689ffbf2595SKristof Provost { .type = PF_RT_QNAME, .off = _OUT(qname), .arg = (void *)PF_QNAME_SIZE, .cb = nlattr_get_chara },
690ffbf2595SKristof Provost { .type = PF_RT_PQNAME, .off = _OUT(pqname), .arg = (void *)PF_QNAME_SIZE, .cb = nlattr_get_chara },
691ffbf2595SKristof Provost { .type = PF_RT_TAGNAME, .off = _OUT(tagname), .arg = (void *)PF_TAG_NAME_SIZE, .cb = nlattr_get_chara },
692ffbf2595SKristof Provost { .type = PF_RT_MATCH_TAGNAME, .off = _OUT(match_tagname), .arg = (void *)PF_TAG_NAME_SIZE, .cb = nlattr_get_chara },
693ffbf2595SKristof Provost { .type = PF_RT_OVERLOAD_TBLNAME, .off = _OUT(overload_tblname), .arg = (void *)PF_TABLE_NAME_SIZE, .cb = nlattr_get_chara },
694e11dacbfSKristof Provost { .type = PF_RT_RPOOL_RDR, .off = _OUT(rdr), .arg = &pool_parser, .cb = nlattr_get_nested },
695ffbf2595SKristof Provost { .type = PF_RT_OS_FINGERPRINT, .off = _OUT(os_fingerprint), .cb = nlattr_get_uint32 },
696ffbf2595SKristof Provost { .type = PF_RT_RTABLEID, .off = _OUT(rtableid), .cb = nlattr_get_uint32 },
697ffbf2595SKristof Provost { .type = PF_RT_TIMEOUT, .off = _OUT(timeout), .arg = &timeout_parser, .cb = nlattr_get_nested_timeouts },
698ffbf2595SKristof Provost { .type = PF_RT_MAX_STATES, .off = _OUT(max_states), .cb = nlattr_get_uint32 },
699ffbf2595SKristof Provost { .type = PF_RT_MAX_SRC_NODES, .off = _OUT(max_src_nodes), .cb = nlattr_get_uint32 },
700ffbf2595SKristof Provost { .type = PF_RT_MAX_SRC_STATES, .off = _OUT(max_src_states), .cb = nlattr_get_uint32 },
701ffbf2595SKristof Provost { .type = PF_RT_MAX_SRC_CONN_RATE_LIMIT, .off = _OUT(max_src_conn_rate.limit), .cb = nlattr_get_uint32 },
702ffbf2595SKristof Provost { .type = PF_RT_MAX_SRC_CONN_RATE_SECS, .off = _OUT(max_src_conn_rate.seconds), .cb = nlattr_get_uint32 },
703ffbf2595SKristof Provost { .type = PF_RT_DNPIPE, .off = _OUT(dnpipe), .cb = nlattr_get_uint16 },
704ffbf2595SKristof Provost { .type = PF_RT_DNRPIPE, .off = _OUT(dnrpipe), .cb = nlattr_get_uint16 },
705ffbf2595SKristof Provost { .type = PF_RT_DNFLAGS, .off = _OUT(free_flags), .cb = nlattr_get_uint32 },
706ffbf2595SKristof Provost { .type = PF_RT_NR, .off = _OUT(nr), .cb = nlattr_get_uint32 },
707ffbf2595SKristof Provost { .type = PF_RT_PROB, .off = _OUT(prob), .cb = nlattr_get_uint32 },
708ffbf2595SKristof Provost { .type = PF_RT_CUID, .off = _OUT(cuid), .cb = nlattr_get_uint32 },
709ffbf2595SKristof Provost {. type = PF_RT_CPID, .off = _OUT(cpid), .cb = nlattr_get_uint32 },
710ffbf2595SKristof Provost { .type = PF_RT_RETURN_ICMP, .off = _OUT(return_icmp), .cb = nlattr_get_uint16 },
711ffbf2595SKristof Provost { .type = PF_RT_RETURN_ICMP6, .off = _OUT(return_icmp6), .cb = nlattr_get_uint16 },
712ffbf2595SKristof Provost { .type = PF_RT_MAX_MSS, .off = _OUT(max_mss), .cb = nlattr_get_uint16 },
713ffbf2595SKristof Provost { .type = PF_RT_SCRUB_FLAGS, .off = _OUT(scrub_flags), .cb = nlattr_get_uint16 },
714ffbf2595SKristof Provost { .type = PF_RT_UID, .off = _OUT(uid), .arg = &rule_uid_parser, .cb = nlattr_get_nested },
715ffbf2595SKristof Provost { .type = PF_RT_GID, .off = _OUT(gid), .arg = &rule_uid_parser, .cb = nlattr_get_nested },
716ffbf2595SKristof Provost { .type = PF_RT_RULE_FLAG, .off = _OUT(rule_flag), .cb = nlattr_get_uint32 },
717ffbf2595SKristof Provost { .type = PF_RT_ACTION, .off = _OUT(action), .cb = nlattr_get_uint8 },
718ffbf2595SKristof Provost { .type = PF_RT_DIRECTION, .off = _OUT(direction), .cb = nlattr_get_uint8 },
719ffbf2595SKristof Provost { .type = PF_RT_LOG, .off = _OUT(log), .cb = nlattr_get_uint8 },
720ffbf2595SKristof Provost { .type = PF_RT_LOGIF, .off = _OUT(logif), .cb = nlattr_get_uint8 },
721ffbf2595SKristof Provost { .type = PF_RT_QUICK, .off = _OUT(quick), .cb = nlattr_get_uint8 },
722ffbf2595SKristof Provost { .type = PF_RT_IF_NOT, .off = _OUT(ifnot), .cb = nlattr_get_uint8 },
723ffbf2595SKristof Provost { .type = PF_RT_MATCH_TAG_NOT, .off = _OUT(match_tag_not), .cb = nlattr_get_uint8 },
724ffbf2595SKristof Provost { .type = PF_RT_NATPASS, .off = _OUT(natpass), .cb = nlattr_get_uint8 },
725ffbf2595SKristof Provost { .type = PF_RT_KEEP_STATE, .off = _OUT(keep_state), .cb = nlattr_get_uint8 },
726ffbf2595SKristof Provost { .type = PF_RT_AF, .off = _OUT(af), .cb = nlattr_get_uint8 },
727ffbf2595SKristof Provost { .type = PF_RT_PROTO, .off = _OUT(proto), .cb = nlattr_get_uint8 },
728ffbf2595SKristof Provost { .type = PF_RT_TYPE, .off = _OUT(type), .cb = nlattr_get_uint8 },
729ffbf2595SKristof Provost { .type = PF_RT_CODE, .off = _OUT(code), .cb = nlattr_get_uint8 },
730ffbf2595SKristof Provost { .type = PF_RT_FLAGS, .off = _OUT(flags), .cb = nlattr_get_uint8 },
731ffbf2595SKristof Provost { .type = PF_RT_FLAGSET, .off = _OUT(flagset), .cb = nlattr_get_uint8 },
732ffbf2595SKristof Provost { .type = PF_RT_MIN_TTL, .off = _OUT(min_ttl), .cb = nlattr_get_uint8 },
733ffbf2595SKristof Provost { .type = PF_RT_ALLOW_OPTS, .off = _OUT(allow_opts), .cb = nlattr_get_uint8 },
734ffbf2595SKristof Provost { .type = PF_RT_RT, .off = _OUT(rt), .cb = nlattr_get_uint8 },
735ffbf2595SKristof Provost { .type = PF_RT_RETURN_TTL, .off = _OUT(return_ttl), .cb = nlattr_get_uint8 },
736ffbf2595SKristof Provost { .type = PF_RT_TOS, .off = _OUT(tos), .cb = nlattr_get_uint8 },
737ffbf2595SKristof Provost { .type = PF_RT_SET_TOS, .off = _OUT(set_tos), .cb = nlattr_get_uint8 },
738ffbf2595SKristof Provost { .type = PF_RT_ANCHOR_RELATIVE, .off = _OUT(anchor_relative), .cb = nlattr_get_uint8 },
739ffbf2595SKristof Provost { .type = PF_RT_ANCHOR_WILDCARD, .off = _OUT(anchor_wildcard), .cb = nlattr_get_uint8 },
740ffbf2595SKristof Provost { .type = PF_RT_FLUSH, .off = _OUT(flush), .cb = nlattr_get_uint8 },
741ffbf2595SKristof Provost { .type = PF_RT_PRIO, .off = _OUT(prio), .cb = nlattr_get_uint8 },
742ffbf2595SKristof Provost { .type = PF_RT_SET_PRIO, .off = _OUT(set_prio[0]), .cb = nlattr_get_uint8 },
743ffbf2595SKristof Provost { .type = PF_RT_SET_PRIO_REPLY, .off = _OUT(set_prio[1]), .cb = nlattr_get_uint8 },
744ffbf2595SKristof Provost { .type = PF_RT_DIVERT_ADDRESS, .off = _OUT(divert.addr), .cb = nlattr_get_in6_addr },
745ffbf2595SKristof Provost { .type = PF_RT_DIVERT_PORT, .off = _OUT(divert.port), .cb = nlattr_get_uint16 },
7462339ead6SKristof Provost { .type = PF_RT_RCV_IFNAME, .off = _OUT(rcv_ifname), .arg = (void *)IFNAMSIZ, .cb = nlattr_get_chara },
7477fe42038SKajetan Staszkiewicz { .type = PF_RT_MAX_SRC_CONN, .off = _OUT(max_src_conn), .cb = nlattr_get_uint32 },
748e11dacbfSKristof Provost { .type = PF_RT_RPOOL_NAT, .off = _OUT(nat), .arg = &pool_parser, .cb = nlattr_get_nested },
749fcdb520cSKristof Provost { .type = PF_RT_NAF, .off = _OUT(naf), .cb = nlattr_get_uint8 },
7500972294eSKristof Provost { .type = PF_RT_RPOOL_RT, .off = _OUT(route), .arg = &pool_parser, .cb = nlattr_get_nested },
75167c19da0SKristof Provost { .type = PF_RT_RCV_IFNOT, .off = _OUT(rcvifnot), .cb = nlattr_get_bool },
752ffbf2595SKristof Provost };
753ffbf2595SKristof Provost NL_DECLARE_ATTR_PARSER(rule_parser, nla_p_rule);
754ffbf2595SKristof Provost #undef _OUT
755ffbf2595SKristof Provost struct nl_parsed_addrule {
756ffbf2595SKristof Provost struct pf_krule *rule;
757ffbf2595SKristof Provost uint32_t ticket;
758ffbf2595SKristof Provost uint32_t pool_ticket;
759ffbf2595SKristof Provost char *anchor;
760ffbf2595SKristof Provost char *anchor_call;
761ffbf2595SKristof Provost };
762ffbf2595SKristof Provost #define _OUT(_field) offsetof(struct nl_parsed_addrule, _field)
763ffbf2595SKristof Provost static const struct nlattr_parser nla_p_addrule[] = {
764ffbf2595SKristof Provost { .type = PF_ART_TICKET, .off = _OUT(ticket), .cb = nlattr_get_uint32 },
765ffbf2595SKristof Provost { .type = PF_ART_POOL_TICKET, .off = _OUT(pool_ticket), .cb = nlattr_get_uint32 },
766ffbf2595SKristof Provost { .type = PF_ART_ANCHOR, .off = _OUT(anchor), .cb = nlattr_get_string },
767ffbf2595SKristof Provost { .type = PF_ART_ANCHOR_CALL, .off = _OUT(anchor_call), .cb = nlattr_get_string },
768ffbf2595SKristof Provost { .type = PF_ART_RULE, .off = _OUT(rule), .arg = &rule_parser, .cb = nlattr_get_nested_ptr }
769ffbf2595SKristof Provost };
770ffbf2595SKristof Provost #undef _OUT
771e9255dafSGleb Smirnoff NL_DECLARE_PARSER(addrule_parser, struct genlmsghdr, nlf_p_empty, nla_p_addrule);
772ffbf2595SKristof Provost
773ffbf2595SKristof Provost static int
pf_handle_addrule(struct nlmsghdr * hdr,struct nl_pstate * npt)774ffbf2595SKristof Provost pf_handle_addrule(struct nlmsghdr *hdr, struct nl_pstate *npt)
775ffbf2595SKristof Provost {
776ffbf2595SKristof Provost int error;
777ffbf2595SKristof Provost struct nl_parsed_addrule attrs = {};
778ffbf2595SKristof Provost
779ffbf2595SKristof Provost attrs.rule = pf_krule_alloc();
780ffbf2595SKristof Provost
781ffbf2595SKristof Provost error = nl_parse_nlmsg(hdr, &addrule_parser, npt, &attrs);
782e249f5daSKristof Provost if (error != 0) {
783e249f5daSKristof Provost pf_free_rule(attrs.rule);
784ffbf2595SKristof Provost return (error);
785e249f5daSKristof Provost }
786ffbf2595SKristof Provost
787ffbf2595SKristof Provost error = pf_ioctl_addrule(attrs.rule, attrs.ticket, attrs.pool_ticket,
788ffbf2595SKristof Provost attrs.anchor, attrs.anchor_call, nlp_get_cred(npt->nlp)->cr_uid,
789ffbf2595SKristof Provost hdr->nlmsg_pid);
790ffbf2595SKristof Provost
791ffbf2595SKristof Provost return (error);
792ffbf2595SKristof Provost }
793ffbf2595SKristof Provost
79444f323ecSKristof Provost #define _OUT(_field) offsetof(struct pfioc_rule, _field)
79544f323ecSKristof Provost static const struct nlattr_parser nla_p_getrules[] = {
79644f323ecSKristof Provost { .type = PF_GR_ANCHOR, .off = _OUT(anchor), .arg = (void *)MAXPATHLEN, .cb = nlattr_get_chara },
79744f323ecSKristof Provost { .type = PF_GR_ACTION, .off = _OUT(rule.action), .cb = nlattr_get_uint8 },
79844f323ecSKristof Provost };
799777a4702SKristof Provost #undef _OUT
800e9255dafSGleb Smirnoff NL_DECLARE_PARSER(getrules_parser, struct genlmsghdr, nlf_p_empty, nla_p_getrules);
80144f323ecSKristof Provost
80244f323ecSKristof Provost static int
pf_handle_getrules(struct nlmsghdr * hdr,struct nl_pstate * npt)80344f323ecSKristof Provost pf_handle_getrules(struct nlmsghdr *hdr, struct nl_pstate *npt)
80444f323ecSKristof Provost {
80544f323ecSKristof Provost struct pfioc_rule attrs = {};
80644f323ecSKristof Provost int error;
80744f323ecSKristof Provost struct nl_writer *nw = npt->nw;
80844f323ecSKristof Provost struct genlmsghdr *ghdr_new;
80944f323ecSKristof Provost
81044f323ecSKristof Provost error = nl_parse_nlmsg(hdr, &getrules_parser, npt, &attrs);
81144f323ecSKristof Provost if (error != 0)
81244f323ecSKristof Provost return (error);
81344f323ecSKristof Provost
81444f323ecSKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
81544f323ecSKristof Provost return (ENOMEM);
81644f323ecSKristof Provost
81744f323ecSKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
81844f323ecSKristof Provost ghdr_new->cmd = PFNL_CMD_GETRULES;
81944f323ecSKristof Provost ghdr_new->version = 0;
82044f323ecSKristof Provost ghdr_new->reserved = 0;
82144f323ecSKristof Provost
82244f323ecSKristof Provost error = pf_ioctl_getrules(&attrs);
82344f323ecSKristof Provost if (error != 0)
82444f323ecSKristof Provost goto out;
82544f323ecSKristof Provost
82644f323ecSKristof Provost nlattr_add_u32(nw, PF_GR_NR, attrs.nr);
82744f323ecSKristof Provost nlattr_add_u32(nw, PF_GR_TICKET, attrs.ticket);
82844f323ecSKristof Provost
82944f323ecSKristof Provost if (!nlmsg_end(nw)) {
83044f323ecSKristof Provost error = ENOMEM;
83144f323ecSKristof Provost goto out;
83244f323ecSKristof Provost }
83344f323ecSKristof Provost
83444f323ecSKristof Provost return (0);
83544f323ecSKristof Provost
83644f323ecSKristof Provost out:
83744f323ecSKristof Provost nlmsg_abort(nw);
83844f323ecSKristof Provost return (error);
83944f323ecSKristof Provost }
84044f323ecSKristof Provost
841777a4702SKristof Provost struct nl_parsed_get_rule {
842777a4702SKristof Provost char anchor[MAXPATHLEN];
843777a4702SKristof Provost uint8_t action;
844777a4702SKristof Provost uint32_t nr;
845777a4702SKristof Provost uint32_t ticket;
846777a4702SKristof Provost uint8_t clear;
847777a4702SKristof Provost };
848777a4702SKristof Provost #define _OUT(_field) offsetof(struct nl_parsed_get_rule, _field)
849777a4702SKristof Provost static const struct nlattr_parser nla_p_getrule[] = {
850777a4702SKristof Provost { .type = PF_GR_ANCHOR, .off = _OUT(anchor), .arg = (void *)MAXPATHLEN, .cb = nlattr_get_chara },
851777a4702SKristof Provost { .type = PF_GR_ACTION, .off = _OUT(action), .cb = nlattr_get_uint8 },
852777a4702SKristof Provost { .type = PF_GR_NR, .off = _OUT(nr), .cb = nlattr_get_uint32 },
853777a4702SKristof Provost { .type = PF_GR_TICKET, .off = _OUT(ticket), .cb = nlattr_get_uint32 },
854777a4702SKristof Provost { .type = PF_GR_CLEAR, .off = _OUT(clear), .cb = nlattr_get_uint8 },
855777a4702SKristof Provost };
856706d465dSKristof Provost #undef _OUT
857e9255dafSGleb Smirnoff NL_DECLARE_PARSER(getrule_parser, struct genlmsghdr, nlf_p_empty, nla_p_getrule);
858777a4702SKristof Provost
859777a4702SKristof Provost static int
pf_handle_getrule(struct nlmsghdr * hdr,struct nl_pstate * npt)860777a4702SKristof Provost pf_handle_getrule(struct nlmsghdr *hdr, struct nl_pstate *npt)
861777a4702SKristof Provost {
862777a4702SKristof Provost char anchor_call[MAXPATHLEN];
863777a4702SKristof Provost struct nl_parsed_get_rule attrs = {};
864777a4702SKristof Provost struct nl_writer *nw = npt->nw;
865777a4702SKristof Provost struct genlmsghdr *ghdr_new;
866777a4702SKristof Provost struct pf_kruleset *ruleset;
867777a4702SKristof Provost struct pf_krule *rule;
86807e070efSKajetan Staszkiewicz u_int64_t src_nodes_total = 0;
869777a4702SKristof Provost int rs_num;
870777a4702SKristof Provost int error;
871777a4702SKristof Provost
872777a4702SKristof Provost error = nl_parse_nlmsg(hdr, &getrule_parser, npt, &attrs);
873777a4702SKristof Provost if (error != 0)
874777a4702SKristof Provost return (error);
875777a4702SKristof Provost
876777a4702SKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
877777a4702SKristof Provost return (ENOMEM);
878777a4702SKristof Provost
879777a4702SKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
880777a4702SKristof Provost ghdr_new->cmd = PFNL_CMD_GETRULE;
881777a4702SKristof Provost ghdr_new->version = 0;
882777a4702SKristof Provost ghdr_new->reserved = 0;
883777a4702SKristof Provost
884777a4702SKristof Provost PF_RULES_WLOCK();
885777a4702SKristof Provost ruleset = pf_find_kruleset(attrs.anchor);
886777a4702SKristof Provost if (ruleset == NULL) {
887777a4702SKristof Provost PF_RULES_WUNLOCK();
888777a4702SKristof Provost error = ENOENT;
889777a4702SKristof Provost goto out;
890777a4702SKristof Provost }
891777a4702SKristof Provost
892777a4702SKristof Provost rs_num = pf_get_ruleset_number(attrs.action);
893777a4702SKristof Provost if (rs_num >= PF_RULESET_MAX) {
894777a4702SKristof Provost PF_RULES_WUNLOCK();
895777a4702SKristof Provost error = EINVAL;
896777a4702SKristof Provost goto out;
897777a4702SKristof Provost }
898777a4702SKristof Provost
899777a4702SKristof Provost if (attrs.ticket != ruleset->rules[rs_num].active.ticket) {
900777a4702SKristof Provost PF_RULES_WUNLOCK();
901777a4702SKristof Provost error = EBUSY;
902777a4702SKristof Provost goto out;
903777a4702SKristof Provost }
904777a4702SKristof Provost
905777a4702SKristof Provost rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
906777a4702SKristof Provost while ((rule != NULL) && (rule->nr != attrs.nr))
907777a4702SKristof Provost rule = TAILQ_NEXT(rule, entries);
908777a4702SKristof Provost if (rule == NULL) {
909777a4702SKristof Provost PF_RULES_WUNLOCK();
910777a4702SKristof Provost error = EBUSY;
911777a4702SKristof Provost goto out;
912777a4702SKristof Provost }
913777a4702SKristof Provost
914777a4702SKristof Provost nlattr_add_rule_addr(nw, PF_RT_SRC, &rule->src);
915777a4702SKristof Provost nlattr_add_rule_addr(nw, PF_RT_DST, &rule->dst);
916777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_RIDENTIFIER, rule->ridentifier);
917777a4702SKristof Provost nlattr_add_labels(nw, PF_RT_LABELS, rule);
918777a4702SKristof Provost nlattr_add_string(nw, PF_RT_IFNAME, rule->ifname);
919777a4702SKristof Provost nlattr_add_string(nw, PF_RT_QNAME, rule->qname);
920777a4702SKristof Provost nlattr_add_string(nw, PF_RT_PQNAME, rule->pqname);
921777a4702SKristof Provost nlattr_add_string(nw, PF_RT_TAGNAME, rule->tagname);
922777a4702SKristof Provost nlattr_add_string(nw, PF_RT_MATCH_TAGNAME, rule->match_tagname);
923777a4702SKristof Provost nlattr_add_string(nw, PF_RT_OVERLOAD_TBLNAME, rule->overload_tblname);
924e11dacbfSKristof Provost nlattr_add_pool(nw, PF_RT_RPOOL_RDR, &rule->rdr);
925e11dacbfSKristof Provost nlattr_add_pool(nw, PF_RT_RPOOL_NAT, &rule->nat);
9260972294eSKristof Provost nlattr_add_pool(nw, PF_RT_RPOOL_RT, &rule->route);
927777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_OS_FINGERPRINT, rule->os_fingerprint);
928777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_RTABLEID, rule->rtableid);
929777a4702SKristof Provost nlattr_add_timeout(nw, PF_RT_TIMEOUT, rule->timeout);
930777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_MAX_STATES, rule->max_states);
931777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_MAX_SRC_NODES, rule->max_src_nodes);
932777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_MAX_SRC_STATES, rule->max_src_states);
9337fe42038SKajetan Staszkiewicz nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN, rule->max_src_conn);
934777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN_RATE_LIMIT, rule->max_src_conn_rate.limit);
935777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN_RATE_SECS, rule->max_src_conn_rate.seconds);
936777a4702SKristof Provost
937777a4702SKristof Provost nlattr_add_u16(nw, PF_RT_DNPIPE, rule->dnpipe);
938777a4702SKristof Provost nlattr_add_u16(nw, PF_RT_DNRPIPE, rule->dnrpipe);
939777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_DNFLAGS, rule->free_flags);
940777a4702SKristof Provost
941777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_NR, rule->nr);
942777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_PROB, rule->prob);
943777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_CUID, rule->cuid);
944777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_CPID, rule->cpid);
945777a4702SKristof Provost
946777a4702SKristof Provost nlattr_add_u16(nw, PF_RT_RETURN_ICMP, rule->return_icmp);
947777a4702SKristof Provost nlattr_add_u16(nw, PF_RT_RETURN_ICMP6, rule->return_icmp6);
948777a4702SKristof Provost nlattr_add_u16(nw, PF_RT_RETURN_ICMP6, rule->return_icmp6);
949777a4702SKristof Provost nlattr_add_u16(nw, PF_RT_MAX_MSS, rule->max_mss);
950777a4702SKristof Provost nlattr_add_u16(nw, PF_RT_SCRUB_FLAGS, rule->scrub_flags);
951777a4702SKristof Provost
952777a4702SKristof Provost nlattr_add_rule_uid(nw, PF_RT_UID, &rule->uid);
953777a4702SKristof Provost nlattr_add_rule_uid(nw, PF_RT_GID, (const struct pf_rule_uid *)&rule->gid);
954777a4702SKristof Provost
9552339ead6SKristof Provost nlattr_add_string(nw, PF_RT_RCV_IFNAME, rule->rcv_ifname);
95667c19da0SKristof Provost nlattr_add_bool(nw, PF_RT_RCV_IFNOT, rule->rcvifnot);
9572339ead6SKristof Provost
958777a4702SKristof Provost nlattr_add_u32(nw, PF_RT_RULE_FLAG, rule->rule_flag);
959777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_ACTION, rule->action);
960777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_DIRECTION, rule->direction);
961777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_LOG, rule->log);
962777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_LOGIF, rule->logif);
963777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_QUICK, rule->quick);
964777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_IF_NOT, rule->ifnot);
965777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_MATCH_TAG_NOT, rule->match_tag_not);
966777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_NATPASS, rule->natpass);
967777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_KEEP_STATE, rule->keep_state);
968777a4702SKristof Provost
969777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_AF, rule->af);
970fcdb520cSKristof Provost nlattr_add_u8(nw, PF_RT_NAF, rule->naf);
971777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_PROTO, rule->proto);
972777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_TYPE, rule->type);
973777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_CODE, rule->code);
974777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_FLAGS, rule->flags);
975777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_FLAGSET, rule->flagset);
976777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_MIN_TTL, rule->min_ttl);
977777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_ALLOW_OPTS, rule->allow_opts);
978777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_RT, rule->rt);
979777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_RETURN_TTL, rule->return_ttl);
980777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_TOS, rule->tos);
981777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_SET_TOS, rule->set_tos);
982777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_ANCHOR_RELATIVE, rule->anchor_relative);
983777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_ANCHOR_WILDCARD, rule->anchor_wildcard);
984777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_FLUSH, rule->flush);
985777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_PRIO, rule->prio);
986777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_SET_PRIO, rule->set_prio[0]);
987777a4702SKristof Provost nlattr_add_u8(nw, PF_RT_SET_PRIO_REPLY, rule->set_prio[1]);
988777a4702SKristof Provost
989777a4702SKristof Provost nlattr_add_in6_addr(nw, PF_RT_DIVERT_ADDRESS, &rule->divert.addr.v6);
990777a4702SKristof Provost nlattr_add_u16(nw, PF_RT_DIVERT_PORT, rule->divert.port);
991777a4702SKristof Provost
992777a4702SKristof Provost nlattr_add_u64(nw, PF_RT_PACKETS_IN, pf_counter_u64_fetch(&rule->packets[0]));
993777a4702SKristof Provost nlattr_add_u64(nw, PF_RT_PACKETS_OUT, pf_counter_u64_fetch(&rule->packets[1]));
994777a4702SKristof Provost nlattr_add_u64(nw, PF_RT_BYTES_IN, pf_counter_u64_fetch(&rule->bytes[0]));
995777a4702SKristof Provost nlattr_add_u64(nw, PF_RT_BYTES_OUT, pf_counter_u64_fetch(&rule->bytes[1]));
996777a4702SKristof Provost nlattr_add_u64(nw, PF_RT_EVALUATIONS, pf_counter_u64_fetch(&rule->evaluations));
997777a4702SKristof Provost nlattr_add_u64(nw, PF_RT_TIMESTAMP, pf_get_timestamp(rule));
998777a4702SKristof Provost nlattr_add_u64(nw, PF_RT_STATES_CUR, counter_u64_fetch(rule->states_cur));
999777a4702SKristof Provost nlattr_add_u64(nw, PF_RT_STATES_TOTAL, counter_u64_fetch(rule->states_tot));
100007e070efSKajetan Staszkiewicz for (pf_sn_types_t sn_type=0; sn_type<PF_SN_MAX; sn_type++)
100107e070efSKajetan Staszkiewicz src_nodes_total += counter_u64_fetch(rule->src_nodes[sn_type]);
100207e070efSKajetan Staszkiewicz nlattr_add_u64(nw, PF_RT_SRC_NODES, src_nodes_total);
100307e070efSKajetan Staszkiewicz nlattr_add_u64(nw, PF_RT_SRC_NODES_LIMIT, counter_u64_fetch(rule->src_nodes[PF_SN_LIMIT]));
100407e070efSKajetan Staszkiewicz nlattr_add_u64(nw, PF_RT_SRC_NODES_NAT, counter_u64_fetch(rule->src_nodes[PF_SN_NAT]));
100507e070efSKajetan Staszkiewicz nlattr_add_u64(nw, PF_RT_SRC_NODES_ROUTE, counter_u64_fetch(rule->src_nodes[PF_SN_ROUTE]));
1006777a4702SKristof Provost
10076ee3e376SKristof Provost error = pf_kanchor_copyout(ruleset, rule, anchor_call, sizeof(anchor_call));
1008777a4702SKristof Provost MPASS(error == 0);
1009777a4702SKristof Provost
1010777a4702SKristof Provost nlattr_add_string(nw, PF_RT_ANCHOR_CALL, anchor_call);
1011777a4702SKristof Provost
1012777a4702SKristof Provost if (attrs.clear)
1013777a4702SKristof Provost pf_krule_clear_counters(rule);
1014777a4702SKristof Provost
1015777a4702SKristof Provost PF_RULES_WUNLOCK();
1016777a4702SKristof Provost
1017777a4702SKristof Provost if (!nlmsg_end(nw)) {
1018777a4702SKristof Provost error = ENOMEM;
1019777a4702SKristof Provost goto out;
1020777a4702SKristof Provost }
1021777a4702SKristof Provost
1022777a4702SKristof Provost return (0);
1023777a4702SKristof Provost out:
1024777a4702SKristof Provost nlmsg_abort(nw);
1025777a4702SKristof Provost return (error);
1026777a4702SKristof Provost }
1027777a4702SKristof Provost
1028706d465dSKristof Provost #define _OUT(_field) offsetof(struct pf_kstate_kill, _field)
1029706d465dSKristof Provost static const struct nlattr_parser nla_p_clear_states[] = {
1030706d465dSKristof Provost { .type = PF_CS_CMP_ID, .off = _OUT(psk_pfcmp.id), .cb = nlattr_get_uint64 },
1031706d465dSKristof Provost { .type = PF_CS_CMP_CREATORID, .off = _OUT(psk_pfcmp.creatorid), .cb = nlattr_get_uint32 },
1032706d465dSKristof Provost { .type = PF_CS_CMP_DIR, .off = _OUT(psk_pfcmp.direction), .cb = nlattr_get_uint8 },
1033706d465dSKristof Provost { .type = PF_CS_AF, .off = _OUT(psk_af), .cb = nlattr_get_uint8 },
1034706d465dSKristof Provost { .type = PF_CS_PROTO, .off = _OUT(psk_proto), .cb = nlattr_get_uint8 },
1035706d465dSKristof Provost { .type = PF_CS_SRC, .off = _OUT(psk_src), .arg = &rule_addr_parser, .cb = nlattr_get_nested },
1036706d465dSKristof Provost { .type = PF_CS_DST, .off = _OUT(psk_dst), .arg = &rule_addr_parser, .cb = nlattr_get_nested },
1037706d465dSKristof Provost { .type = PF_CS_RT_ADDR, .off = _OUT(psk_rt_addr), .arg = &rule_addr_parser, .cb = nlattr_get_nested },
1038706d465dSKristof Provost { .type = PF_CS_IFNAME, .off = _OUT(psk_ifname), .arg = (void *)IFNAMSIZ, .cb = nlattr_get_chara },
1039706d465dSKristof Provost { .type = PF_CS_LABEL, .off = _OUT(psk_label), .arg = (void *)PF_RULE_LABEL_SIZE, .cb = nlattr_get_chara },
1040706d465dSKristof Provost { .type = PF_CS_KILL_MATCH, .off = _OUT(psk_kill_match), .cb = nlattr_get_bool },
1041706d465dSKristof Provost { .type = PF_CS_NAT, .off = _OUT(psk_nat), .cb = nlattr_get_bool },
1042706d465dSKristof Provost };
1043706d465dSKristof Provost #undef _OUT
1044e9255dafSGleb Smirnoff NL_DECLARE_PARSER(clear_states_parser, struct genlmsghdr, nlf_p_empty, nla_p_clear_states);
1045706d465dSKristof Provost
1046706d465dSKristof Provost static int
pf_handle_killclear_states(struct nlmsghdr * hdr,struct nl_pstate * npt,int cmd)1047706d465dSKristof Provost pf_handle_killclear_states(struct nlmsghdr *hdr, struct nl_pstate *npt, int cmd)
1048706d465dSKristof Provost {
1049706d465dSKristof Provost struct pf_kstate_kill kill = {};
1050706d465dSKristof Provost struct epoch_tracker et;
1051706d465dSKristof Provost struct nl_writer *nw = npt->nw;
1052706d465dSKristof Provost struct genlmsghdr *ghdr_new;
1053706d465dSKristof Provost int error;
1054706d465dSKristof Provost unsigned int killed = 0;
1055706d465dSKristof Provost
1056706d465dSKristof Provost error = nl_parse_nlmsg(hdr, &clear_states_parser, npt, &kill);
1057706d465dSKristof Provost if (error != 0)
1058706d465dSKristof Provost return (error);
1059706d465dSKristof Provost
1060706d465dSKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
1061706d465dSKristof Provost return (ENOMEM);
1062706d465dSKristof Provost
1063706d465dSKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
1064706d465dSKristof Provost ghdr_new->cmd = cmd;
1065706d465dSKristof Provost ghdr_new->version = 0;
1066706d465dSKristof Provost ghdr_new->reserved = 0;
1067706d465dSKristof Provost
1068706d465dSKristof Provost NET_EPOCH_ENTER(et);
1069706d465dSKristof Provost if (cmd == PFNL_CMD_KILLSTATES)
1070706d465dSKristof Provost pf_killstates(&kill, &killed);
1071706d465dSKristof Provost else
1072706d465dSKristof Provost killed = pf_clear_states(&kill);
1073706d465dSKristof Provost NET_EPOCH_EXIT(et);
1074706d465dSKristof Provost
1075706d465dSKristof Provost nlattr_add_u32(nw, PF_CS_KILLED, killed);
1076706d465dSKristof Provost
1077706d465dSKristof Provost if (! nlmsg_end(nw)) {
1078706d465dSKristof Provost error = ENOMEM;
1079706d465dSKristof Provost goto out;
1080706d465dSKristof Provost }
1081706d465dSKristof Provost
1082706d465dSKristof Provost return (0);
1083706d465dSKristof Provost
1084706d465dSKristof Provost out:
1085706d465dSKristof Provost nlmsg_abort(nw);
1086706d465dSKristof Provost return (error);
1087706d465dSKristof Provost }
1088706d465dSKristof Provost
1089706d465dSKristof Provost static int
pf_handle_clear_states(struct nlmsghdr * hdr,struct nl_pstate * npt)1090706d465dSKristof Provost pf_handle_clear_states(struct nlmsghdr *hdr, struct nl_pstate *npt)
1091706d465dSKristof Provost {
1092706d465dSKristof Provost return (pf_handle_killclear_states(hdr, npt, PFNL_CMD_CLRSTATES));
1093706d465dSKristof Provost }
1094706d465dSKristof Provost
1095706d465dSKristof Provost static int
pf_handle_kill_states(struct nlmsghdr * hdr,struct nl_pstate * npt)1096706d465dSKristof Provost pf_handle_kill_states(struct nlmsghdr *hdr, struct nl_pstate *npt)
1097706d465dSKristof Provost {
1098706d465dSKristof Provost return (pf_handle_killclear_states(hdr, npt, PFNL_CMD_KILLSTATES));
1099706d465dSKristof Provost }
1100706d465dSKristof Provost
1101470a2b33SKristof Provost struct nl_parsed_set_statusif {
1102470a2b33SKristof Provost char ifname[IFNAMSIZ];
1103470a2b33SKristof Provost };
1104470a2b33SKristof Provost #define _OUT(_field) offsetof(struct nl_parsed_set_statusif, _field)
1105470a2b33SKristof Provost static const struct nlattr_parser nla_p_set_statusif[] = {
1106470a2b33SKristof Provost { .type = PF_SS_IFNAME, .off = _OUT(ifname), .arg = (const void *)IFNAMSIZ, .cb = nlattr_get_chara },
1107470a2b33SKristof Provost };
1108470a2b33SKristof Provost #undef _OUT
1109e9255dafSGleb Smirnoff NL_DECLARE_PARSER(set_statusif_parser, struct genlmsghdr, nlf_p_empty, nla_p_set_statusif);
1110470a2b33SKristof Provost
1111470a2b33SKristof Provost static int
pf_handle_set_statusif(struct nlmsghdr * hdr,struct nl_pstate * npt)1112470a2b33SKristof Provost pf_handle_set_statusif(struct nlmsghdr *hdr, struct nl_pstate *npt)
1113470a2b33SKristof Provost {
1114470a2b33SKristof Provost int error;
1115470a2b33SKristof Provost struct nl_parsed_set_statusif attrs = {};
1116470a2b33SKristof Provost
1117470a2b33SKristof Provost error = nl_parse_nlmsg(hdr, &set_statusif_parser, npt, &attrs);
1118470a2b33SKristof Provost if (error != 0)
1119470a2b33SKristof Provost return (error);
1120470a2b33SKristof Provost
1121470a2b33SKristof Provost PF_RULES_WLOCK();
1122470a2b33SKristof Provost strlcpy(V_pf_status.ifname, attrs.ifname, IFNAMSIZ);
1123470a2b33SKristof Provost PF_RULES_WUNLOCK();
1124470a2b33SKristof Provost
1125470a2b33SKristof Provost return (0);
1126470a2b33SKristof Provost }
1127470a2b33SKristof Provost
11285824df8dSKristof Provost static bool
nlattr_add_counters(struct nl_writer * nw,int attr,size_t number,char ** names,counter_u64_t * counters)11295824df8dSKristof Provost nlattr_add_counters(struct nl_writer *nw, int attr, size_t number, char **names,
11305824df8dSKristof Provost counter_u64_t *counters)
11315824df8dSKristof Provost {
11325824df8dSKristof Provost for (int i = 0; i < number; i++) {
11335824df8dSKristof Provost int off = nlattr_add_nested(nw, attr);
11345824df8dSKristof Provost nlattr_add_u32(nw, PF_C_ID, i);
11355824df8dSKristof Provost nlattr_add_string(nw, PF_C_NAME, names[i]);
11365824df8dSKristof Provost nlattr_add_u64(nw, PF_C_COUNTER, counter_u64_fetch(counters[i]));
11375824df8dSKristof Provost nlattr_set_len(nw, off);
11385824df8dSKristof Provost }
11395824df8dSKristof Provost
11405824df8dSKristof Provost return (true);
11415824df8dSKristof Provost }
11425824df8dSKristof Provost
11435824df8dSKristof Provost static bool
nlattr_add_fcounters(struct nl_writer * nw,int attr,size_t number,char ** names,struct pf_counter_u64 * counters)11445824df8dSKristof Provost nlattr_add_fcounters(struct nl_writer *nw, int attr, size_t number, char **names,
11455824df8dSKristof Provost struct pf_counter_u64 *counters)
11465824df8dSKristof Provost {
11475824df8dSKristof Provost for (int i = 0; i < number; i++) {
11485824df8dSKristof Provost int off = nlattr_add_nested(nw, attr);
11495824df8dSKristof Provost nlattr_add_u32(nw, PF_C_ID, i);
11505824df8dSKristof Provost nlattr_add_string(nw, PF_C_NAME, names[i]);
11515824df8dSKristof Provost nlattr_add_u64(nw, PF_C_COUNTER, pf_counter_u64_fetch(&counters[i]));
11525824df8dSKristof Provost nlattr_set_len(nw, off);
11535824df8dSKristof Provost }
11545824df8dSKristof Provost
11555824df8dSKristof Provost return (true);
11565824df8dSKristof Provost }
11575824df8dSKristof Provost
11585824df8dSKristof Provost static bool
nlattr_add_u64_array(struct nl_writer * nw,int attr,size_t number,uint64_t * array)11595824df8dSKristof Provost nlattr_add_u64_array(struct nl_writer *nw, int attr, size_t number, uint64_t *array)
11605824df8dSKristof Provost {
11615824df8dSKristof Provost int off = nlattr_add_nested(nw, attr);
11625824df8dSKristof Provost
11635824df8dSKristof Provost for (size_t i = 0; i < number; i++)
11645824df8dSKristof Provost nlattr_add_u64(nw, 0, array[i]);
11655824df8dSKristof Provost
11665824df8dSKristof Provost nlattr_set_len(nw, off);
11675824df8dSKristof Provost
11685824df8dSKristof Provost return (true);
11695824df8dSKristof Provost }
11705824df8dSKristof Provost
11715824df8dSKristof Provost static int
pf_handle_get_status(struct nlmsghdr * hdr,struct nl_pstate * npt)11725824df8dSKristof Provost pf_handle_get_status(struct nlmsghdr *hdr, struct nl_pstate *npt)
11735824df8dSKristof Provost {
11745824df8dSKristof Provost struct pf_status s;
11755824df8dSKristof Provost struct nl_writer *nw = npt->nw;
11765824df8dSKristof Provost struct genlmsghdr *ghdr_new;
11775824df8dSKristof Provost char *pf_reasons[PFRES_MAX+1] = PFRES_NAMES;
11785824df8dSKristof Provost char *pf_lcounter[KLCNT_MAX+1] = KLCNT_NAMES;
11795824df8dSKristof Provost char *pf_fcounter[FCNT_MAX+1] = FCNT_NAMES;
11805824df8dSKristof Provost int error;
11815824df8dSKristof Provost
11825824df8dSKristof Provost PF_RULES_RLOCK_TRACKER;
11835824df8dSKristof Provost
11845824df8dSKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
11855824df8dSKristof Provost return (ENOMEM);
11865824df8dSKristof Provost
11875824df8dSKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
11885824df8dSKristof Provost ghdr_new->cmd = PFNL_CMD_GET_STATUS;
11895824df8dSKristof Provost ghdr_new->version = 0;
11905824df8dSKristof Provost ghdr_new->reserved = 0;
11915824df8dSKristof Provost
11925824df8dSKristof Provost PF_RULES_RLOCK();
11935824df8dSKristof Provost
11945824df8dSKristof Provost nlattr_add_string(nw, PF_GS_IFNAME, V_pf_status.ifname);
11955824df8dSKristof Provost nlattr_add_bool(nw, PF_GS_RUNNING, V_pf_status.running);
11965824df8dSKristof Provost nlattr_add_u32(nw, PF_GS_SINCE, V_pf_status.since);
11975824df8dSKristof Provost nlattr_add_u32(nw, PF_GS_DEBUG, V_pf_status.debug);
11985824df8dSKristof Provost nlattr_add_u32(nw, PF_GS_HOSTID, ntohl(V_pf_status.hostid));
11995824df8dSKristof Provost nlattr_add_u32(nw, PF_GS_STATES, V_pf_status.states);
12005824df8dSKristof Provost nlattr_add_u32(nw, PF_GS_SRC_NODES, V_pf_status.src_nodes);
12015824df8dSKristof Provost nlattr_add_u32(nw, PF_GS_REASSEMBLE, V_pf_status.reass);
12025824df8dSKristof Provost nlattr_add_u32(nw, PF_GS_SYNCOOKIES_ACTIVE, V_pf_status.syncookies_active);
12035824df8dSKristof Provost
12045824df8dSKristof Provost nlattr_add_counters(nw, PF_GS_COUNTERS, PFRES_MAX, pf_reasons,
12055824df8dSKristof Provost V_pf_status.counters);
12065824df8dSKristof Provost nlattr_add_counters(nw, PF_GS_LCOUNTERS, KLCNT_MAX, pf_lcounter,
12075824df8dSKristof Provost V_pf_status.lcounters);
12085824df8dSKristof Provost nlattr_add_fcounters(nw, PF_GS_FCOUNTERS, FCNT_MAX, pf_fcounter,
12095824df8dSKristof Provost V_pf_status.fcounters);
12105824df8dSKristof Provost nlattr_add_counters(nw, PF_GS_SCOUNTERS, SCNT_MAX, pf_fcounter,
12115824df8dSKristof Provost V_pf_status.scounters);
12125824df8dSKristof Provost
12135824df8dSKristof Provost pfi_update_status(V_pf_status.ifname, &s);
12145824df8dSKristof Provost nlattr_add_u64_array(nw, PF_GS_BCOUNTERS, 2 * 2, (uint64_t *)s.bcounters);
12155824df8dSKristof Provost nlattr_add_u64_array(nw, PF_GS_PCOUNTERS, 2 * 2 * 2, (uint64_t *)s.pcounters);
12165824df8dSKristof Provost
12175824df8dSKristof Provost nlattr_add(nw, PF_GS_CHKSUM, PF_MD5_DIGEST_LENGTH, V_pf_status.pf_chksum);
12185824df8dSKristof Provost
12195824df8dSKristof Provost PF_RULES_RUNLOCK();
12205824df8dSKristof Provost
12215824df8dSKristof Provost if (!nlmsg_end(nw)) {
12225824df8dSKristof Provost error = ENOMEM;
12235824df8dSKristof Provost goto out;
12245824df8dSKristof Provost }
12255824df8dSKristof Provost
12265824df8dSKristof Provost return (0);
12275824df8dSKristof Provost
12285824df8dSKristof Provost out:
12295824df8dSKristof Provost nlmsg_abort(nw);
12305824df8dSKristof Provost return (error);
12315824df8dSKristof Provost }
12325824df8dSKristof Provost
12339dbbe68bSKristof Provost static int
pf_handle_clear_status(struct nlmsghdr * hdr,struct nl_pstate * npt)12349dbbe68bSKristof Provost pf_handle_clear_status(struct nlmsghdr *hdr, struct nl_pstate *npt)
12359dbbe68bSKristof Provost {
12369dbbe68bSKristof Provost pf_ioctl_clear_status();
12379dbbe68bSKristof Provost
12389dbbe68bSKristof Provost return (0);
12399dbbe68bSKristof Provost }
12409dbbe68bSKristof Provost
124171d3c704SKristof Provost struct pf_nl_natlook {
124271d3c704SKristof Provost sa_family_t af;
124371d3c704SKristof Provost uint8_t direction;
124471d3c704SKristof Provost uint8_t proto;
124571d3c704SKristof Provost struct pf_addr src;
124671d3c704SKristof Provost struct pf_addr dst;
124771d3c704SKristof Provost uint16_t sport;
124871d3c704SKristof Provost uint16_t dport;
124971d3c704SKristof Provost };
125071d3c704SKristof Provost
125171d3c704SKristof Provost #define _OUT(_field) offsetof(struct pf_nl_natlook, _field)
125271d3c704SKristof Provost static const struct nlattr_parser nla_p_natlook[] = {
125371d3c704SKristof Provost { .type = PF_NL_AF, .off = _OUT(af), .cb = nlattr_get_uint8 },
125471d3c704SKristof Provost { .type = PF_NL_DIRECTION, .off = _OUT(direction), .cb = nlattr_get_uint8 },
125571d3c704SKristof Provost { .type = PF_NL_PROTO, .off = _OUT(proto), .cb = nlattr_get_uint8 },
125671d3c704SKristof Provost { .type = PF_NL_SRC_ADDR, .off = _OUT(src), .cb = nlattr_get_in6_addr },
125771d3c704SKristof Provost { .type = PF_NL_DST_ADDR, .off = _OUT(dst), .cb = nlattr_get_in6_addr },
125871d3c704SKristof Provost { .type = PF_NL_SRC_PORT, .off = _OUT(sport), .cb = nlattr_get_uint16 },
125971d3c704SKristof Provost { .type = PF_NL_DST_PORT, .off = _OUT(dport), .cb = nlattr_get_uint16 },
126071d3c704SKristof Provost };
126171d3c704SKristof Provost #undef _OUT
1262e9255dafSGleb Smirnoff NL_DECLARE_PARSER(natlook_parser, struct genlmsghdr, nlf_p_empty, nla_p_natlook);
126371d3c704SKristof Provost
126471d3c704SKristof Provost static int
pf_handle_natlook(struct nlmsghdr * hdr,struct nl_pstate * npt)126571d3c704SKristof Provost pf_handle_natlook(struct nlmsghdr *hdr, struct nl_pstate *npt)
126671d3c704SKristof Provost {
126771d3c704SKristof Provost struct pf_nl_natlook attrs = {};
126871d3c704SKristof Provost struct pf_state_key_cmp key = {};
126971d3c704SKristof Provost struct nl_writer *nw = npt->nw;
127071d3c704SKristof Provost struct pf_state_key *sk;
127171d3c704SKristof Provost struct pf_kstate *state;
127271d3c704SKristof Provost struct genlmsghdr *ghdr_new;
12734ee6a830SMark Johnston int error, m = 0;
127471d3c704SKristof Provost int sidx, didx;
127571d3c704SKristof Provost
127671d3c704SKristof Provost error = nl_parse_nlmsg(hdr, &natlook_parser, npt, &attrs);
127771d3c704SKristof Provost if (error != 0)
127871d3c704SKristof Provost return (error);
127971d3c704SKristof Provost
128071d3c704SKristof Provost if (attrs.proto == 0 ||
128171d3c704SKristof Provost PF_AZERO(&attrs.src, attrs.af) ||
128271d3c704SKristof Provost PF_AZERO(&attrs.dst, attrs.af) ||
128371d3c704SKristof Provost ((attrs.proto == IPPROTO_TCP || attrs.proto == IPPROTO_UDP) &&
128471d3c704SKristof Provost (attrs.sport == 0 || attrs.dport == 0)))
128571d3c704SKristof Provost return (EINVAL);
128671d3c704SKristof Provost
128771d3c704SKristof Provost /* NATLOOK src and dst are reversed, so reverse sidx/didx */
128871d3c704SKristof Provost sidx = (attrs.direction == PF_IN) ? 1 : 0;
128971d3c704SKristof Provost didx = (attrs.direction == PF_IN) ? 0 : 1;
129071d3c704SKristof Provost
129171d3c704SKristof Provost key.af = attrs.af;
129271d3c704SKristof Provost key.proto = attrs.proto;
129371d3c704SKristof Provost PF_ACPY(&key.addr[sidx], &attrs.src, attrs.af);
129471d3c704SKristof Provost key.port[sidx] = attrs.sport;
129571d3c704SKristof Provost PF_ACPY(&key.addr[didx], &attrs.dst, attrs.af);
129671d3c704SKristof Provost key.port[didx] = attrs.dport;
129771d3c704SKristof Provost
129871d3c704SKristof Provost state = pf_find_state_all(&key, attrs.direction, &m);
129971d3c704SKristof Provost if (state == NULL)
130071d3c704SKristof Provost return (ENOENT);
130171d3c704SKristof Provost if (m > 1) {
130271d3c704SKristof Provost PF_STATE_UNLOCK(state);
130371d3c704SKristof Provost return (E2BIG);
130471d3c704SKristof Provost }
130571d3c704SKristof Provost
130671d3c704SKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr))) {
130771d3c704SKristof Provost PF_STATE_UNLOCK(state);
130871d3c704SKristof Provost return (ENOMEM);
130971d3c704SKristof Provost }
131071d3c704SKristof Provost
131171d3c704SKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
131271d3c704SKristof Provost ghdr_new->cmd = PFNL_CMD_NATLOOK;
131371d3c704SKristof Provost ghdr_new->version = 0;
131471d3c704SKristof Provost ghdr_new->reserved = 0;
131571d3c704SKristof Provost
131671d3c704SKristof Provost sk = state->key[sidx];
131771d3c704SKristof Provost
131871d3c704SKristof Provost nlattr_add_in6_addr(nw, PF_NL_SRC_ADDR, &sk->addr[sidx].v6);
131971d3c704SKristof Provost nlattr_add_in6_addr(nw, PF_NL_DST_ADDR, &sk->addr[didx].v6);
132071d3c704SKristof Provost nlattr_add_u16(nw, PF_NL_SRC_PORT, sk->port[sidx]);
132171d3c704SKristof Provost nlattr_add_u16(nw, PF_NL_DST_PORT, sk->port[didx]);
132271d3c704SKristof Provost
132371d3c704SKristof Provost PF_STATE_UNLOCK(state);
132471d3c704SKristof Provost
132571d3c704SKristof Provost if (!nlmsg_end(nw)) {
132671d3c704SKristof Provost nlmsg_abort(nw);
132771d3c704SKristof Provost return (ENOMEM);
132871d3c704SKristof Provost }
132971d3c704SKristof Provost
133071d3c704SKristof Provost return (0);
133171d3c704SKristof Provost }
133271d3c704SKristof Provost
1333c36c90a2SKristof Provost struct pf_nl_set_debug
1334c36c90a2SKristof Provost {
1335c36c90a2SKristof Provost uint32_t level;
1336c36c90a2SKristof Provost };
1337c36c90a2SKristof Provost #define _OUT(_field) offsetof(struct pf_nl_set_debug, _field)
1338c36c90a2SKristof Provost static const struct nlattr_parser nla_p_set_debug[] = {
1339c36c90a2SKristof Provost { .type = PF_SD_LEVEL, .off = _OUT(level), .cb = nlattr_get_uint32 },
1340c36c90a2SKristof Provost };
1341c36c90a2SKristof Provost #undef _OUT
1342e9255dafSGleb Smirnoff NL_DECLARE_PARSER(set_debug_parser, struct genlmsghdr, nlf_p_empty, nla_p_set_debug);
1343c36c90a2SKristof Provost
1344c36c90a2SKristof Provost static int
pf_handle_set_debug(struct nlmsghdr * hdr,struct nl_pstate * npt)1345c36c90a2SKristof Provost pf_handle_set_debug(struct nlmsghdr *hdr, struct nl_pstate *npt)
1346c36c90a2SKristof Provost {
1347c36c90a2SKristof Provost struct pf_nl_set_debug attrs = {};
1348c36c90a2SKristof Provost int error;
1349c36c90a2SKristof Provost
1350c36c90a2SKristof Provost error = nl_parse_nlmsg(hdr, &set_debug_parser, npt, &attrs);
1351c36c90a2SKristof Provost if (error != 0)
1352c36c90a2SKristof Provost return (error);
1353c36c90a2SKristof Provost
1354c36c90a2SKristof Provost PF_RULES_WLOCK();
1355c36c90a2SKristof Provost V_pf_status.debug = attrs.level;
1356c36c90a2SKristof Provost PF_RULES_WUNLOCK();
1357c36c90a2SKristof Provost
1358c36c90a2SKristof Provost return (0);
1359c36c90a2SKristof Provost }
1360c36c90a2SKristof Provost
136130bad751SKristof Provost struct pf_nl_set_timeout
136230bad751SKristof Provost {
136330bad751SKristof Provost uint32_t timeout;
136430bad751SKristof Provost uint32_t seconds;
136530bad751SKristof Provost };
136630bad751SKristof Provost #define _OUT(_field) offsetof(struct pf_nl_set_timeout, _field)
136730bad751SKristof Provost static const struct nlattr_parser nla_p_set_timeout[] = {
136830bad751SKristof Provost { .type = PF_TO_TIMEOUT, .off = _OUT(timeout), .cb = nlattr_get_uint32 },
136930bad751SKristof Provost { .type = PF_TO_SECONDS, .off = _OUT(seconds), .cb = nlattr_get_uint32 },
137030bad751SKristof Provost };
137130bad751SKristof Provost #undef _OUT
1372e9255dafSGleb Smirnoff NL_DECLARE_PARSER(set_timeout_parser, struct genlmsghdr, nlf_p_empty, nla_p_set_timeout);
137330bad751SKristof Provost
137430bad751SKristof Provost static int
pf_handle_set_timeout(struct nlmsghdr * hdr,struct nl_pstate * npt)137530bad751SKristof Provost pf_handle_set_timeout(struct nlmsghdr *hdr, struct nl_pstate *npt)
137630bad751SKristof Provost {
137730bad751SKristof Provost struct pf_nl_set_timeout attrs = {};
137830bad751SKristof Provost int error;
137930bad751SKristof Provost
138030bad751SKristof Provost error = nl_parse_nlmsg(hdr, &set_timeout_parser, npt, &attrs);
138130bad751SKristof Provost if (error != 0)
138230bad751SKristof Provost return (error);
138330bad751SKristof Provost
138430bad751SKristof Provost return (pf_ioctl_set_timeout(attrs.timeout, attrs.seconds, NULL));
138530bad751SKristof Provost }
138630bad751SKristof Provost
138730bad751SKristof Provost static int
pf_handle_get_timeout(struct nlmsghdr * hdr,struct nl_pstate * npt)138830bad751SKristof Provost pf_handle_get_timeout(struct nlmsghdr *hdr, struct nl_pstate *npt)
138930bad751SKristof Provost {
139030bad751SKristof Provost struct pf_nl_set_timeout attrs = {};
139130bad751SKristof Provost struct nl_writer *nw = npt->nw;
139230bad751SKristof Provost struct genlmsghdr *ghdr_new;
139330bad751SKristof Provost int error;
139430bad751SKristof Provost
139530bad751SKristof Provost error = nl_parse_nlmsg(hdr, &set_timeout_parser, npt, &attrs);
139630bad751SKristof Provost if (error != 0)
139730bad751SKristof Provost return (error);
139830bad751SKristof Provost
139930bad751SKristof Provost error = pf_ioctl_get_timeout(attrs.timeout, &attrs.seconds);
140030bad751SKristof Provost if (error != 0)
140130bad751SKristof Provost return (error);
140230bad751SKristof Provost
140330bad751SKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
140430bad751SKristof Provost return (ENOMEM);
140530bad751SKristof Provost
140630bad751SKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
140730bad751SKristof Provost ghdr_new->cmd = PFNL_CMD_GET_TIMEOUT;
140830bad751SKristof Provost ghdr_new->version = 0;
140930bad751SKristof Provost ghdr_new->reserved = 0;
141030bad751SKristof Provost
141130bad751SKristof Provost nlattr_add_u32(nw, PF_TO_SECONDS, attrs.seconds);
141230bad751SKristof Provost
141330bad751SKristof Provost if (!nlmsg_end(nw)) {
141430bad751SKristof Provost nlmsg_abort(nw);
141530bad751SKristof Provost return (ENOMEM);
141630bad751SKristof Provost }
141730bad751SKristof Provost
141830bad751SKristof Provost return (0);
141930bad751SKristof Provost }
142030bad751SKristof Provost
1421d9ab8999SKristof Provost struct pf_nl_set_limit
1422d9ab8999SKristof Provost {
1423d9ab8999SKristof Provost uint32_t index;
1424d9ab8999SKristof Provost uint32_t limit;
1425d9ab8999SKristof Provost };
1426d9ab8999SKristof Provost #define _OUT(_field) offsetof(struct pf_nl_set_limit, _field)
1427d9ab8999SKristof Provost static const struct nlattr_parser nla_p_set_limit[] = {
1428d9ab8999SKristof Provost { .type = PF_LI_INDEX, .off = _OUT(index), .cb = nlattr_get_uint32 },
1429d9ab8999SKristof Provost { .type = PF_LI_LIMIT, .off = _OUT(limit), .cb = nlattr_get_uint32 },
1430d9ab8999SKristof Provost };
1431d9ab8999SKristof Provost #undef _OUT
1432e9255dafSGleb Smirnoff NL_DECLARE_PARSER(set_limit_parser, struct genlmsghdr, nlf_p_empty, nla_p_set_limit);
1433d9ab8999SKristof Provost
1434d9ab8999SKristof Provost static int
pf_handle_set_limit(struct nlmsghdr * hdr,struct nl_pstate * npt)1435d9ab8999SKristof Provost pf_handle_set_limit(struct nlmsghdr *hdr, struct nl_pstate *npt)
1436d9ab8999SKristof Provost {
1437d9ab8999SKristof Provost struct pf_nl_set_limit attrs = {};
1438d9ab8999SKristof Provost int error;
1439d9ab8999SKristof Provost
1440d9ab8999SKristof Provost error = nl_parse_nlmsg(hdr, &set_limit_parser, npt, &attrs);
1441d9ab8999SKristof Provost if (error != 0)
1442d9ab8999SKristof Provost return (error);
1443d9ab8999SKristof Provost
1444d9ab8999SKristof Provost return (pf_ioctl_set_limit(attrs.index, attrs.limit, NULL));
1445d9ab8999SKristof Provost }
1446d9ab8999SKristof Provost
1447d9ab8999SKristof Provost static int
pf_handle_get_limit(struct nlmsghdr * hdr,struct nl_pstate * npt)1448d9ab8999SKristof Provost pf_handle_get_limit(struct nlmsghdr *hdr, struct nl_pstate *npt)
1449d9ab8999SKristof Provost {
1450d9ab8999SKristof Provost struct pf_nl_set_limit attrs = {};
1451d9ab8999SKristof Provost struct nl_writer *nw = npt->nw;
1452d9ab8999SKristof Provost struct genlmsghdr *ghdr_new;
1453d9ab8999SKristof Provost int error;
1454d9ab8999SKristof Provost
1455d9ab8999SKristof Provost error = nl_parse_nlmsg(hdr, &set_limit_parser, npt, &attrs);
1456d9ab8999SKristof Provost if (error != 0)
1457d9ab8999SKristof Provost return (error);
1458d9ab8999SKristof Provost
1459d9ab8999SKristof Provost error = pf_ioctl_get_limit(attrs.index, &attrs.limit);
1460d9ab8999SKristof Provost if (error != 0)
1461d9ab8999SKristof Provost return (error);
1462d9ab8999SKristof Provost
1463d9ab8999SKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
1464d9ab8999SKristof Provost return (ENOMEM);
1465d9ab8999SKristof Provost
1466d9ab8999SKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
1467d9ab8999SKristof Provost ghdr_new->cmd = PFNL_CMD_GET_LIMIT;
1468d9ab8999SKristof Provost ghdr_new->version = 0;
1469d9ab8999SKristof Provost ghdr_new->reserved = 0;
1470d9ab8999SKristof Provost
1471d9ab8999SKristof Provost nlattr_add_u32(nw, PF_LI_LIMIT, attrs.limit);
1472d9ab8999SKristof Provost
1473d9ab8999SKristof Provost if (!nlmsg_end(nw)) {
1474d9ab8999SKristof Provost nlmsg_abort(nw);
1475d9ab8999SKristof Provost return (ENOMEM);
1476d9ab8999SKristof Provost }
1477d9ab8999SKristof Provost
1478d9ab8999SKristof Provost return (0);
1479d9ab8999SKristof Provost }
1480d9ab8999SKristof Provost
1481ba2a9207SKristof Provost static int
pf_handle_begin_addrs(struct nlmsghdr * hdr,struct nl_pstate * npt)1482ba2a9207SKristof Provost pf_handle_begin_addrs(struct nlmsghdr *hdr, struct nl_pstate *npt)
1483ba2a9207SKristof Provost {
1484ba2a9207SKristof Provost struct nl_writer *nw = npt->nw;
1485ba2a9207SKristof Provost struct genlmsghdr *ghdr_new;
1486ba2a9207SKristof Provost uint32_t ticket;
1487ba2a9207SKristof Provost int error;
1488ba2a9207SKristof Provost
1489ba2a9207SKristof Provost error = pf_ioctl_begin_addrs(&ticket);
1490ba2a9207SKristof Provost if (error != 0)
1491ba2a9207SKristof Provost return (error);
1492ba2a9207SKristof Provost
1493ba2a9207SKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
1494ba2a9207SKristof Provost return (ENOMEM);
1495ba2a9207SKristof Provost
1496ba2a9207SKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
1497ba2a9207SKristof Provost ghdr_new->cmd = PFNL_CMD_BEGIN_ADDRS;
1498ba2a9207SKristof Provost ghdr_new->version = 0;
1499ba2a9207SKristof Provost ghdr_new->reserved = 0;
1500ba2a9207SKristof Provost
1501ba2a9207SKristof Provost nlattr_add_u32(nw, PF_BA_TICKET, ticket);
1502ba2a9207SKristof Provost
1503ba2a9207SKristof Provost if (!nlmsg_end(nw)) {
1504ba2a9207SKristof Provost nlmsg_abort(nw);
1505ba2a9207SKristof Provost return (ENOMEM);
1506ba2a9207SKristof Provost }
1507ba2a9207SKristof Provost
1508ba2a9207SKristof Provost return (0);
1509ba2a9207SKristof Provost }
1510ba2a9207SKristof Provost
1511644b7b5aSKristof Provost static bool
nlattr_add_pool_addr(struct nl_writer * nw,int attrtype,struct pf_pooladdr * a)1512644b7b5aSKristof Provost nlattr_add_pool_addr(struct nl_writer *nw, int attrtype, struct pf_pooladdr *a)
1513644b7b5aSKristof Provost {
1514644b7b5aSKristof Provost int off;
1515644b7b5aSKristof Provost
1516644b7b5aSKristof Provost off = nlattr_add_nested(nw, attrtype);
1517644b7b5aSKristof Provost
1518644b7b5aSKristof Provost nlattr_add_addr_wrap(nw, PF_PA_ADDR, &a->addr);
1519644b7b5aSKristof Provost nlattr_add_string(nw, PF_PA_IFNAME, a->ifname);
1520644b7b5aSKristof Provost
1521644b7b5aSKristof Provost nlattr_set_len(nw, off);
1522644b7b5aSKristof Provost
1523644b7b5aSKristof Provost return (true);
1524644b7b5aSKristof Provost }
1525644b7b5aSKristof Provost
1526d909f06bSKristof Provost #define _OUT(_field) offsetof(struct pf_pooladdr, _field)
1527d909f06bSKristof Provost static const struct nlattr_parser nla_p_pool_addr[] = {
1528d909f06bSKristof Provost { .type = PF_PA_ADDR, .off = _OUT(addr), .arg = &addr_wrap_parser, .cb = nlattr_get_nested },
1529d909f06bSKristof Provost { .type = PF_PA_IFNAME, .off = _OUT(ifname), .arg = (void *)IFNAMSIZ, .cb = nlattr_get_chara },
1530d909f06bSKristof Provost };
1531d909f06bSKristof Provost NL_DECLARE_ATTR_PARSER(pool_addr_parser, nla_p_pool_addr);
1532d909f06bSKristof Provost #undef _OUT
1533d909f06bSKristof Provost
1534e11dacbfSKristof Provost #define _OUT(_field) offsetof(struct pf_nl_pooladdr, _field)
1535d909f06bSKristof Provost static const struct nlattr_parser nla_p_add_addr[] = {
1536d909f06bSKristof Provost { .type = PF_AA_ACTION, .off = _OUT(action), .cb = nlattr_get_uint32 },
1537d909f06bSKristof Provost { .type = PF_AA_TICKET, .off = _OUT(ticket), .cb = nlattr_get_uint32 },
1538d909f06bSKristof Provost { .type = PF_AA_NR, .off = _OUT(nr), .cb = nlattr_get_uint32 },
1539d909f06bSKristof Provost { .type = PF_AA_R_NUM, .off = _OUT(r_num), .cb = nlattr_get_uint32 },
1540d909f06bSKristof Provost { .type = PF_AA_R_ACTION, .off = _OUT(r_action), .cb = nlattr_get_uint8 },
1541d909f06bSKristof Provost { .type = PF_AA_R_LAST, .off = _OUT(r_last), .cb = nlattr_get_uint8 },
1542d909f06bSKristof Provost { .type = PF_AA_AF, .off = _OUT(af), .cb = nlattr_get_uint8 },
1543d909f06bSKristof Provost { .type = PF_AA_ANCHOR, .off = _OUT(anchor), .arg = (void *)MAXPATHLEN, .cb = nlattr_get_chara },
1544d909f06bSKristof Provost { .type = PF_AA_ADDR, .off = _OUT(addr), .arg = &pool_addr_parser, .cb = nlattr_get_nested },
1545e11dacbfSKristof Provost { .type = PF_AA_WHICH, .off = _OUT(which), .cb = nlattr_get_uint32 },
1546d909f06bSKristof Provost };
1547d909f06bSKristof Provost #undef _OUT
1548e9255dafSGleb Smirnoff NL_DECLARE_PARSER(add_addr_parser, struct genlmsghdr, nlf_p_empty, nla_p_add_addr);
1549d909f06bSKristof Provost
1550d909f06bSKristof Provost static int
pf_handle_add_addr(struct nlmsghdr * hdr,struct nl_pstate * npt)1551d909f06bSKristof Provost pf_handle_add_addr(struct nlmsghdr *hdr, struct nl_pstate *npt)
1552d909f06bSKristof Provost {
1553e11dacbfSKristof Provost struct pf_nl_pooladdr attrs = { 0 };
1554d909f06bSKristof Provost int error;
1555d909f06bSKristof Provost
1556d909f06bSKristof Provost error = nl_parse_nlmsg(hdr, &add_addr_parser, npt, &attrs);
1557d909f06bSKristof Provost if (error != 0)
1558d909f06bSKristof Provost return (error);
1559d909f06bSKristof Provost
1560e11dacbfSKristof Provost if (attrs.which == 0)
1561e11dacbfSKristof Provost attrs.which = PF_RDR;
1562e11dacbfSKristof Provost
1563d909f06bSKristof Provost error = pf_ioctl_add_addr(&attrs);
1564d909f06bSKristof Provost
1565d909f06bSKristof Provost return (error);
1566d909f06bSKristof Provost }
1567d909f06bSKristof Provost
1568644b7b5aSKristof Provost static int
pf_handle_get_addrs(struct nlmsghdr * hdr,struct nl_pstate * npt)1569644b7b5aSKristof Provost pf_handle_get_addrs(struct nlmsghdr *hdr, struct nl_pstate *npt)
1570644b7b5aSKristof Provost {
1571e11dacbfSKristof Provost struct pf_nl_pooladdr attrs = { 0 };
1572644b7b5aSKristof Provost struct nl_writer *nw = npt->nw;
1573644b7b5aSKristof Provost struct genlmsghdr *ghdr_new;
1574644b7b5aSKristof Provost int error;
1575644b7b5aSKristof Provost
1576644b7b5aSKristof Provost error = nl_parse_nlmsg(hdr, &add_addr_parser, npt, &attrs);
1577644b7b5aSKristof Provost if (error != 0)
1578644b7b5aSKristof Provost return (error);
1579644b7b5aSKristof Provost
1580e11dacbfSKristof Provost if (attrs.which == 0)
1581e11dacbfSKristof Provost attrs.which = PF_RDR;
1582e11dacbfSKristof Provost
1583644b7b5aSKristof Provost error = pf_ioctl_get_addrs(&attrs);
1584644b7b5aSKristof Provost if (error != 0)
1585644b7b5aSKristof Provost return (error);
1586644b7b5aSKristof Provost
1587644b7b5aSKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
1588644b7b5aSKristof Provost return (ENOMEM);
1589644b7b5aSKristof Provost
1590644b7b5aSKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
1591644b7b5aSKristof Provost ghdr_new->cmd = PFNL_CMD_GET_ADDRS;
1592644b7b5aSKristof Provost ghdr_new->version = 0;
1593644b7b5aSKristof Provost ghdr_new->reserved = 0;
1594644b7b5aSKristof Provost
1595644b7b5aSKristof Provost nlattr_add_u32(nw, PF_AA_NR, attrs.nr);
1596644b7b5aSKristof Provost
1597644b7b5aSKristof Provost if (!nlmsg_end(nw)) {
1598644b7b5aSKristof Provost nlmsg_abort(nw);
1599644b7b5aSKristof Provost return (ENOMEM);
1600644b7b5aSKristof Provost }
1601644b7b5aSKristof Provost
1602644b7b5aSKristof Provost return (error);
1603644b7b5aSKristof Provost }
1604644b7b5aSKristof Provost
16059ae91f59SKristof Provost static int
pf_handle_get_addr(struct nlmsghdr * hdr,struct nl_pstate * npt)16069ae91f59SKristof Provost pf_handle_get_addr(struct nlmsghdr *hdr, struct nl_pstate *npt)
16079ae91f59SKristof Provost {
1608e11dacbfSKristof Provost struct pf_nl_pooladdr attrs = { 0 };
16099ae91f59SKristof Provost struct nl_writer *nw = npt->nw;
16109ae91f59SKristof Provost struct genlmsghdr *ghdr_new;
16119ae91f59SKristof Provost int error;
16129ae91f59SKristof Provost
16139ae91f59SKristof Provost error = nl_parse_nlmsg(hdr, &add_addr_parser, npt, &attrs);
16149ae91f59SKristof Provost if (error != 0)
16159ae91f59SKristof Provost return (error);
16169ae91f59SKristof Provost
1617e11dacbfSKristof Provost if (attrs.which == 0)
1618e11dacbfSKristof Provost attrs.which = PF_RDR;
1619e11dacbfSKristof Provost
16209ae91f59SKristof Provost error = pf_ioctl_get_addr(&attrs);
16219ae91f59SKristof Provost if (error != 0)
16229ae91f59SKristof Provost return (error);
16239ae91f59SKristof Provost
16249ae91f59SKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
16259ae91f59SKristof Provost return (ENOMEM);
16269ae91f59SKristof Provost
16279ae91f59SKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
16283f6a34caSKristof Provost ghdr_new->cmd = PFNL_CMD_GET_ADDR;
16299ae91f59SKristof Provost ghdr_new->version = 0;
16309ae91f59SKristof Provost ghdr_new->reserved = 0;
16319ae91f59SKristof Provost
16329ae91f59SKristof Provost nlattr_add_u32(nw, PF_AA_ACTION, attrs.action);
16339ae91f59SKristof Provost nlattr_add_u32(nw, PF_AA_TICKET, attrs.ticket);
16349ae91f59SKristof Provost nlattr_add_u32(nw, PF_AA_NR, attrs.nr);
16359ae91f59SKristof Provost nlattr_add_u32(nw, PF_AA_R_NUM, attrs.r_num);
16369ae91f59SKristof Provost nlattr_add_u8(nw, PF_AA_R_ACTION, attrs.r_action);
16379ae91f59SKristof Provost nlattr_add_u8(nw, PF_AA_R_LAST, attrs.r_last);
16389ae91f59SKristof Provost nlattr_add_u8(nw, PF_AA_AF, attrs.af);
16399ae91f59SKristof Provost nlattr_add_string(nw, PF_AA_ANCHOR, attrs.anchor);
16409ae91f59SKristof Provost nlattr_add_pool_addr(nw, PF_AA_ADDR, &attrs.addr);
16419ae91f59SKristof Provost
16429ae91f59SKristof Provost if (!nlmsg_end(nw)) {
16439ae91f59SKristof Provost nlmsg_abort(nw);
16449ae91f59SKristof Provost return (ENOMEM);
16459ae91f59SKristof Provost }
16469ae91f59SKristof Provost
16479ae91f59SKristof Provost return (0);
16489ae91f59SKristof Provost }
16499ae91f59SKristof Provost
165025e0f8f9SKristof Provost #define _OUT(_field) offsetof(struct pfioc_ruleset, _field)
165125e0f8f9SKristof Provost static const struct nlattr_parser nla_p_ruleset[] = {
165225e0f8f9SKristof Provost { .type = PF_RS_PATH, .off = _OUT(path), .arg = (void *)MAXPATHLEN, .cb = nlattr_get_chara },
165348f5bf8bSKristof Provost { .type = PF_RS_NR, .off = _OUT(nr), .cb = nlattr_get_uint32 },
165425e0f8f9SKristof Provost };
1655e9255dafSGleb Smirnoff NL_DECLARE_PARSER(ruleset_parser, struct genlmsghdr, nlf_p_empty, nla_p_ruleset);
165625e0f8f9SKristof Provost #undef _OUT
165725e0f8f9SKristof Provost
165825e0f8f9SKristof Provost static int
pf_handle_get_rulesets(struct nlmsghdr * hdr,struct nl_pstate * npt)165925e0f8f9SKristof Provost pf_handle_get_rulesets(struct nlmsghdr *hdr, struct nl_pstate *npt)
166025e0f8f9SKristof Provost {
166125e0f8f9SKristof Provost struct pfioc_ruleset attrs = { 0 };
166225e0f8f9SKristof Provost struct nl_writer *nw = npt->nw;
166325e0f8f9SKristof Provost struct genlmsghdr *ghdr_new;
166425e0f8f9SKristof Provost int error;
166525e0f8f9SKristof Provost
166625e0f8f9SKristof Provost error = nl_parse_nlmsg(hdr, &ruleset_parser, npt, &attrs);
166725e0f8f9SKristof Provost if (error != 0)
166825e0f8f9SKristof Provost return (error);
166925e0f8f9SKristof Provost
167025e0f8f9SKristof Provost error = pf_ioctl_get_rulesets(&attrs);
167125e0f8f9SKristof Provost if (error != 0)
167225e0f8f9SKristof Provost return (error);
167325e0f8f9SKristof Provost
167425e0f8f9SKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
167525e0f8f9SKristof Provost return (ENOMEM);
167625e0f8f9SKristof Provost
167725e0f8f9SKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
167825e0f8f9SKristof Provost ghdr_new->cmd = PFNL_CMD_GET_RULESETS;
167925e0f8f9SKristof Provost ghdr_new->version = 0;
168025e0f8f9SKristof Provost ghdr_new->reserved = 0;
168125e0f8f9SKristof Provost
168225e0f8f9SKristof Provost nlattr_add_u32(nw, PF_RS_NR, attrs.nr);
168325e0f8f9SKristof Provost
168425e0f8f9SKristof Provost if (!nlmsg_end(nw)) {
168525e0f8f9SKristof Provost nlmsg_abort(nw);
168625e0f8f9SKristof Provost return (ENOMEM);
168725e0f8f9SKristof Provost }
168825e0f8f9SKristof Provost
168925e0f8f9SKristof Provost return (0);
169025e0f8f9SKristof Provost }
169125e0f8f9SKristof Provost
169248f5bf8bSKristof Provost static int
pf_handle_get_ruleset(struct nlmsghdr * hdr,struct nl_pstate * npt)169348f5bf8bSKristof Provost pf_handle_get_ruleset(struct nlmsghdr *hdr, struct nl_pstate *npt)
169448f5bf8bSKristof Provost {
169548f5bf8bSKristof Provost struct pfioc_ruleset attrs = { 0 };
169648f5bf8bSKristof Provost struct nl_writer *nw = npt->nw;
169748f5bf8bSKristof Provost struct genlmsghdr *ghdr_new;
169848f5bf8bSKristof Provost int error;
169948f5bf8bSKristof Provost
170048f5bf8bSKristof Provost error = nl_parse_nlmsg(hdr, &ruleset_parser, npt, &attrs);
170148f5bf8bSKristof Provost if (error)
170248f5bf8bSKristof Provost return (error);
170348f5bf8bSKristof Provost
170448f5bf8bSKristof Provost error = pf_ioctl_get_ruleset(&attrs);
170548f5bf8bSKristof Provost if (error != 0)
170648f5bf8bSKristof Provost return (error);
170748f5bf8bSKristof Provost
170848f5bf8bSKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
170948f5bf8bSKristof Provost return (ENOMEM);
171048f5bf8bSKristof Provost
171148f5bf8bSKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
171248f5bf8bSKristof Provost ghdr_new->cmd = PFNL_CMD_GET_RULESET;
171348f5bf8bSKristof Provost ghdr_new->version = 0;
171448f5bf8bSKristof Provost ghdr_new->reserved = 0;
171548f5bf8bSKristof Provost
171648f5bf8bSKristof Provost nlattr_add_string(nw, PF_RS_NAME, attrs.name);
171748f5bf8bSKristof Provost
171848f5bf8bSKristof Provost if (!nlmsg_end(nw)) {
171948f5bf8bSKristof Provost nlmsg_abort(nw);
172048f5bf8bSKristof Provost return (ENOMEM);
172148f5bf8bSKristof Provost }
172248f5bf8bSKristof Provost
172348f5bf8bSKristof Provost return (0);
172448f5bf8bSKristof Provost }
172548f5bf8bSKristof Provost
17269c125336SKristof Provost static bool
nlattr_add_pf_threshold(struct nl_writer * nw,int attrtype,struct pf_threshold * t,int secs)17277d929a44SKajetan Staszkiewicz nlattr_add_pf_threshold(struct nl_writer *nw, int attrtype,
17287d929a44SKajetan Staszkiewicz struct pf_threshold *t, int secs)
17299c125336SKristof Provost {
17309c125336SKristof Provost int off = nlattr_add_nested(nw, attrtype);
17317d929a44SKajetan Staszkiewicz int diff, conn_rate_count;
17327d929a44SKajetan Staszkiewicz
17337d929a44SKajetan Staszkiewicz /* Adjust the connection rate estimate. */
17347d929a44SKajetan Staszkiewicz conn_rate_count = t->count;
17357d929a44SKajetan Staszkiewicz diff = secs - t->last;
17367d929a44SKajetan Staszkiewicz if (diff >= t->seconds)
17377d929a44SKajetan Staszkiewicz conn_rate_count = 0;
17387d929a44SKajetan Staszkiewicz else
17397d929a44SKajetan Staszkiewicz conn_rate_count -= t->count * diff / t->seconds;
17409c125336SKristof Provost
17419c125336SKristof Provost nlattr_add_u32(nw, PF_TH_LIMIT, t->limit);
17429c125336SKristof Provost nlattr_add_u32(nw, PF_TH_SECONDS, t->seconds);
17437d929a44SKajetan Staszkiewicz nlattr_add_u32(nw, PF_TH_COUNT, conn_rate_count);
17449c125336SKristof Provost nlattr_add_u32(nw, PF_TH_LAST, t->last);
17459c125336SKristof Provost
17469c125336SKristof Provost nlattr_set_len(nw, off);
17479c125336SKristof Provost
17489c125336SKristof Provost return (true);
17499c125336SKristof Provost }
17509c125336SKristof Provost
17519c125336SKristof Provost static int
pf_handle_get_srcnodes(struct nlmsghdr * hdr,struct nl_pstate * npt)17529c125336SKristof Provost pf_handle_get_srcnodes(struct nlmsghdr *hdr, struct nl_pstate *npt)
17539c125336SKristof Provost {
17549c125336SKristof Provost struct nl_writer *nw = npt->nw;
17559c125336SKristof Provost struct genlmsghdr *ghdr_new;
17569c125336SKristof Provost struct pf_ksrc_node *n;
17579c125336SKristof Provost struct pf_srchash *sh;
17589c125336SKristof Provost int i;
17597d929a44SKajetan Staszkiewicz int secs;
17609c125336SKristof Provost
17619c125336SKristof Provost hdr->nlmsg_flags |= NLM_F_MULTI;
17629c125336SKristof Provost
17639c125336SKristof Provost for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask;
17649c125336SKristof Provost i++, sh++) {
17659c125336SKristof Provost /* Avoid locking empty rows. */
17669c125336SKristof Provost if (LIST_EMPTY(&sh->nodes))
17679c125336SKristof Provost continue;
17689c125336SKristof Provost
17699c125336SKristof Provost PF_HASHROW_LOCK(sh);
17707d929a44SKajetan Staszkiewicz secs = time_uptime;
17717d929a44SKajetan Staszkiewicz
17729c125336SKristof Provost LIST_FOREACH(n, &sh->nodes, entry) {
17739c125336SKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr))) {
17749c125336SKristof Provost nlmsg_abort(nw);
17759c125336SKristof Provost return (ENOMEM);
17769c125336SKristof Provost }
17779c125336SKristof Provost
17789c125336SKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
17799c125336SKristof Provost ghdr_new->cmd = PFNL_CMD_GET_SRCNODES;
17809c125336SKristof Provost ghdr_new->version = 0;
17819c125336SKristof Provost ghdr_new->reserved = 0;
17829c125336SKristof Provost
17839c125336SKristof Provost nlattr_add_in6_addr(nw, PF_SN_ADDR, &n->addr.v6);
17849c125336SKristof Provost nlattr_add_in6_addr(nw, PF_SN_RADDR, &n->raddr.v6);
17859c125336SKristof Provost nlattr_add_u32(nw, PF_SN_RULE_NR, n->rule->nr);
17869c125336SKristof Provost nlattr_add_u64(nw, PF_SN_BYTES_IN, counter_u64_fetch(n->bytes[0]));
17879c125336SKristof Provost nlattr_add_u64(nw, PF_SN_BYTES_OUT, counter_u64_fetch(n->bytes[1]));
17889c125336SKristof Provost nlattr_add_u64(nw, PF_SN_PACKETS_IN, counter_u64_fetch(n->packets[0]));
17899c125336SKristof Provost nlattr_add_u64(nw, PF_SN_PACKETS_OUT, counter_u64_fetch(n->packets[1]));
17909c125336SKristof Provost nlattr_add_u32(nw, PF_SN_STATES, n->states);
17919c125336SKristof Provost nlattr_add_u32(nw, PF_SN_CONNECTIONS, n->conn);
17929c125336SKristof Provost nlattr_add_u8(nw, PF_SN_AF, n->af);
1793aa69fdf1SKristof Provost nlattr_add_u8(nw, PF_SN_NAF, n->naf);
17949c125336SKristof Provost nlattr_add_u8(nw, PF_SN_RULE_TYPE, n->ruletype);
17957d929a44SKajetan Staszkiewicz
17967d929a44SKajetan Staszkiewicz nlattr_add_u64(nw, PF_SN_CREATION, secs - n->creation);
17977d929a44SKajetan Staszkiewicz if (n->expire > secs)
17987d929a44SKajetan Staszkiewicz nlattr_add_u64(nw, PF_SN_EXPIRE, n->expire - secs);
17997d929a44SKajetan Staszkiewicz else
18007d929a44SKajetan Staszkiewicz nlattr_add_u64(nw, PF_SN_EXPIRE, 0);
18017d929a44SKajetan Staszkiewicz
18027d929a44SKajetan Staszkiewicz nlattr_add_pf_threshold(nw, PF_SN_CONNECTION_RATE,
18037d929a44SKajetan Staszkiewicz &n->conn_rate, secs);
18049c125336SKristof Provost
180507e070efSKajetan Staszkiewicz nlattr_add_u8(nw, PF_SN_NODE_TYPE, n->type);
180607e070efSKajetan Staszkiewicz
18079c125336SKristof Provost if (!nlmsg_end(nw)) {
18089c125336SKristof Provost PF_HASHROW_UNLOCK(sh);
18099c125336SKristof Provost nlmsg_abort(nw);
18109c125336SKristof Provost return (ENOMEM);
18119c125336SKristof Provost }
18129c125336SKristof Provost }
18139c125336SKristof Provost PF_HASHROW_UNLOCK(sh);
18149c125336SKristof Provost }
18159c125336SKristof Provost
18169c125336SKristof Provost return (0);
18179c125336SKristof Provost }
18189c125336SKristof Provost
1819441d4894SKristof Provost #define _OUT(_field) offsetof(struct pfioc_table, _field)
1820441d4894SKristof Provost static const struct nlattr_parser nla_p_table[] = {
1821441d4894SKristof Provost { .type = PF_T_ANCHOR, .off = _OUT(pfrio_table.pfrt_anchor), .arg = (void *)MAXPATHLEN, .cb = nlattr_get_chara },
1822441d4894SKristof Provost { .type = PF_T_NAME, .off = _OUT(pfrio_table.pfrt_name), .arg = (void *)PF_TABLE_NAME_SIZE, .cb = nlattr_get_chara },
1823441d4894SKristof Provost { .type = PF_T_TABLE_FLAGS, .off = _OUT(pfrio_table.pfrt_flags), .cb = nlattr_get_uint32 },
1824441d4894SKristof Provost { .type = PF_T_FLAGS, .off = _OUT(pfrio_flags), .cb = nlattr_get_uint32 },
1825441d4894SKristof Provost };
1826441d4894SKristof Provost static const struct nlfield_parser nlf_p_table[] = {};
1827441d4894SKristof Provost NL_DECLARE_PARSER(table_parser, struct genlmsghdr, nlf_p_table, nla_p_table);
1828441d4894SKristof Provost #undef _OUT
1829441d4894SKristof Provost static int
pf_handle_clear_tables(struct nlmsghdr * hdr,struct nl_pstate * npt)1830441d4894SKristof Provost pf_handle_clear_tables(struct nlmsghdr *hdr, struct nl_pstate *npt)
1831441d4894SKristof Provost {
1832441d4894SKristof Provost struct pfioc_table attrs = { 0 };
1833441d4894SKristof Provost struct nl_writer *nw = npt->nw;
1834441d4894SKristof Provost struct genlmsghdr *ghdr_new;
1835441d4894SKristof Provost int ndel = 0;
1836441d4894SKristof Provost int error;
1837441d4894SKristof Provost
1838441d4894SKristof Provost error = nl_parse_nlmsg(hdr, &table_parser, npt, &attrs);
1839441d4894SKristof Provost if (error != 0)
1840441d4894SKristof Provost return (error);
1841441d4894SKristof Provost
1842441d4894SKristof Provost PF_RULES_WLOCK();
1843441d4894SKristof Provost error = pfr_clr_tables(&attrs.pfrio_table, &ndel, attrs.pfrio_flags | PFR_FLAG_USERIOCTL);
1844441d4894SKristof Provost PF_RULES_WUNLOCK();
1845441d4894SKristof Provost if (error != 0)
1846441d4894SKristof Provost return (error);
1847441d4894SKristof Provost
1848441d4894SKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
1849441d4894SKristof Provost return (ENOMEM);
1850441d4894SKristof Provost
1851441d4894SKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
1852441d4894SKristof Provost ghdr_new->cmd = PFNL_CMD_CLEAR_TABLES;
1853441d4894SKristof Provost ghdr_new->version = 0;
1854441d4894SKristof Provost ghdr_new->reserved = 0;
1855441d4894SKristof Provost
1856441d4894SKristof Provost nlattr_add_u32(nw, PF_T_NBR_DELETED, ndel);
1857441d4894SKristof Provost
1858441d4894SKristof Provost if (!nlmsg_end(nw)) {
1859441d4894SKristof Provost nlmsg_abort(nw);
1860441d4894SKristof Provost return (ENOMEM);
1861441d4894SKristof Provost }
1862441d4894SKristof Provost
1863441d4894SKristof Provost return (0);
1864441d4894SKristof Provost }
1865441d4894SKristof Provost
186684a80eaeSKristof Provost static int
pf_handle_add_table(struct nlmsghdr * hdr,struct nl_pstate * npt)186784a80eaeSKristof Provost pf_handle_add_table(struct nlmsghdr *hdr, struct nl_pstate *npt)
186884a80eaeSKristof Provost {
186984a80eaeSKristof Provost struct pfioc_table attrs = { 0 };
187084a80eaeSKristof Provost struct nl_writer *nw = npt->nw;
187184a80eaeSKristof Provost struct genlmsghdr *ghdr_new;
187284a80eaeSKristof Provost int error;
187384a80eaeSKristof Provost
187484a80eaeSKristof Provost error = nl_parse_nlmsg(hdr, &table_parser, npt, &attrs);
187584a80eaeSKristof Provost if (error != 0)
187684a80eaeSKristof Provost return (error);
187784a80eaeSKristof Provost
187884a80eaeSKristof Provost PF_RULES_WLOCK();
187984a80eaeSKristof Provost error = pfr_add_tables(&attrs.pfrio_table, 1, &attrs.pfrio_nadd,
188084a80eaeSKristof Provost attrs.pfrio_flags | PFR_FLAG_USERIOCTL);
188184a80eaeSKristof Provost PF_RULES_WUNLOCK();
188284a80eaeSKristof Provost if (error != 0)
188384a80eaeSKristof Provost return (error);
188484a80eaeSKristof Provost
188584a80eaeSKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
188684a80eaeSKristof Provost return (ENOMEM);
188784a80eaeSKristof Provost
188884a80eaeSKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
188984a80eaeSKristof Provost ghdr_new->cmd = PFNL_CMD_ADD_TABLE;
189084a80eaeSKristof Provost ghdr_new->version = 0;
189184a80eaeSKristof Provost ghdr_new->reserved = 0;
189284a80eaeSKristof Provost
189384a80eaeSKristof Provost nlattr_add_u32(nw, PF_T_NBR_ADDED, attrs.pfrio_nadd);
189484a80eaeSKristof Provost
189584a80eaeSKristof Provost if (!nlmsg_end(nw)) {
189684a80eaeSKristof Provost nlmsg_abort(nw);
189784a80eaeSKristof Provost return (ENOMEM);
189884a80eaeSKristof Provost }
189984a80eaeSKristof Provost
190084a80eaeSKristof Provost return (0);
190184a80eaeSKristof Provost }
190284a80eaeSKristof Provost
19030d2058abSKristof Provost static int
pf_handle_del_table(struct nlmsghdr * hdr,struct nl_pstate * npt)19040d2058abSKristof Provost pf_handle_del_table(struct nlmsghdr *hdr, struct nl_pstate *npt)
19050d2058abSKristof Provost {
19060d2058abSKristof Provost struct pfioc_table attrs = { 0 };
19070d2058abSKristof Provost struct nl_writer *nw = npt->nw;
19080d2058abSKristof Provost struct genlmsghdr *ghdr_new;
19090d2058abSKristof Provost int error;
19100d2058abSKristof Provost
19110d2058abSKristof Provost error = nl_parse_nlmsg(hdr, &table_parser, npt, &attrs);
19120d2058abSKristof Provost if (error != 0)
19130d2058abSKristof Provost return (error);
19140d2058abSKristof Provost
19150d2058abSKristof Provost PF_RULES_WLOCK();
19160d2058abSKristof Provost error = pfr_del_tables(&attrs.pfrio_table, 1, &attrs.pfrio_ndel,
19170d2058abSKristof Provost attrs.pfrio_flags | PFR_FLAG_USERIOCTL);
19180d2058abSKristof Provost PF_RULES_WUNLOCK();
19190d2058abSKristof Provost if (error != 0)
19200d2058abSKristof Provost return (error);
19210d2058abSKristof Provost
19220d2058abSKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
19230d2058abSKristof Provost return (ENOMEM);
19240d2058abSKristof Provost
19250d2058abSKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
19260d2058abSKristof Provost ghdr_new->cmd = PFNL_CMD_ADD_TABLE;
19270d2058abSKristof Provost ghdr_new->version = 0;
19280d2058abSKristof Provost ghdr_new->reserved = 0;
19290d2058abSKristof Provost
19300d2058abSKristof Provost nlattr_add_u32(nw, PF_T_NBR_DELETED, attrs.pfrio_ndel);
19310d2058abSKristof Provost
19320d2058abSKristof Provost if (!nlmsg_end(nw)) {
19330d2058abSKristof Provost nlmsg_abort(nw);
19340d2058abSKristof Provost return (ENOMEM);
19350d2058abSKristof Provost }
19360d2058abSKristof Provost
19370d2058abSKristof Provost return (0);
19380d2058abSKristof Provost }
19390d2058abSKristof Provost
19409e8d2962SKristof Provost static bool
nlattr_add_pfr_table(struct nl_writer * nw,int attrtype,struct pfr_table * t)19419e8d2962SKristof Provost nlattr_add_pfr_table(struct nl_writer *nw, int attrtype,
19429e8d2962SKristof Provost struct pfr_table *t)
19439e8d2962SKristof Provost {
19449e8d2962SKristof Provost int off = nlattr_add_nested(nw, attrtype);
19459e8d2962SKristof Provost
19469e8d2962SKristof Provost nlattr_add_string(nw, PF_T_ANCHOR, t->pfrt_anchor);
19479e8d2962SKristof Provost nlattr_add_string(nw, PF_T_NAME, t->pfrt_name);
19489e8d2962SKristof Provost nlattr_add_u32(nw, PF_T_TABLE_FLAGS, t->pfrt_flags);
19499e8d2962SKristof Provost
19509e8d2962SKristof Provost nlattr_set_len(nw, off);
19519e8d2962SKristof Provost
19529e8d2962SKristof Provost return (true);
19539e8d2962SKristof Provost }
19549e8d2962SKristof Provost
19559e8d2962SKristof Provost static int
pf_handle_get_tstats(struct nlmsghdr * hdr,struct nl_pstate * npt)19569e8d2962SKristof Provost pf_handle_get_tstats(struct nlmsghdr *hdr, struct nl_pstate *npt)
19579e8d2962SKristof Provost {
19589e8d2962SKristof Provost struct pfioc_table attrs = { 0 };
19599e8d2962SKristof Provost struct nl_writer *nw = npt->nw;
19609e8d2962SKristof Provost struct genlmsghdr *ghdr_new;
19619e8d2962SKristof Provost struct pfr_tstats *pfrtstats;
19629e8d2962SKristof Provost int error;
19639e8d2962SKristof Provost int n;
19649e8d2962SKristof Provost
19659e8d2962SKristof Provost PF_RULES_RLOCK_TRACKER;
19669e8d2962SKristof Provost
19679e8d2962SKristof Provost error = nl_parse_nlmsg(hdr, &table_parser, npt, &attrs);
19689e8d2962SKristof Provost if (error != 0)
19699e8d2962SKristof Provost return (error);
19709e8d2962SKristof Provost
19719e8d2962SKristof Provost PF_TABLE_STATS_LOCK();
19729e8d2962SKristof Provost PF_RULES_RLOCK();
19739e8d2962SKristof Provost
19749e8d2962SKristof Provost n = pfr_table_count(&attrs.pfrio_table, attrs.pfrio_flags);
19759e8d2962SKristof Provost pfrtstats = mallocarray(n,
19769e8d2962SKristof Provost sizeof(struct pfr_tstats), M_TEMP, M_NOWAIT | M_ZERO);
19779e8d2962SKristof Provost
19789e8d2962SKristof Provost error = pfr_get_tstats(&attrs.pfrio_table, pfrtstats,
19799e8d2962SKristof Provost &n, attrs.pfrio_flags | PFR_FLAG_USERIOCTL);
19809e8d2962SKristof Provost
19819e8d2962SKristof Provost PF_RULES_RUNLOCK();
19829e8d2962SKristof Provost PF_TABLE_STATS_UNLOCK();
19839e8d2962SKristof Provost
19849e8d2962SKristof Provost if (error == 0) {
19859e8d2962SKristof Provost hdr->nlmsg_flags |= NLM_F_MULTI;
19869e8d2962SKristof Provost
19879e8d2962SKristof Provost for (int i = 0; i < n; i++) {
19889e8d2962SKristof Provost uint64_t refcnt[PFR_REFCNT_MAX];
19899e8d2962SKristof Provost
19909e8d2962SKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr))) {
19919e8d2962SKristof Provost error = ENOMEM;
19929e8d2962SKristof Provost break;
19939e8d2962SKristof Provost }
19949e8d2962SKristof Provost
19959e8d2962SKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
19969e8d2962SKristof Provost ghdr_new->cmd = PFNL_CMD_GET_TSTATS;
19979e8d2962SKristof Provost ghdr_new->version = 0;
19989e8d2962SKristof Provost ghdr_new->reserved = 0;
19999e8d2962SKristof Provost
20009e8d2962SKristof Provost nlattr_add_pfr_table(nw, PF_TS_TABLE,
20019e8d2962SKristof Provost &pfrtstats[i].pfrts_t);
20029e8d2962SKristof Provost nlattr_add_u64_array(nw, PF_TS_PACKETS,
20039e8d2962SKristof Provost PFR_DIR_MAX * PFR_OP_TABLE_MAX,
20049e8d2962SKristof Provost (uint64_t *)pfrtstats[i].pfrts_packets);
20059e8d2962SKristof Provost nlattr_add_u64_array(nw, PF_TS_BYTES,
20069e8d2962SKristof Provost PFR_DIR_MAX * PFR_OP_TABLE_MAX,
20079e8d2962SKristof Provost (uint64_t *)pfrtstats[i].pfrts_bytes);
20089e8d2962SKristof Provost nlattr_add_u64(nw, PF_TS_MATCH,
20099e8d2962SKristof Provost pfrtstats[i].pfrts_match);
20109e8d2962SKristof Provost nlattr_add_u64(nw, PF_TS_NOMATCH,
20119e8d2962SKristof Provost pfrtstats[i].pfrts_nomatch);
20129e8d2962SKristof Provost nlattr_add_u64(nw, PF_TS_TZERO,
20139e8d2962SKristof Provost pfrtstats[i].pfrts_tzero);
20149e8d2962SKristof Provost nlattr_add_u64(nw, PF_TS_CNT, pfrtstats[i].pfrts_cnt);
20159e8d2962SKristof Provost
20169e8d2962SKristof Provost for (int j = 0; j < PFR_REFCNT_MAX; j++)
20179e8d2962SKristof Provost refcnt[j] = pfrtstats[i].pfrts_refcnt[j];
20189e8d2962SKristof Provost
20199e8d2962SKristof Provost nlattr_add_u64_array(nw, PF_TS_REFCNT, PFR_REFCNT_MAX,
20209e8d2962SKristof Provost refcnt);
20219e8d2962SKristof Provost
20229e8d2962SKristof Provost if (! nlmsg_end(nw)) {
20239e8d2962SKristof Provost error = ENOMEM;
20249e8d2962SKristof Provost break;
20259e8d2962SKristof Provost }
20269e8d2962SKristof Provost }
20279e8d2962SKristof Provost }
20289e8d2962SKristof Provost free(pfrtstats, M_TEMP);
20299e8d2962SKristof Provost
20309e8d2962SKristof Provost if (!nlmsg_end_dump(npt->nw, error, hdr)) {
20319e8d2962SKristof Provost NL_LOG(LOG_DEBUG, "Unable to finalize the dump");
20329e8d2962SKristof Provost return (ENOMEM);
20339e8d2962SKristof Provost }
20349e8d2962SKristof Provost
20359e8d2962SKristof Provost return (error);
20369e8d2962SKristof Provost }
20379e8d2962SKristof Provost
2038*b3a68a2eSKristof Provost static int
pf_handle_clear_tstats(struct nlmsghdr * hdr,struct nl_pstate * npt)2039*b3a68a2eSKristof Provost pf_handle_clear_tstats(struct nlmsghdr *hdr, struct nl_pstate *npt)
2040*b3a68a2eSKristof Provost {
2041*b3a68a2eSKristof Provost struct pfioc_table attrs = { 0 };
2042*b3a68a2eSKristof Provost struct nl_writer *nw = npt->nw;
2043*b3a68a2eSKristof Provost struct genlmsghdr *ghdr_new;
2044*b3a68a2eSKristof Provost int error;
2045*b3a68a2eSKristof Provost int nzero;
2046*b3a68a2eSKristof Provost
2047*b3a68a2eSKristof Provost PF_RULES_RLOCK_TRACKER;
2048*b3a68a2eSKristof Provost
2049*b3a68a2eSKristof Provost error = nl_parse_nlmsg(hdr, &table_parser, npt, &attrs);
2050*b3a68a2eSKristof Provost if (error != 0)
2051*b3a68a2eSKristof Provost return (error);
2052*b3a68a2eSKristof Provost
2053*b3a68a2eSKristof Provost PF_TABLE_STATS_LOCK();
2054*b3a68a2eSKristof Provost PF_RULES_RLOCK();
2055*b3a68a2eSKristof Provost error = pfr_clr_tstats(&attrs.pfrio_table, 1,
2056*b3a68a2eSKristof Provost &nzero, attrs.pfrio_flags | PFR_FLAG_USERIOCTL);
2057*b3a68a2eSKristof Provost PF_RULES_RUNLOCK();
2058*b3a68a2eSKristof Provost PF_TABLE_STATS_UNLOCK();
2059*b3a68a2eSKristof Provost
2060*b3a68a2eSKristof Provost if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
2061*b3a68a2eSKristof Provost return (ENOMEM);
2062*b3a68a2eSKristof Provost
2063*b3a68a2eSKristof Provost ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr);
2064*b3a68a2eSKristof Provost ghdr_new->cmd = PFNL_CMD_CLR_TSTATS;
2065*b3a68a2eSKristof Provost ghdr_new->version = 0;
2066*b3a68a2eSKristof Provost ghdr_new->reserved = 0;
2067*b3a68a2eSKristof Provost
2068*b3a68a2eSKristof Provost nlattr_add_u64(nw, PF_TS_NZERO, nzero);
2069*b3a68a2eSKristof Provost
2070*b3a68a2eSKristof Provost if (! nlmsg_end(nw))
2071*b3a68a2eSKristof Provost error = ENOMEM;
2072*b3a68a2eSKristof Provost
2073*b3a68a2eSKristof Provost return (error);
2074*b3a68a2eSKristof Provost }
2075*b3a68a2eSKristof Provost
207644f323ecSKristof Provost static const struct nlhdr_parser *all_parsers[] = {
207744f323ecSKristof Provost &state_parser,
207844f323ecSKristof Provost &addrule_parser,
2079706d465dSKristof Provost &getrules_parser,
2080706d465dSKristof Provost &clear_states_parser,
2081470a2b33SKristof Provost &set_statusif_parser,
208271d3c704SKristof Provost &natlook_parser,
2083c36c90a2SKristof Provost &set_debug_parser,
208430bad751SKristof Provost &set_timeout_parser,
2085d9ab8999SKristof Provost &set_limit_parser,
2086d909f06bSKristof Provost &pool_addr_parser,
2087d909f06bSKristof Provost &add_addr_parser,
208825e0f8f9SKristof Provost &ruleset_parser,
2089441d4894SKristof Provost &table_parser,
209044f323ecSKristof Provost };
20912cef6288SAlexander V. Chernikov
2092ee507b70SGleb Smirnoff static uint16_t family_id;
20932cef6288SAlexander V. Chernikov
20942cef6288SAlexander V. Chernikov static const struct genl_cmd pf_cmds[] = {
20952cef6288SAlexander V. Chernikov {
20962cef6288SAlexander V. Chernikov .cmd_num = PFNL_CMD_GETSTATES,
20972cef6288SAlexander V. Chernikov .cmd_name = "GETSTATES",
20982cef6288SAlexander V. Chernikov .cmd_cb = pf_handle_getstates,
20992cef6288SAlexander V. Chernikov .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
2100e774c1efSKristof Provost .cmd_priv = PRIV_NETINET_PF,
21012cef6288SAlexander V. Chernikov },
2102a7191e5dSKristof Provost {
2103a7191e5dSKristof Provost .cmd_num = PFNL_CMD_GETCREATORS,
2104a7191e5dSKristof Provost .cmd_name = "GETCREATORS",
2105a7191e5dSKristof Provost .cmd_cb = pf_handle_getcreators,
2106a7191e5dSKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
2107e774c1efSKristof Provost .cmd_priv = PRIV_NETINET_PF,
2108a7191e5dSKristof Provost },
210981647eb6SKristof Provost {
211081647eb6SKristof Provost .cmd_num = PFNL_CMD_START,
211181647eb6SKristof Provost .cmd_name = "START",
211281647eb6SKristof Provost .cmd_cb = pf_handle_start,
211381647eb6SKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
2114e774c1efSKristof Provost .cmd_priv = PRIV_NETINET_PF,
211581647eb6SKristof Provost },
211681647eb6SKristof Provost {
211781647eb6SKristof Provost .cmd_num = PFNL_CMD_STOP,
211881647eb6SKristof Provost .cmd_name = "STOP",
211981647eb6SKristof Provost .cmd_cb = pf_handle_stop,
212081647eb6SKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
2121e774c1efSKristof Provost .cmd_priv = PRIV_NETINET_PF,
212281647eb6SKristof Provost },
2123ffbf2595SKristof Provost {
2124ffbf2595SKristof Provost .cmd_num = PFNL_CMD_ADDRULE,
2125ffbf2595SKristof Provost .cmd_name = "ADDRULE",
2126ffbf2595SKristof Provost .cmd_cb = pf_handle_addrule,
2127ffbf2595SKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
2128e774c1efSKristof Provost .cmd_priv = PRIV_NETINET_PF,
2129ffbf2595SKristof Provost },
213044f323ecSKristof Provost {
213144f323ecSKristof Provost .cmd_num = PFNL_CMD_GETRULES,
213244f323ecSKristof Provost .cmd_name = "GETRULES",
213344f323ecSKristof Provost .cmd_cb = pf_handle_getrules,
213444f323ecSKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
2135e774c1efSKristof Provost .cmd_priv = PRIV_NETINET_PF,
213644f323ecSKristof Provost },
2137777a4702SKristof Provost {
2138777a4702SKristof Provost .cmd_num = PFNL_CMD_GETRULE,
2139777a4702SKristof Provost .cmd_name = "GETRULE",
2140777a4702SKristof Provost .cmd_cb = pf_handle_getrule,
2141777a4702SKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
2142777a4702SKristof Provost .cmd_priv = PRIV_NETINET_PF,
2143777a4702SKristof Provost },
2144706d465dSKristof Provost {
2145706d465dSKristof Provost .cmd_num = PFNL_CMD_CLRSTATES,
2146706d465dSKristof Provost .cmd_name = "CLRSTATES",
2147706d465dSKristof Provost .cmd_cb = pf_handle_clear_states,
2148706d465dSKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
2149706d465dSKristof Provost .cmd_priv = PRIV_NETINET_PF,
2150706d465dSKristof Provost },
2151706d465dSKristof Provost {
2152706d465dSKristof Provost .cmd_num = PFNL_CMD_KILLSTATES,
2153706d465dSKristof Provost .cmd_name = "KILLSTATES",
2154706d465dSKristof Provost .cmd_cb = pf_handle_kill_states,
2155706d465dSKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
2156706d465dSKristof Provost .cmd_priv = PRIV_NETINET_PF,
2157706d465dSKristof Provost },
2158470a2b33SKristof Provost {
2159470a2b33SKristof Provost .cmd_num = PFNL_CMD_SET_STATUSIF,
2160470a2b33SKristof Provost .cmd_name = "SETSTATUSIF",
2161470a2b33SKristof Provost .cmd_cb = pf_handle_set_statusif,
2162470a2b33SKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
2163470a2b33SKristof Provost .cmd_priv = PRIV_NETINET_PF,
21645824df8dSKristof Provost },
21655824df8dSKristof Provost {
21665824df8dSKristof Provost .cmd_num = PFNL_CMD_GET_STATUS,
21675824df8dSKristof Provost .cmd_name = "GETSTATUS",
21685824df8dSKristof Provost .cmd_cb = pf_handle_get_status,
21695824df8dSKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
21705824df8dSKristof Provost .cmd_priv = PRIV_NETINET_PF,
21715824df8dSKristof Provost },
21729dbbe68bSKristof Provost {
21739dbbe68bSKristof Provost .cmd_num = PFNL_CMD_CLEAR_STATUS,
21749dbbe68bSKristof Provost .cmd_name = "CLEARSTATUS",
21759dbbe68bSKristof Provost .cmd_cb = pf_handle_clear_status,
21769dbbe68bSKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
21779dbbe68bSKristof Provost .cmd_priv = PRIV_NETINET_PF,
21789dbbe68bSKristof Provost },
217971d3c704SKristof Provost {
218071d3c704SKristof Provost .cmd_num = PFNL_CMD_NATLOOK,
218171d3c704SKristof Provost .cmd_name = "NATLOOK",
218271d3c704SKristof Provost .cmd_cb = pf_handle_natlook,
218371d3c704SKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
218471d3c704SKristof Provost .cmd_priv = PRIV_NETINET_PF,
218571d3c704SKristof Provost },
2186c36c90a2SKristof Provost {
2187c36c90a2SKristof Provost .cmd_num = PFNL_CMD_SET_DEBUG,
2188c36c90a2SKristof Provost .cmd_name = "SET_DEBUG",
2189c36c90a2SKristof Provost .cmd_cb = pf_handle_set_debug,
2190c36c90a2SKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
2191c36c90a2SKristof Provost .cmd_priv = PRIV_NETINET_PF,
2192c36c90a2SKristof Provost },
219330bad751SKristof Provost {
219430bad751SKristof Provost .cmd_num = PFNL_CMD_SET_TIMEOUT,
219530bad751SKristof Provost .cmd_name = "SET_TIMEOUT",
219630bad751SKristof Provost .cmd_cb = pf_handle_set_timeout,
219730bad751SKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
219830bad751SKristof Provost .cmd_priv = PRIV_NETINET_PF,
219930bad751SKristof Provost },
220030bad751SKristof Provost {
220130bad751SKristof Provost .cmd_num = PFNL_CMD_GET_TIMEOUT,
220230bad751SKristof Provost .cmd_name = "GET_TIMEOUT",
220330bad751SKristof Provost .cmd_cb = pf_handle_get_timeout,
220430bad751SKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
220530bad751SKristof Provost .cmd_priv = PRIV_NETINET_PF,
220630bad751SKristof Provost },
2207d9ab8999SKristof Provost {
2208d9ab8999SKristof Provost .cmd_num = PFNL_CMD_SET_LIMIT,
2209d9ab8999SKristof Provost .cmd_name = "SET_LIMIT",
2210d9ab8999SKristof Provost .cmd_cb = pf_handle_set_limit,
2211d9ab8999SKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
2212d9ab8999SKristof Provost .cmd_priv = PRIV_NETINET_PF,
2213d9ab8999SKristof Provost },
2214d9ab8999SKristof Provost {
2215d9ab8999SKristof Provost .cmd_num = PFNL_CMD_GET_LIMIT,
2216d9ab8999SKristof Provost .cmd_name = "GET_LIMIT",
2217d9ab8999SKristof Provost .cmd_cb = pf_handle_get_limit,
2218d9ab8999SKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
2219d9ab8999SKristof Provost .cmd_priv = PRIV_NETINET_PF,
2220d9ab8999SKristof Provost },
2221ba2a9207SKristof Provost {
2222ba2a9207SKristof Provost .cmd_num = PFNL_CMD_BEGIN_ADDRS,
2223ba2a9207SKristof Provost .cmd_name = "BEGIN_ADDRS",
2224ba2a9207SKristof Provost .cmd_cb = pf_handle_begin_addrs,
2225ba2a9207SKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
2226ba2a9207SKristof Provost .cmd_priv = PRIV_NETINET_PF,
2227ba2a9207SKristof Provost },
2228d909f06bSKristof Provost {
2229d909f06bSKristof Provost .cmd_num = PFNL_CMD_ADD_ADDR,
2230d909f06bSKristof Provost .cmd_name = "ADD_ADDR",
2231d909f06bSKristof Provost .cmd_cb = pf_handle_add_addr,
2232d909f06bSKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
2233d909f06bSKristof Provost .cmd_priv = PRIV_NETINET_PF,
2234d909f06bSKristof Provost },
2235644b7b5aSKristof Provost {
2236644b7b5aSKristof Provost .cmd_num = PFNL_CMD_GET_ADDRS,
2237644b7b5aSKristof Provost .cmd_name = "GET_ADDRS",
2238644b7b5aSKristof Provost .cmd_cb = pf_handle_get_addrs,
2239644b7b5aSKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
2240644b7b5aSKristof Provost .cmd_priv = PRIV_NETINET_PF,
2241644b7b5aSKristof Provost },
22429ae91f59SKristof Provost {
22439ae91f59SKristof Provost .cmd_num = PFNL_CMD_GET_ADDR,
22449ae91f59SKristof Provost .cmd_name = "GET_ADDRS",
22459ae91f59SKristof Provost .cmd_cb = pf_handle_get_addr,
22469ae91f59SKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
22479ae91f59SKristof Provost .cmd_priv = PRIV_NETINET_PF,
22489ae91f59SKristof Provost },
224925e0f8f9SKristof Provost {
225025e0f8f9SKristof Provost .cmd_num = PFNL_CMD_GET_RULESETS,
225125e0f8f9SKristof Provost .cmd_name = "GET_RULESETS",
225225e0f8f9SKristof Provost .cmd_cb = pf_handle_get_rulesets,
225325e0f8f9SKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
225425e0f8f9SKristof Provost .cmd_priv = PRIV_NETINET_PF,
225525e0f8f9SKristof Provost },
225648f5bf8bSKristof Provost {
225748f5bf8bSKristof Provost .cmd_num = PFNL_CMD_GET_RULESET,
225848f5bf8bSKristof Provost .cmd_name = "GET_RULESET",
225948f5bf8bSKristof Provost .cmd_cb = pf_handle_get_ruleset,
226048f5bf8bSKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
226148f5bf8bSKristof Provost .cmd_priv = PRIV_NETINET_PF,
226248f5bf8bSKristof Provost },
22639c125336SKristof Provost {
22649c125336SKristof Provost .cmd_num = PFNL_CMD_GET_SRCNODES,
22659c125336SKristof Provost .cmd_name = "GET_SRCNODES",
22669c125336SKristof Provost .cmd_cb = pf_handle_get_srcnodes,
22679c125336SKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
22689c125336SKristof Provost .cmd_priv = PRIV_NETINET_PF,
22699c125336SKristof Provost },
2270441d4894SKristof Provost {
2271441d4894SKristof Provost .cmd_num = PFNL_CMD_CLEAR_TABLES,
2272441d4894SKristof Provost .cmd_name = "CLEAR_TABLES",
2273441d4894SKristof Provost .cmd_cb = pf_handle_clear_tables,
2274441d4894SKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
2275441d4894SKristof Provost .cmd_priv = PRIV_NETINET_PF,
2276441d4894SKristof Provost },
227784a80eaeSKristof Provost {
227884a80eaeSKristof Provost .cmd_num = PFNL_CMD_ADD_TABLE,
227984a80eaeSKristof Provost .cmd_name = "ADD_TABLE",
228084a80eaeSKristof Provost .cmd_cb = pf_handle_add_table,
228184a80eaeSKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
228284a80eaeSKristof Provost .cmd_priv = PRIV_NETINET_PF,
228384a80eaeSKristof Provost },
22840d2058abSKristof Provost {
22850d2058abSKristof Provost .cmd_num = PFNL_CMD_DEL_TABLE,
22860d2058abSKristof Provost .cmd_name = "DEL_TABLE",
22870d2058abSKristof Provost .cmd_cb = pf_handle_del_table,
22880d2058abSKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
22890d2058abSKristof Provost .cmd_priv = PRIV_NETINET_PF,
22900d2058abSKristof Provost },
22919e8d2962SKristof Provost {
22929e8d2962SKristof Provost .cmd_num = PFNL_CMD_GET_TSTATS,
22939e8d2962SKristof Provost .cmd_name = "GET_TSTATS",
22949e8d2962SKristof Provost .cmd_cb = pf_handle_get_tstats,
22959e8d2962SKristof Provost .cmd_flags = GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,
22969e8d2962SKristof Provost .cmd_priv = PRIV_NETINET_PF,
22979e8d2962SKristof Provost },
2298*b3a68a2eSKristof Provost {
2299*b3a68a2eSKristof Provost .cmd_num = PFNL_CMD_CLR_TSTATS,
2300*b3a68a2eSKristof Provost .cmd_name = "CLR_TSTATS",
2301*b3a68a2eSKristof Provost .cmd_cb = pf_handle_clear_tstats,
2302*b3a68a2eSKristof Provost .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,
2303*b3a68a2eSKristof Provost .cmd_priv = PRIV_NETINET_PF,
2304*b3a68a2eSKristof Provost },
23052cef6288SAlexander V. Chernikov };
23062cef6288SAlexander V. Chernikov
23072cef6288SAlexander V. Chernikov void
pf_nl_register(void)23082cef6288SAlexander V. Chernikov pf_nl_register(void)
23092cef6288SAlexander V. Chernikov {
23102cef6288SAlexander V. Chernikov NL_VERIFY_PARSERS(all_parsers);
2311ffbf2595SKristof Provost
23122cef6288SAlexander V. Chernikov family_id = genl_register_family(PFNL_FAMILY_NAME, 0, 2, PFNL_CMD_MAX);
2313ee507b70SGleb Smirnoff genl_register_cmds(family_id, pf_cmds, nitems(pf_cmds));
23142cef6288SAlexander V. Chernikov }
23152cef6288SAlexander V. Chernikov
23162cef6288SAlexander V. Chernikov void
pf_nl_unregister(void)23172cef6288SAlexander V. Chernikov pf_nl_unregister(void)
23182cef6288SAlexander V. Chernikov {
2319ee507b70SGleb Smirnoff genl_unregister_family(family_id);
23202cef6288SAlexander V. Chernikov }
2321