xref: /illumos-gate/usr/src/cmd/ipf/tools/ippool.c (revision 0173c38a73f34277e0c97a19fedfd25d81ba8380)
1 /*
2  * Copyright (C) 2003 by Darren Reed.
3  *
4  * See the IPFILTER.LICENCE file for details on licencing.
5  *
6  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
7  * Use is subject to license terms.
8  */
9 
10 #pragma ident	"%Z%%M%	%I%	%E% SMI"
11 
12 #include <sys/types.h>
13 #include <sys/time.h>
14 #include <sys/param.h>
15 #include <sys/socket.h>
16 #if defined(BSD) && (BSD >= 199306)
17 # include <sys/cdefs.h>
18 #endif
19 #include <sys/ioctl.h>
20 
21 #include <net/if.h>
22 #if __FreeBSD_version >= 300000
23 # include <net/if_var.h>
24 #endif
25 #include <netinet/in.h>
26 
27 #include <arpa/inet.h>
28 
29 #include <stdio.h>
30 #include <fcntl.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <netdb.h>
34 #include <ctype.h>
35 #include <unistd.h>
36 
37 #include "ipf.h"
38 #include "netinet/ip_lookup.h"
39 #include "netinet/ip_pool.h"
40 #include "netinet/ip_htable.h"
41 #include "kmem.h"
42 
43 
44 extern	int	ippool_yyparse __P((void));
45 extern	int	ippool_yydebug;
46 extern	FILE	*ippool_yyin;
47 extern	char	*optarg;
48 extern	int	lineNum;
49 
50 void	showpools __P((ip_pool_stat_t *));
51 void	usage __P((char *));
52 int	main __P((int, char **));
53 int	poolcommand __P((int, int, char *[]));
54 int	poolnodecommand __P((int, int, char *[]));
55 int	loadpoolfile __P((int, char *[], char *));
56 int	poollist __P((int, char *[]));
57 int	poolflush __P((int, char *[]));
58 int	poolstats __P((int, char *[]));
59 int	gettype __P((char *, u_int *));
60 int	getrole __P((char *));
61 
62 int	opts = 0;
63 int	fd = -1;
64 int	use_inet6 = 0;
65 
66 
67 void usage(prog)
68 char *prog;
69 {
70 	fprintf(stderr, "Usage:\t%s\n", prog);
71 	fprintf(stderr, "\t\t\t-a [-dnv] [-m <name>] [-o <role>] -i <ipaddr>[/netmask]\n");
72 	fprintf(stderr, "\t\t\t-A [-dnv] [-m <name>] [-o <role>] [-S <seed>] [-t <type>]\n");
73 	fprintf(stderr, "\t\t\t-f <file> [-dnuv]\n");
74 	fprintf(stderr, "\t\t\t-F [-dv] [-o <role>] [-t <type>]\n");
75 	fprintf(stderr, "\t\t\t-l [-dv] [-m <name>] [-t <type>]\n");
76 	fprintf(stderr, "\t\t\t-r [-dnv] [-m <name>] [-o <role>] -i <ipaddr>[/netmask]\n");
77 	fprintf(stderr, "\t\t\t-R [-dnv] [-m <name>] [-o <role>] [-t <type>]\n");
78 	fprintf(stderr, "\t\t\t-s [-dtv] [-M <core>] [-N <namelist>]\n");
79 	exit(1);
80 }
81 
82 
83 int main(argc, argv)
84 int argc;
85 char *argv[];
86 {
87 	int err;
88 
89 	if (argc < 2)
90 		usage(argv[0]);
91 
92 	switch (getopt(argc, argv, "aAf:FlrRs"))
93 	{
94 	case 'a' :
95 		err = poolnodecommand(0, argc, argv);
96 		break;
97 	case 'A' :
98 		err = poolcommand(0, argc, argv);
99 		break;
100 	case 'f' :
101 		err = loadpoolfile(argc, argv, optarg);
102 		break;
103 	case 'F' :
104 		err = poolflush(argc, argv);
105 		break;
106 	case 'l' :
107 		err = poollist(argc, argv);
108 		break;
109 	case 'r' :
110 		err = poolnodecommand(1, argc, argv);
111 		break;
112 	case 'R' :
113 		err = poolcommand(1, argc, argv);
114 		break;
115 	case 's' :
116 		err = poolstats(argc, argv);
117 		break;
118 	default :
119 		exit(1);
120 	}
121 
122 	return err;
123 }
124 
125 
126 int poolnodecommand(remove, argc, argv)
127 int remove, argc;
128 char *argv[];
129 {
130 	char *poolname = NULL, *s;
131 	int err, c, ipset, role;
132 	ip_pool_node_t node;
133 	struct in_addr mask;
134 
135 	ipset = 0;
136 	role = IPL_LOGIPF;
137 	bzero((char *)&node, sizeof(node));
138 
139 	while ((c = getopt(argc, argv, "di:m:no:Rv")) != -1)
140 		switch (c)
141 		{
142 		case 'd' :
143 			opts |= OPT_DEBUG;
144 			ippool_yydebug++;
145 			break;
146 		case 'i' :
147 			s = strchr(optarg, '/');
148 			if (s == NULL)
149 				mask.s_addr = 0xffffffff;
150 			else if (strchr(s, '.') == NULL) {
151 				if (ntomask(4, atoi(s + 1), &mask.s_addr) != 0)
152 					return -1;
153 			} else {
154 				mask.s_addr = inet_addr(s + 1);
155 			}
156 			if (s != NULL)
157 				*s = '\0';
158 			ipset = 1;
159 			node.ipn_addr.adf_len = sizeof(node.ipn_addr);
160 			node.ipn_addr.adf_addr.in4.s_addr = inet_addr(optarg);
161 			node.ipn_mask.adf_len = sizeof(node.ipn_mask);
162 			node.ipn_mask.adf_addr.in4.s_addr = mask.s_addr;
163 			break;
164 		case 'm' :
165 			poolname = optarg;
166 			break;
167 		case 'n' :
168 			opts |= OPT_DONOTHING;
169 			break;
170 		case 'o' :
171 			role = getrole(optarg);
172 			if (role == IPL_LOGNONE)
173 				return -1;
174 			break;
175 		case 'R' :
176 			opts |= OPT_NORESOLVE;
177 			break;
178 		case 'v' :
179 			opts |= OPT_VERBOSE;
180 			break;
181 		}
182 
183 	if (opts & OPT_DEBUG)
184 		fprintf(stderr, "poolnodecommand: opts = %#x\n", opts);
185 
186 	if (ipset == 0)
187 		return -1;
188 	if (poolname == NULL) {
189 		fprintf(stderr, "poolname not given with add/remove node\n");
190 		return -1;
191 	}
192 
193 	if (remove == 0)
194 		err = load_poolnode(0, poolname, &node, ioctl);
195 	else
196 		err = remove_poolnode(0, poolname, &node, ioctl);
197 	return err;
198 }
199 
200 
201 int poolcommand(remove, argc, argv)
202 int remove, argc;
203 char *argv[];
204 {
205 	int type, role, c, err;
206 	char *poolname;
207 	iphtable_t iph;
208 	ip_pool_t pool;
209 
210 	err = 1;
211 	role = 0;
212 	type = 0;
213 	poolname = NULL;
214 	role = IPL_LOGIPF;
215 	bzero((char *)&iph, sizeof(iph));
216 	bzero((char *)&pool, sizeof(pool));
217 
218 	while ((c = getopt(argc, argv, "dm:no:RSt:v")) != -1)
219 		switch (c)
220 		{
221 		case 'd' :
222 			opts |= OPT_DEBUG;
223 			ippool_yydebug++;
224 			break;
225 		case 'm' :
226 			poolname = optarg;
227 			break;
228 		case 'n' :
229 			opts |= OPT_DONOTHING;
230 			break;
231 		case 'o' :
232 			role = getrole(optarg);
233 			if (role == IPL_LOGNONE) {
234 				fprintf(stderr, "unknown role '%s'\n", optarg);
235 				return -1;
236 			}
237 			break;
238 		case 'R' :
239 			opts |= OPT_NORESOLVE;
240 			break;
241 		case 'S' :
242 			iph.iph_seed = atoi(optarg);
243 			break;
244 		case 't' :
245 			type = gettype(optarg, &iph.iph_type);
246 			if (type == IPLT_NONE) {
247 				fprintf(stderr, "unknown type '%s'\n", optarg);
248 				return -1;
249 			}
250 			break;
251 		case 'v' :
252 			opts |= OPT_VERBOSE;
253 			break;
254 		}
255 
256 	if (opts & OPT_DEBUG)
257 		fprintf(stderr, "poolcommand: opts = %#x\n", opts);
258 
259 	if (poolname == NULL) {
260 		fprintf(stderr, "poolname not given with add/remove pool\n");
261 		return -1;
262 	}
263 
264 	if (type == IPLT_HASH) {
265 		strncpy(iph.iph_name, poolname, sizeof(iph.iph_name));
266 		iph.iph_name[sizeof(iph.iph_name) - 1] = '\0';
267 		iph.iph_unit = role;
268 	} else if (type == IPLT_POOL) {
269 		strncpy(pool.ipo_name, poolname, sizeof(pool.ipo_name));
270 		pool.ipo_name[sizeof(pool.ipo_name) - 1] = '\0';
271 		pool.ipo_unit = role;
272 	}
273 
274 	if (remove == 0) {
275 		switch (type)
276 		{
277 		case IPLT_HASH :
278 			err = load_hash(&iph, NULL, ioctl);
279 			break;
280 		case IPLT_POOL :
281 			err = load_pool(&pool, ioctl);
282 			break;
283 		}
284 	} else {
285 		switch (type)
286 		{
287 		case IPLT_HASH :
288 			err = remove_hash(&iph, ioctl);
289 			break;
290 		case IPLT_POOL :
291 			err = remove_pool(&pool, ioctl);
292 			break;
293 		}
294 	}
295 	return err;
296 }
297 
298 
299 int loadpoolfile(argc, argv, infile)
300 int argc;
301 char *argv[], *infile;
302 {
303 	int c;
304 
305 	infile = optarg;
306 
307 	while ((c = getopt(argc, argv, "dnRuv")) != -1)
308 		switch (c)
309 		{
310 		case 'd' :
311 			opts |= OPT_DEBUG;
312 			ippool_yydebug++;
313 			break;
314 		case 'n' :
315 			opts |= OPT_DONOTHING;
316 			break;
317 		case 'R' :
318 			opts |= OPT_NORESOLVE;
319 			break;
320 		case 'u' :
321 			opts |= OPT_REMOVE;
322 			break;
323 		case 'v' :
324 			opts |= OPT_VERBOSE;
325 			break;
326 		}
327 
328 	if (opts & OPT_DEBUG)
329 		fprintf(stderr, "loadpoolfile: opts = %#x\n", opts);
330 
331 	if (!(opts & OPT_DONOTHING) && (fd == -1)) {
332 		fd = open(IPLOOKUP_NAME, O_RDWR);
333 		if (fd == -1) {
334 			perror("open(IPLOOKUP_NAME)");
335 			exit(1);
336 		}
337 	}
338 
339 	if (ippool_parsefile(fd, infile, ioctl) != 0)
340 		return -1;
341 	return 0;
342 }
343 
344 
345 int poollist(argc, argv)
346 int argc;
347 char *argv[];
348 {
349 	char *kernel, *core, *poolname;
350 	int c, role, type, live_kernel;
351 	ip_pool_stat_t *plstp, plstat;
352 	iphtstat_t *htstp, htstat;
353 	iphtable_t *hptr;
354 	iplookupop_t op;
355 	ip_pool_t *ptr;
356 
357 	core = NULL;
358 	kernel = NULL;
359 	live_kernel = 1;
360 	type = IPLT_ALL;
361 	poolname = NULL;
362 	role = IPL_LOGALL;
363 
364 	while ((c = getopt(argc, argv, "dm:M:N:o:Rt:v")) != -1)
365 		switch (c)
366 		{
367 		case 'd' :
368 			opts |= OPT_DEBUG;
369 			break;
370 		case 'm' :
371 			poolname = optarg;
372 			break;
373 		case 'M' :
374 			live_kernel = 0;
375 			core = optarg;
376 			break;
377 		case 'N' :
378 			live_kernel = 0;
379 			kernel = optarg;
380 			break;
381 		case 'o' :
382 			role = getrole(optarg);
383 			if (role == IPL_LOGNONE) {
384 				fprintf(stderr, "unknown role '%s'\n", optarg);
385 				return -1;
386 			}
387 			break;
388 		case 'R' :
389 			opts |= OPT_NORESOLVE;
390 			break;
391 		case 't' :
392 			type = gettype(optarg, NULL);
393 			if (type == IPLT_NONE) {
394 				fprintf(stderr, "unknown type '%s'\n", optarg);
395 				return -1;
396 			}
397 			break;
398 		case 'v' :
399 			opts |= OPT_VERBOSE;
400 			break;
401 		}
402 
403 	if (opts & OPT_DEBUG)
404 		fprintf(stderr, "poollist: opts = %#x\n", opts);
405 
406 	if (!(opts & OPT_DONOTHING) && (fd == -1)) {
407 		fd = open(IPLOOKUP_NAME, O_RDWR);
408 		if (fd == -1) {
409 			perror("open(IPLOOKUP_NAME)");
410 			exit(1);
411 		}
412 	}
413 
414 	bzero((char *)&op, sizeof(op));
415 	if (poolname != NULL) {
416 		strncpy(op.iplo_name, poolname, sizeof(op.iplo_name));
417 		op.iplo_name[sizeof(op.iplo_name) - 1] = '\0';
418 	}
419 	op.iplo_unit = role;
420 
421 	if (openkmem(kernel, core) == -1)
422 		exit(-1);
423 
424 	if (type == IPLT_ALL || type == IPLT_POOL) {
425 		plstp = &plstat;
426 		op.iplo_type = IPLT_POOL;
427 		op.iplo_size = sizeof(plstat);
428 		op.iplo_struct = &plstat;
429 		c = ioctl(fd, SIOCLOOKUPSTAT, &op);
430 		if (c == -1) {
431 			perror("ioctl(SIOCLOOKUPSTAT)");
432 			return -1;
433 		}
434 
435 		if (role != IPL_LOGALL) {
436 			ptr = plstp->ipls_list[role];
437 			while (ptr != NULL) {
438 				ptr = printpool(ptr, kmemcpywrap, poolname,
439 						opts);
440 			}
441 		} else {
442 			for (role = 0; role <= IPL_LOGMAX; role++) {
443 				ptr = plstp->ipls_list[role];
444 				while (ptr != NULL) {
445 					ptr = printpool(ptr, kmemcpywrap,
446 							poolname, opts);
447 				}
448 			}
449 			role = IPL_LOGALL;
450 		}
451 	}
452 	if (type == IPLT_ALL || type == IPLT_HASH) {
453 		htstp = &htstat;
454 		op.iplo_type = IPLT_HASH;
455 		op.iplo_size = sizeof(htstat);
456 		op.iplo_struct = &htstat;
457 		c = ioctl(fd, SIOCLOOKUPSTAT, &op);
458 		if (c == -1) {
459 			perror("ioctl(SIOCLOOKUPSTAT)");
460 			return -1;
461 		}
462 
463 		if (role != IPL_LOGALL) {
464 			hptr = htstp->iphs_tables;
465 			while (hptr != NULL) {
466 				hptr = printhash(hptr, kmemcpywrap,
467 						 poolname, opts);
468 			}
469 		} else {
470 			for (role = 0; role <= IPL_LOGMAX; role++) {
471 				hptr = htstp->iphs_tables;
472 				while (hptr != NULL) {
473 					hptr = printhash(hptr, kmemcpywrap,
474 							 poolname, opts);
475 				}
476 
477 				op.iplo_unit = role;
478 				c = ioctl(fd, SIOCLOOKUPSTAT, &op);
479 				if (c == -1) {
480 					perror("ioctl(SIOCLOOKUPSTAT)");
481 					return -1;
482 				}
483 			}
484 		}
485 	}
486 	return 0;
487 }
488 
489 
490 int poolstats(argc, argv)
491 int argc;
492 char *argv[];
493 {
494 	int c, type, role, live_kernel;
495 	ip_pool_stat_t plstat;
496 	char *kernel, *core;
497 	iphtstat_t htstat;
498 	iplookupop_t op;
499 
500 	core = NULL;
501 	kernel = NULL;
502 	live_kernel = 1;
503 	type = IPLT_ALL;
504 	role = IPL_LOGALL;
505 
506 	bzero((char *)&op, sizeof(op));
507 
508 	while ((c = getopt(argc, argv, "dM:N:o:t:v")) != -1)
509 		switch (c)
510 		{
511 		case 'd' :
512 			opts |= OPT_DEBUG;
513 			break;
514 		case 'M' :
515 			live_kernel = 0;
516 			core = optarg;
517 			break;
518 		case 'N' :
519 			live_kernel = 0;
520 			kernel = optarg;
521 			break;
522 		case 'o' :
523 			role = getrole(optarg);
524 			if (role == IPL_LOGNONE) {
525 				fprintf(stderr, "unknown role '%s'\n", optarg);
526 				return -1;
527 			}
528 			break;
529 		case 't' :
530 			type = gettype(optarg, NULL);
531 			if (type != IPLT_POOL) {
532 				fprintf(stderr,
533 					"-s not supported for this type yet\n");
534 				return -1;
535 			}
536 			break;
537 		case 'v' :
538 			opts |= OPT_VERBOSE;
539 			break;
540 		}
541 
542 	if (opts & OPT_DEBUG)
543 		fprintf(stderr, "poolstats: opts = %#x\n", opts);
544 
545 	if (!(opts & OPT_DONOTHING) && (fd == -1)) {
546 		fd = open(IPLOOKUP_NAME, O_RDWR);
547 		if (fd == -1) {
548 			perror("open(IPLOOKUP_NAME)");
549 			exit(1);
550 		}
551 	}
552 
553 	if (type == IPLT_ALL || type == IPLT_POOL) {
554 		op.iplo_type = IPLT_POOL;
555 		op.iplo_struct = &plstat;
556 		op.iplo_size = sizeof(plstat);
557 		if (!(opts & OPT_DONOTHING)) {
558 			c = ioctl(fd, SIOCLOOKUPSTAT, &op);
559 			if (c == -1) {
560 				perror("ioctl(SIOCLOOKUPSTAT)");
561 				return -1;
562 			}
563 			printf("Pools:\t%lu\n", plstat.ipls_pools);
564 			printf("Nodes:\t%lu\n", plstat.ipls_nodes);
565 		}
566 	}
567 
568 	if (type == IPLT_ALL || type == IPLT_HASH) {
569 		op.iplo_type = IPLT_HASH;
570 		op.iplo_struct = &htstat;
571 		op.iplo_size = sizeof(htstat);
572 		if (!(opts & OPT_DONOTHING)) {
573 			c = ioctl(fd, SIOCLOOKUPSTAT, &op);
574 			if (c == -1) {
575 				perror("ioctl(SIOCLOOKUPSTAT)");
576 				return -1;
577 			}
578 			printf("Hash Tables:\t%lu\n", htstat.iphs_numtables);
579 			printf("Nodes:\t%lu\n", htstat.iphs_numnodes);
580 			printf("Out of Memory:\t%lu\n", htstat.iphs_nomem);
581 		}
582 	}
583 	return 0;
584 }
585 
586 
587 int poolflush(argc, argv)
588 int argc;
589 char *argv[];
590 {
591 	int c, role, type, arg;
592 	iplookupflush_t flush;
593 
594 	arg = IPLT_ALL;
595 	type = IPLT_ALL;
596 	role = IPL_LOGALL;
597 
598 	while ((c = getopt(argc, argv, "do:t:v")) != -1)
599 		switch (c)
600 		{
601 		case 'd' :
602 			opts |= OPT_DEBUG;
603 			break;
604 		case 'o' :
605 			role = getrole(optarg);
606 			if (role == IPL_LOGNONE) {
607 				fprintf(stderr, "unknown role '%s'\n", optarg);
608 				return -1;
609 			}
610 			break;
611 		case 't' :
612 			type = gettype(optarg, NULL);
613 			if (type == IPLT_NONE) {
614 				fprintf(stderr, "unknown type '%s'\n", optarg);
615 				return -1;
616 			}
617 			break;
618 		case 'v' :
619 			opts |= OPT_VERBOSE;
620 			break;
621 		}
622 
623 	if (opts & OPT_DEBUG)
624 		fprintf(stderr, "poolflush: opts = %#x\n", opts);
625 
626 	if (!(opts & OPT_DONOTHING) && (fd == -1)) {
627 		fd = open(IPLOOKUP_NAME, O_RDWR);
628 		if (fd == -1) {
629 			perror("open(IPLOOKUP_NAME)");
630 			exit(1);
631 		}
632 	}
633 
634 	bzero((char *)&flush, sizeof(flush));
635 	flush.iplf_type = type;
636 	flush.iplf_unit = role;
637 	flush.iplf_arg = arg;
638 
639 	if (!(opts & OPT_DONOTHING)) {
640 		if (ioctl(fd, SIOCLOOKUPFLUSH, &flush) == -1) {
641 			perror("ioctl(SIOCLOOKUPFLUSH)");
642 			exit(1);
643 		}
644 
645 	}
646 	printf("%u object%s flushed\n", flush.iplf_count,
647 	       (flush.iplf_count == 1) ? "" : "s");
648 
649 	return 0;
650 }
651 
652 
653 int getrole(rolename)
654 char *rolename;
655 {
656 	int role;
657 
658 	if (!strcasecmp(rolename, "ipf")) {
659 		role = IPL_LOGIPF;
660 #if 0
661 	} else if (!strcasecmp(rolename, "nat")) {
662 		role = IPL_LOGNAT;
663 	} else if (!strcasecmp(rolename, "state")) {
664 		role = IPL_LOGSTATE;
665 	} else if (!strcasecmp(rolename, "auth")) {
666 		role = IPL_LOGAUTH;
667 	} else if (!strcasecmp(rolename, "sync")) {
668 		role = IPL_LOGSYNC;
669 	} else if (!strcasecmp(rolename, "scan")) {
670 		role = IPL_LOGSCAN;
671 	} else if (!strcasecmp(rolename, "pool")) {
672 		role = IPL_LOGLOOKUP;
673 	} else if (!strcasecmp(rolename, "count")) {
674 		role = IPL_LOGCOUNT;
675 #endif
676 	} else {
677 		role = IPL_LOGNONE;
678 	}
679 
680 	return role;
681 }
682 
683 
684 int gettype(typename, minor)
685 char *typename;
686 u_int *minor;
687 {
688 	int type;
689 
690 	if (!strcasecmp(optarg, "tree")) {
691 		type = IPLT_POOL;
692 	} else if (!strcasecmp(optarg, "hash")) {
693 		type = IPLT_HASH;
694 		if (minor != NULL)
695 			*minor = IPHASH_LOOKUP;
696 	} else if (!strcasecmp(optarg, "group-map")) {
697 		type = IPLT_HASH;
698 		if (minor != NULL)
699 			*minor = IPHASH_GROUPMAP;
700 	} else {
701 		type = IPLT_NONE;
702 	}
703 	return type;
704 }
705