17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * Copyright (C) 1993-2001 by Darren Reed. 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * See the IPFILTER.LICENCE file for details on licencing. 57663b816Sml37995 * 6*f4b3ec61Sdh155122 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 77663b816Sml37995 * Use is subject to license terms. 87c478bd9Sstevel@tonic-gate */ 97663b816Sml37995 107663b816Sml37995 #pragma ident "%Z%%M% %I% %E% SMI" 117663b816Sml37995 127c478bd9Sstevel@tonic-gate #include "ipf.h" 137c478bd9Sstevel@tonic-gate #include "ipt.h" 147c478bd9Sstevel@tonic-gate #include <sys/ioctl.h> 157c478bd9Sstevel@tonic-gate #include <sys/file.h> 167c478bd9Sstevel@tonic-gate 177c478bd9Sstevel@tonic-gate #if !defined(lint) 187c478bd9Sstevel@tonic-gate static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; 19ab25eeb5Syz155240 static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.4 2005/07/16 06:05:28 darrenr Exp $"; 207c478bd9Sstevel@tonic-gate #endif 217c478bd9Sstevel@tonic-gate 227c478bd9Sstevel@tonic-gate extern char *optarg; 237c478bd9Sstevel@tonic-gate extern struct frentry *ipfilter[2][2]; 247c478bd9Sstevel@tonic-gate extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex; 25*f4b3ec61Sdh155122 extern struct ifnet *get_unit __P((char *, int, ipf_stack_t *)); 267c478bd9Sstevel@tonic-gate extern void init_ifp __P((void)); 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate int opts = OPT_DONOTHING; 297c478bd9Sstevel@tonic-gate int use_inet6 = 0; 307c478bd9Sstevel@tonic-gate int pfil_delayed_copy = 0; 317c478bd9Sstevel@tonic-gate int main __P((int, char *[])); 327c478bd9Sstevel@tonic-gate int loadrules __P((char *, int)); 337c478bd9Sstevel@tonic-gate int kmemcpy __P((char *, long, int)); 347c478bd9Sstevel@tonic-gate int kstrncpy __P((char *, long, int n)); 35*f4b3ec61Sdh155122 void dumpnat __P((ipf_stack_t *ifs)); 36*f4b3ec61Sdh155122 void dumpstate __P((ipf_stack_t *ifs)); 37*f4b3ec61Sdh155122 void dumplookups __P((ipf_stack_t *ifs)); 38*f4b3ec61Sdh155122 void dumpgroups __P((ipf_stack_t *ifs)); 39*f4b3ec61Sdh155122 void drain_log __P((char *, ipf_stack_t *ifs)); 407c478bd9Sstevel@tonic-gate void fixv4sums __P((mb_t *, ip_t *)); 41*f4b3ec61Sdh155122 ipf_stack_t *get_ifs __P((void)); 42*f4b3ec61Sdh155122 ipf_stack_t *create_ifs __P((void)); 43*f4b3ec61Sdh155122 netstack_t *create_ns __P((void)); 44*f4b3ec61Sdh155122 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate #if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \ 477c478bd9Sstevel@tonic-gate (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \ 48ab25eeb5Syz155240 defined(__osf__) || defined(linux) 497c478bd9Sstevel@tonic-gate int ipftestioctl __P((int, ioctlcmd_t, ...)); 507c478bd9Sstevel@tonic-gate int ipnattestioctl __P((int, ioctlcmd_t, ...)); 517c478bd9Sstevel@tonic-gate int ipstatetestioctl __P((int, ioctlcmd_t, ...)); 527c478bd9Sstevel@tonic-gate int ipauthtestioctl __P((int, ioctlcmd_t, ...)); 537c478bd9Sstevel@tonic-gate int ipscantestioctl __P((int, ioctlcmd_t, ...)); 547c478bd9Sstevel@tonic-gate int ipsynctestioctl __P((int, ioctlcmd_t, ...)); 557c478bd9Sstevel@tonic-gate int ipooltestioctl __P((int, ioctlcmd_t, ...)); 567c478bd9Sstevel@tonic-gate #else 577c478bd9Sstevel@tonic-gate int ipftestioctl __P((dev_t, ioctlcmd_t, void *)); 587c478bd9Sstevel@tonic-gate int ipnattestioctl __P((dev_t, ioctlcmd_t, void *)); 597c478bd9Sstevel@tonic-gate int ipstatetestioctl __P((dev_t, ioctlcmd_t, void *)); 607c478bd9Sstevel@tonic-gate int ipauthtestioctl __P((dev_t, ioctlcmd_t, void *)); 617c478bd9Sstevel@tonic-gate int ipsynctestioctl __P((dev_t, ioctlcmd_t, void *)); 627c478bd9Sstevel@tonic-gate int ipscantestioctl __P((dev_t, ioctlcmd_t, void *)); 637c478bd9Sstevel@tonic-gate int ipooltestioctl __P((dev_t, ioctlcmd_t, void *)); 647c478bd9Sstevel@tonic-gate #endif 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate static ioctlfunc_t iocfunctions[IPL_LOGSIZE] = { ipftestioctl, 677c478bd9Sstevel@tonic-gate ipnattestioctl, 687c478bd9Sstevel@tonic-gate ipstatetestioctl, 697c478bd9Sstevel@tonic-gate ipauthtestioctl, 707c478bd9Sstevel@tonic-gate ipsynctestioctl, 717c478bd9Sstevel@tonic-gate ipscantestioctl, 727c478bd9Sstevel@tonic-gate ipooltestioctl, 737c478bd9Sstevel@tonic-gate NULL }; 747c478bd9Sstevel@tonic-gate 757c478bd9Sstevel@tonic-gate 767c478bd9Sstevel@tonic-gate int main(argc,argv) 777c478bd9Sstevel@tonic-gate int argc; 787c478bd9Sstevel@tonic-gate char *argv[]; 797c478bd9Sstevel@tonic-gate { 807c478bd9Sstevel@tonic-gate char *datain, *iface, *ifname, *logout; 817c478bd9Sstevel@tonic-gate int fd, i, dir, c, loaded, dump, hlen; 827c478bd9Sstevel@tonic-gate struct ifnet *ifp; 837c478bd9Sstevel@tonic-gate struct ipread *r; 847c478bd9Sstevel@tonic-gate mb_t mb, *m; 857c478bd9Sstevel@tonic-gate ip_t *ip; 86*f4b3ec61Sdh155122 ipf_stack_t *ifs; 87*f4b3ec61Sdh155122 netstack_t *ns; 887c478bd9Sstevel@tonic-gate 897c478bd9Sstevel@tonic-gate m = &mb; 907c478bd9Sstevel@tonic-gate dir = 0; 917c478bd9Sstevel@tonic-gate dump = 0; 927c478bd9Sstevel@tonic-gate hlen = 0; 937c478bd9Sstevel@tonic-gate loaded = 0; 947c478bd9Sstevel@tonic-gate r = &iptext; 957c478bd9Sstevel@tonic-gate iface = NULL; 967c478bd9Sstevel@tonic-gate logout = NULL; 977c478bd9Sstevel@tonic-gate ifname = "anon0"; 987c478bd9Sstevel@tonic-gate datain = NULL; 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate initparse(); 101*f4b3ec61Sdh155122 ifs = create_ifs(); 102*f4b3ec61Sdh155122 ns = create_ns(); 103*f4b3ec61Sdh155122 ifs->ifs_netstack = ns; 104*f4b3ec61Sdh155122 105*f4b3ec61Sdh155122 #if defined(IPFILTER_DEFAULT_BLOCK) 106*f4b3ec61Sdh155122 ifs->ifs_fr_pass = FR_BLOCK|FR_NOMATCH; 107*f4b3ec61Sdh155122 #else 108*f4b3ec61Sdh155122 ifs->ifs_fr_pass = (IPF_DEFAULT_PASS)|FR_NOMATCH; 109*f4b3ec61Sdh155122 #endif 110*f4b3ec61Sdh155122 ipftuneable_alloc(ifs); 111*f4b3ec61Sdh155122 112*f4b3ec61Sdh155122 bzero((char *)ifs->ifs_frcache, sizeof(ifs->ifs_frcache)); 113*f4b3ec61Sdh155122 MUTEX_INIT(&ifs->ifs_ipf_rw, "ipf rw mutex"); 114*f4b3ec61Sdh155122 MUTEX_INIT(&ifs->ifs_ipf_timeoutlock, "ipf timeout lock"); 115*f4b3ec61Sdh155122 RWLOCK_INIT(&ifs->ifs_ipf_global, "ipf filter load/unload mutex"); 116*f4b3ec61Sdh155122 RWLOCK_INIT(&ifs->ifs_ipf_mutex, "ipf filter rwlock"); 117*f4b3ec61Sdh155122 RWLOCK_INIT(&ifs->ifs_ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); 118*f4b3ec61Sdh155122 RWLOCK_INIT(&ifs->ifs_ipf_frcache, "ipf cache rwlock"); 119*f4b3ec61Sdh155122 120*f4b3ec61Sdh155122 fr_loginit(ifs); 121*f4b3ec61Sdh155122 fr_authinit(ifs); 122*f4b3ec61Sdh155122 fr_fraginit(ifs); 123*f4b3ec61Sdh155122 fr_stateinit(ifs); 124*f4b3ec61Sdh155122 fr_natinit(ifs); 125*f4b3ec61Sdh155122 appr_init(ifs); 126*f4b3ec61Sdh155122 ip_lookup_init(ifs); 127*f4b3ec61Sdh155122 ifs->ifs_fr_running = 1; 1287c478bd9Sstevel@tonic-gate 129ab25eeb5Syz155240 while ((c = getopt(argc, argv, "6bdDF:i:I:l:N:P:or:RT:vxX")) != -1) 1307c478bd9Sstevel@tonic-gate switch (c) 1317c478bd9Sstevel@tonic-gate { 1327c478bd9Sstevel@tonic-gate case '6' : 1337c478bd9Sstevel@tonic-gate #ifdef USE_INET6 1347c478bd9Sstevel@tonic-gate use_inet6 = 1; 1357c478bd9Sstevel@tonic-gate #else 1367c478bd9Sstevel@tonic-gate fprintf(stderr, "IPv6 not supported\n"); 1377c478bd9Sstevel@tonic-gate exit(1); 1387c478bd9Sstevel@tonic-gate #endif 1397c478bd9Sstevel@tonic-gate break; 1407c478bd9Sstevel@tonic-gate case 'b' : 1417c478bd9Sstevel@tonic-gate opts |= OPT_BRIEF; 1427c478bd9Sstevel@tonic-gate break; 1437c478bd9Sstevel@tonic-gate case 'd' : 1447c478bd9Sstevel@tonic-gate opts |= OPT_DEBUG; 1457c478bd9Sstevel@tonic-gate break; 1467c478bd9Sstevel@tonic-gate case 'D' : 1477c478bd9Sstevel@tonic-gate dump = 1; 1487c478bd9Sstevel@tonic-gate break; 1497c478bd9Sstevel@tonic-gate case 'F' : 1507c478bd9Sstevel@tonic-gate if (strcasecmp(optarg, "pcap") == 0) 1517c478bd9Sstevel@tonic-gate r = &pcap; 1527c478bd9Sstevel@tonic-gate else if (strcasecmp(optarg, "etherfind") == 0) 1537c478bd9Sstevel@tonic-gate r = ðerf; 1547c478bd9Sstevel@tonic-gate else if (strcasecmp(optarg, "snoop") == 0) 1557c478bd9Sstevel@tonic-gate r = &snoop; 1567c478bd9Sstevel@tonic-gate else if (strcasecmp(optarg, "tcpdump") == 0) 1577c478bd9Sstevel@tonic-gate r = &tcpd; 1587c478bd9Sstevel@tonic-gate else if (strcasecmp(optarg, "hex") == 0) 1597c478bd9Sstevel@tonic-gate r = &iphex; 1607c478bd9Sstevel@tonic-gate else if (strcasecmp(optarg, "text") == 0) 1617c478bd9Sstevel@tonic-gate r = &iptext; 1627c478bd9Sstevel@tonic-gate break; 1637c478bd9Sstevel@tonic-gate case 'i' : 1647c478bd9Sstevel@tonic-gate datain = optarg; 1657c478bd9Sstevel@tonic-gate break; 1667c478bd9Sstevel@tonic-gate case 'I' : 1677c478bd9Sstevel@tonic-gate ifname = optarg; 1687c478bd9Sstevel@tonic-gate break; 1697c478bd9Sstevel@tonic-gate case 'l' : 1707c478bd9Sstevel@tonic-gate logout = optarg; 1717c478bd9Sstevel@tonic-gate break; 1727c478bd9Sstevel@tonic-gate case 'o' : 1737c478bd9Sstevel@tonic-gate opts |= OPT_SAVEOUT; 1747c478bd9Sstevel@tonic-gate break; 1757c478bd9Sstevel@tonic-gate case 'r' : 1767c478bd9Sstevel@tonic-gate if (ipf_parsefile(-1, ipf_addrule, iocfunctions, 1777c478bd9Sstevel@tonic-gate optarg) == -1) 1787c478bd9Sstevel@tonic-gate return -1; 1797c478bd9Sstevel@tonic-gate loaded = 1; 1807c478bd9Sstevel@tonic-gate break; 181ab25eeb5Syz155240 case 'R' : 182ab25eeb5Syz155240 opts |= OPT_NORESOLVE; 183ab25eeb5Syz155240 break; 1847c478bd9Sstevel@tonic-gate case 'v' : 1857c478bd9Sstevel@tonic-gate opts |= OPT_VERBOSE; 1867c478bd9Sstevel@tonic-gate break; 1877c478bd9Sstevel@tonic-gate case 'N' : 1887c478bd9Sstevel@tonic-gate if (ipnat_parsefile(-1, ipnat_addrule, ipnattestioctl, 1897c478bd9Sstevel@tonic-gate optarg) == -1) 1907c478bd9Sstevel@tonic-gate return -1; 1917c478bd9Sstevel@tonic-gate loaded = 1; 1927c478bd9Sstevel@tonic-gate opts |= OPT_NAT; 1937c478bd9Sstevel@tonic-gate break; 1947c478bd9Sstevel@tonic-gate case 'P' : 1957c478bd9Sstevel@tonic-gate if (ippool_parsefile(-1, optarg, ipooltestioctl) == -1) 1967c478bd9Sstevel@tonic-gate return -1; 1977c478bd9Sstevel@tonic-gate loaded = 1; 1987c478bd9Sstevel@tonic-gate break; 199ab25eeb5Syz155240 case 'T' : 200ab25eeb5Syz155240 ipf_dotuning(-1, optarg, ipftestioctl); 201ab25eeb5Syz155240 break; 2027c478bd9Sstevel@tonic-gate case 'x' : 2037c478bd9Sstevel@tonic-gate opts |= OPT_HEX; 2047c478bd9Sstevel@tonic-gate break; 2057c478bd9Sstevel@tonic-gate } 2067c478bd9Sstevel@tonic-gate 2077c478bd9Sstevel@tonic-gate if (loaded == 0) { 2087c478bd9Sstevel@tonic-gate (void)fprintf(stderr,"no rules loaded\n"); 2097c478bd9Sstevel@tonic-gate exit(-1); 2107c478bd9Sstevel@tonic-gate } 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate if (opts & OPT_SAVEOUT) 2137c478bd9Sstevel@tonic-gate init_ifp(); 2147c478bd9Sstevel@tonic-gate 2157c478bd9Sstevel@tonic-gate if (datain) 2167c478bd9Sstevel@tonic-gate fd = (*r->r_open)(datain); 2177c478bd9Sstevel@tonic-gate else 2187c478bd9Sstevel@tonic-gate fd = (*r->r_open)("-"); 2197c478bd9Sstevel@tonic-gate 2207c478bd9Sstevel@tonic-gate if (fd < 0) 2217c478bd9Sstevel@tonic-gate exit(-1); 2227c478bd9Sstevel@tonic-gate 2237c478bd9Sstevel@tonic-gate ip = MTOD(m, ip_t *); 2247c478bd9Sstevel@tonic-gate while ((i = (*r->r_readip)(MTOD(m, char *), sizeof(m->mb_buf), 2257c478bd9Sstevel@tonic-gate &iface, &dir)) > 0) { 2267c478bd9Sstevel@tonic-gate if (iface == NULL || *iface == '\0') 2277c478bd9Sstevel@tonic-gate iface = ifname; 228*f4b3ec61Sdh155122 ifp = get_unit(iface, IP_V(ip), ifs); 2295e985db5Sschuster if (ifp == NULL) { 2305e985db5Sschuster fprintf(stderr, "out of memory\n"); 2315e985db5Sschuster exit(1); 2325e985db5Sschuster } 2337c478bd9Sstevel@tonic-gate if (!use_inet6) { 2347c478bd9Sstevel@tonic-gate ip->ip_off = ntohs(ip->ip_off); 2357c478bd9Sstevel@tonic-gate ip->ip_len = ntohs(ip->ip_len); 2367c478bd9Sstevel@tonic-gate if (r->r_flags & R_DO_CKSUM) 2377c478bd9Sstevel@tonic-gate fixv4sums(m, ip); 2387c478bd9Sstevel@tonic-gate hlen = IP_HL(ip) << 2; 2397c478bd9Sstevel@tonic-gate } 2407c478bd9Sstevel@tonic-gate #ifdef USE_INET6 2417c478bd9Sstevel@tonic-gate else 2427c478bd9Sstevel@tonic-gate hlen = sizeof(ip6_t); 2437c478bd9Sstevel@tonic-gate #endif 2447c478bd9Sstevel@tonic-gate /* ipfr_slowtimer(); */ 2457c478bd9Sstevel@tonic-gate m = &mb; 2467c478bd9Sstevel@tonic-gate m->mb_len = i; 247*f4b3ec61Sdh155122 i = fr_check(ip, hlen, ifp, dir, &m, ifs); 2487c478bd9Sstevel@tonic-gate if ((opts & OPT_NAT) == 0) 2497c478bd9Sstevel@tonic-gate switch (i) 2507c478bd9Sstevel@tonic-gate { 2517c478bd9Sstevel@tonic-gate case -4 : 2527c478bd9Sstevel@tonic-gate (void)printf("preauth"); 2537c478bd9Sstevel@tonic-gate break; 2547c478bd9Sstevel@tonic-gate case -3 : 2557c478bd9Sstevel@tonic-gate (void)printf("account"); 2567c478bd9Sstevel@tonic-gate break; 2577c478bd9Sstevel@tonic-gate case -2 : 2587c478bd9Sstevel@tonic-gate (void)printf("auth"); 2597c478bd9Sstevel@tonic-gate break; 2607c478bd9Sstevel@tonic-gate case -1 : 2617c478bd9Sstevel@tonic-gate (void)printf("block"); 2627c478bd9Sstevel@tonic-gate break; 2637c478bd9Sstevel@tonic-gate case 0 : 2647c478bd9Sstevel@tonic-gate (void)printf("pass"); 2657c478bd9Sstevel@tonic-gate break; 2667c478bd9Sstevel@tonic-gate case 1 : 2677c478bd9Sstevel@tonic-gate (void)printf("nomatch"); 2687c478bd9Sstevel@tonic-gate break; 2697c478bd9Sstevel@tonic-gate case 3 : 2707c478bd9Sstevel@tonic-gate (void)printf("block return-rst"); 2717c478bd9Sstevel@tonic-gate break; 2727c478bd9Sstevel@tonic-gate case 4 : 2737c478bd9Sstevel@tonic-gate (void)printf("block return-icmp"); 2747c478bd9Sstevel@tonic-gate break; 2757c478bd9Sstevel@tonic-gate case 5 : 2767c478bd9Sstevel@tonic-gate (void)printf("block return-icmp-as-dest"); 2777c478bd9Sstevel@tonic-gate break; 2787c478bd9Sstevel@tonic-gate default : 2797c478bd9Sstevel@tonic-gate (void)printf("recognised return %#x\n", i); 2807c478bd9Sstevel@tonic-gate break; 2817c478bd9Sstevel@tonic-gate } 2827c478bd9Sstevel@tonic-gate if (!use_inet6) { 2837c478bd9Sstevel@tonic-gate ip->ip_off = htons(ip->ip_off); 2847c478bd9Sstevel@tonic-gate ip->ip_len = htons(ip->ip_len); 2857c478bd9Sstevel@tonic-gate } 2867c478bd9Sstevel@tonic-gate 2877c478bd9Sstevel@tonic-gate if (!(opts & OPT_BRIEF)) { 2887c478bd9Sstevel@tonic-gate putchar(' '); 2897c478bd9Sstevel@tonic-gate printpacket(ip); 2907c478bd9Sstevel@tonic-gate printf("--------------"); 2917c478bd9Sstevel@tonic-gate } else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF)) 2927c478bd9Sstevel@tonic-gate printpacket(ip); 2937c478bd9Sstevel@tonic-gate if (dir && (ifp != NULL) && IP_V(ip) && (m != NULL)) 294ab25eeb5Syz155240 #if defined(__sgi) && (IRIX < 60500) 2957c478bd9Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL); 2967c478bd9Sstevel@tonic-gate #else 2977c478bd9Sstevel@tonic-gate # if TRU64 >= 1885 2987c478bd9Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL, 0, 0); 2997c478bd9Sstevel@tonic-gate # else 3007c478bd9Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL, 0); 3017c478bd9Sstevel@tonic-gate # endif 3027c478bd9Sstevel@tonic-gate #endif 3037c478bd9Sstevel@tonic-gate if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF)) 3047c478bd9Sstevel@tonic-gate putchar('\n'); 3057c478bd9Sstevel@tonic-gate dir = 0; 3067c478bd9Sstevel@tonic-gate if (iface != ifname) { 3077c478bd9Sstevel@tonic-gate free(iface); 3087c478bd9Sstevel@tonic-gate iface = ifname; 3097c478bd9Sstevel@tonic-gate } 3107c478bd9Sstevel@tonic-gate m = &mb; 3117c478bd9Sstevel@tonic-gate } 3127c478bd9Sstevel@tonic-gate (*r->r_close)(); 3137c478bd9Sstevel@tonic-gate 3147c478bd9Sstevel@tonic-gate if (logout != NULL) { 315*f4b3ec61Sdh155122 drain_log(logout, ifs); 3167c478bd9Sstevel@tonic-gate } 3177c478bd9Sstevel@tonic-gate 3187c478bd9Sstevel@tonic-gate if (dump == 1) { 319*f4b3ec61Sdh155122 dumpnat(ifs); 320*f4b3ec61Sdh155122 dumpstate(ifs); 321*f4b3ec61Sdh155122 dumplookups(ifs); 322*f4b3ec61Sdh155122 dumpgroups(ifs); 3237c478bd9Sstevel@tonic-gate } 3247c478bd9Sstevel@tonic-gate 325*f4b3ec61Sdh155122 fr_deinitialise(ifs); 3267c478bd9Sstevel@tonic-gate 3277c478bd9Sstevel@tonic-gate return 0; 3287c478bd9Sstevel@tonic-gate } 3297c478bd9Sstevel@tonic-gate 3307c478bd9Sstevel@tonic-gate 3317c478bd9Sstevel@tonic-gate #if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \ 3327c478bd9Sstevel@tonic-gate (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \ 333ab25eeb5Syz155240 defined(__osf__) || defined(linux) 3347c478bd9Sstevel@tonic-gate int ipftestioctl(int dev, ioctlcmd_t cmd, ...) 3357c478bd9Sstevel@tonic-gate { 3367c478bd9Sstevel@tonic-gate caddr_t data; 3377c478bd9Sstevel@tonic-gate va_list ap; 3387c478bd9Sstevel@tonic-gate int i; 3397c478bd9Sstevel@tonic-gate 3407c478bd9Sstevel@tonic-gate va_start(ap, cmd); 3417c478bd9Sstevel@tonic-gate data = va_arg(ap, caddr_t); 3427c478bd9Sstevel@tonic-gate va_end(ap); 3437c478bd9Sstevel@tonic-gate 3447c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGIPF, cmd, data, FWRITE|FREAD); 3457c478bd9Sstevel@tonic-gate if (opts & OPT_DEBUG) 3467c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(IPF,%#x,%p) = %d\n", 3477c478bd9Sstevel@tonic-gate (u_int)cmd, data, i); 348ab25eeb5Syz155240 if (i != 0) { 349ab25eeb5Syz155240 errno = i; 350ab25eeb5Syz155240 return -1; 351ab25eeb5Syz155240 } 352ab25eeb5Syz155240 return 0; 3537c478bd9Sstevel@tonic-gate } 3547c478bd9Sstevel@tonic-gate 3557c478bd9Sstevel@tonic-gate 3567c478bd9Sstevel@tonic-gate int ipnattestioctl(int dev, ioctlcmd_t cmd, ...) 3577c478bd9Sstevel@tonic-gate { 3587c478bd9Sstevel@tonic-gate caddr_t data; 3597c478bd9Sstevel@tonic-gate va_list ap; 3607c478bd9Sstevel@tonic-gate int i; 3617c478bd9Sstevel@tonic-gate 3627c478bd9Sstevel@tonic-gate va_start(ap, cmd); 3637c478bd9Sstevel@tonic-gate data = va_arg(ap, caddr_t); 3647c478bd9Sstevel@tonic-gate va_end(ap); 3657c478bd9Sstevel@tonic-gate 3667c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGNAT, cmd, data, FWRITE|FREAD); 3677c478bd9Sstevel@tonic-gate if (opts & OPT_DEBUG) 3687c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(NAT,%#x,%p) = %d\n", 3697c478bd9Sstevel@tonic-gate (u_int)cmd, data, i); 370ab25eeb5Syz155240 if (i != 0) { 371ab25eeb5Syz155240 errno = i; 372ab25eeb5Syz155240 return -1; 373ab25eeb5Syz155240 } 374ab25eeb5Syz155240 return 0; 3757c478bd9Sstevel@tonic-gate } 3767c478bd9Sstevel@tonic-gate 3777c478bd9Sstevel@tonic-gate 3787c478bd9Sstevel@tonic-gate int ipstatetestioctl(int dev, ioctlcmd_t cmd, ...) 3797c478bd9Sstevel@tonic-gate { 3807c478bd9Sstevel@tonic-gate caddr_t data; 3817c478bd9Sstevel@tonic-gate va_list ap; 3827c478bd9Sstevel@tonic-gate int i; 3837c478bd9Sstevel@tonic-gate 3847c478bd9Sstevel@tonic-gate va_start(ap, cmd); 3857c478bd9Sstevel@tonic-gate data = va_arg(ap, caddr_t); 3867c478bd9Sstevel@tonic-gate va_end(ap); 3877c478bd9Sstevel@tonic-gate 3887c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGSTATE, cmd, data, FWRITE|FREAD); 3897c478bd9Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 3907c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(STATE,%#x,%p) = %d\n", 3917c478bd9Sstevel@tonic-gate (u_int)cmd, data, i); 392ab25eeb5Syz155240 if (i != 0) { 393ab25eeb5Syz155240 errno = i; 394ab25eeb5Syz155240 return -1; 395ab25eeb5Syz155240 } 396ab25eeb5Syz155240 return 0; 3977c478bd9Sstevel@tonic-gate } 3987c478bd9Sstevel@tonic-gate 3997c478bd9Sstevel@tonic-gate 4007c478bd9Sstevel@tonic-gate int ipauthtestioctl(int dev, ioctlcmd_t cmd, ...) 4017c478bd9Sstevel@tonic-gate { 4027c478bd9Sstevel@tonic-gate caddr_t data; 4037c478bd9Sstevel@tonic-gate va_list ap; 4047c478bd9Sstevel@tonic-gate int i; 4057c478bd9Sstevel@tonic-gate 4067c478bd9Sstevel@tonic-gate va_start(ap, cmd); 4077c478bd9Sstevel@tonic-gate data = va_arg(ap, caddr_t); 4087c478bd9Sstevel@tonic-gate va_end(ap); 4097c478bd9Sstevel@tonic-gate 4107c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGAUTH, cmd, data, FWRITE|FREAD); 4117c478bd9Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4127c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(AUTH,%#x,%p) = %d\n", 4137c478bd9Sstevel@tonic-gate (u_int)cmd, data, i); 414ab25eeb5Syz155240 if (i != 0) { 415ab25eeb5Syz155240 errno = i; 416ab25eeb5Syz155240 return -1; 417ab25eeb5Syz155240 } 418ab25eeb5Syz155240 return 0; 4197c478bd9Sstevel@tonic-gate } 4207c478bd9Sstevel@tonic-gate 4217c478bd9Sstevel@tonic-gate 4227c478bd9Sstevel@tonic-gate int ipscantestioctl(int dev, ioctlcmd_t cmd, ...) 4237c478bd9Sstevel@tonic-gate { 4247c478bd9Sstevel@tonic-gate caddr_t data; 4257c478bd9Sstevel@tonic-gate va_list ap; 4267c478bd9Sstevel@tonic-gate int i; 4277c478bd9Sstevel@tonic-gate 4287c478bd9Sstevel@tonic-gate va_start(ap, cmd); 4297c478bd9Sstevel@tonic-gate data = va_arg(ap, caddr_t); 4307c478bd9Sstevel@tonic-gate va_end(ap); 4317c478bd9Sstevel@tonic-gate 4327c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGSCAN, cmd, data, FWRITE|FREAD); 4337c478bd9Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4347c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(SCAN,%#x,%p) = %d\n", 4357c478bd9Sstevel@tonic-gate (u_int)cmd, data, i); 436ab25eeb5Syz155240 if (i != 0) { 437ab25eeb5Syz155240 errno = i; 438ab25eeb5Syz155240 return -1; 439ab25eeb5Syz155240 } 440ab25eeb5Syz155240 return 0; 4417c478bd9Sstevel@tonic-gate } 4427c478bd9Sstevel@tonic-gate 4437c478bd9Sstevel@tonic-gate 4447c478bd9Sstevel@tonic-gate int ipsynctestioctl(int dev, ioctlcmd_t cmd, ...) 4457c478bd9Sstevel@tonic-gate { 4467c478bd9Sstevel@tonic-gate caddr_t data; 4477c478bd9Sstevel@tonic-gate va_list ap; 4487c478bd9Sstevel@tonic-gate int i; 4497c478bd9Sstevel@tonic-gate 4507c478bd9Sstevel@tonic-gate va_start(ap, cmd); 4517c478bd9Sstevel@tonic-gate data = va_arg(ap, caddr_t); 4527c478bd9Sstevel@tonic-gate va_end(ap); 4537c478bd9Sstevel@tonic-gate 4547c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGSYNC, cmd, data, FWRITE|FREAD); 4557c478bd9Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4567c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(SYNC,%#x,%p) = %d\n", 4577c478bd9Sstevel@tonic-gate (u_int)cmd, data, i); 458ab25eeb5Syz155240 if (i != 0) { 459ab25eeb5Syz155240 errno = i; 460ab25eeb5Syz155240 return -1; 461ab25eeb5Syz155240 } 462ab25eeb5Syz155240 return 0; 4637c478bd9Sstevel@tonic-gate } 4647c478bd9Sstevel@tonic-gate 4657c478bd9Sstevel@tonic-gate 4667c478bd9Sstevel@tonic-gate int ipooltestioctl(int dev, ioctlcmd_t cmd, ...) 4677c478bd9Sstevel@tonic-gate { 4687c478bd9Sstevel@tonic-gate caddr_t data; 4697c478bd9Sstevel@tonic-gate va_list ap; 4707c478bd9Sstevel@tonic-gate int i; 4717c478bd9Sstevel@tonic-gate 4727c478bd9Sstevel@tonic-gate va_start(ap, cmd); 4737c478bd9Sstevel@tonic-gate data = va_arg(ap, caddr_t); 4747c478bd9Sstevel@tonic-gate va_end(ap); 4757c478bd9Sstevel@tonic-gate 4767c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD); 4777c478bd9Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4787c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(POOL,%#x,%p) = %d\n", 4797c478bd9Sstevel@tonic-gate (u_int)cmd, data, i); 480ab25eeb5Syz155240 if (i != 0) { 481ab25eeb5Syz155240 errno = i; 482ab25eeb5Syz155240 return -1; 483ab25eeb5Syz155240 } 484ab25eeb5Syz155240 return 0; 4857c478bd9Sstevel@tonic-gate } 4867c478bd9Sstevel@tonic-gate #else 4877c478bd9Sstevel@tonic-gate int ipftestioctl(dev, cmd, data) 4887c478bd9Sstevel@tonic-gate dev_t dev; 4897c478bd9Sstevel@tonic-gate ioctlcmd_t cmd; 4907c478bd9Sstevel@tonic-gate void *data; 4917c478bd9Sstevel@tonic-gate { 4927c478bd9Sstevel@tonic-gate int i; 4937c478bd9Sstevel@tonic-gate 4947c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGIPF, cmd, data, FWRITE|FREAD); 4957c478bd9Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4967c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(IPF,%#x,%p) = %d\n", cmd, data, i); 497ab25eeb5Syz155240 if (i != 0) { 498ab25eeb5Syz155240 errno = i; 499ab25eeb5Syz155240 return -1; 500ab25eeb5Syz155240 } 501ab25eeb5Syz155240 return 0; 5027c478bd9Sstevel@tonic-gate } 5037c478bd9Sstevel@tonic-gate 5047c478bd9Sstevel@tonic-gate 5057c478bd9Sstevel@tonic-gate int ipnattestioctl(dev, cmd, data) 5067c478bd9Sstevel@tonic-gate dev_t dev; 5077c478bd9Sstevel@tonic-gate ioctlcmd_t cmd; 5087c478bd9Sstevel@tonic-gate void *data; 5097c478bd9Sstevel@tonic-gate { 5107c478bd9Sstevel@tonic-gate int i; 5117c478bd9Sstevel@tonic-gate 5127c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGNAT, cmd, data, FWRITE|FREAD); 5137c478bd9Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5147c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(NAT,%#x,%p) = %d\n", cmd, data, i); 515ab25eeb5Syz155240 if (i != 0) { 516ab25eeb5Syz155240 errno = i; 517ab25eeb5Syz155240 return -1; 518ab25eeb5Syz155240 } 519ab25eeb5Syz155240 return 0; 5207c478bd9Sstevel@tonic-gate } 5217c478bd9Sstevel@tonic-gate 5227c478bd9Sstevel@tonic-gate 5237c478bd9Sstevel@tonic-gate int ipstatetestioctl(dev, cmd, data) 5247c478bd9Sstevel@tonic-gate dev_t dev; 5257c478bd9Sstevel@tonic-gate ioctlcmd_t cmd; 5267c478bd9Sstevel@tonic-gate void *data; 5277c478bd9Sstevel@tonic-gate { 5287c478bd9Sstevel@tonic-gate int i; 5297c478bd9Sstevel@tonic-gate 5307c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGSTATE, cmd, data, FWRITE|FREAD); 5317c478bd9Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5327c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(STATE,%#x,%p) = %d\n", cmd, data, i); 533ab25eeb5Syz155240 if (i != 0) { 534ab25eeb5Syz155240 errno = i; 535ab25eeb5Syz155240 return -1; 536ab25eeb5Syz155240 } 537ab25eeb5Syz155240 return 0; 5387c478bd9Sstevel@tonic-gate } 5397c478bd9Sstevel@tonic-gate 5407c478bd9Sstevel@tonic-gate 5417c478bd9Sstevel@tonic-gate int ipauthtestioctl(dev, cmd, data) 5427c478bd9Sstevel@tonic-gate dev_t dev; 5437c478bd9Sstevel@tonic-gate ioctlcmd_t cmd; 5447c478bd9Sstevel@tonic-gate void *data; 5457c478bd9Sstevel@tonic-gate { 5467c478bd9Sstevel@tonic-gate int i; 5477c478bd9Sstevel@tonic-gate 5487c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGAUTH, cmd, data, FWRITE|FREAD); 5497c478bd9Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5507c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(AUTH,%#x,%p) = %d\n", cmd, data, i); 551ab25eeb5Syz155240 if (i != 0) { 552ab25eeb5Syz155240 errno = i; 553ab25eeb5Syz155240 return -1; 554ab25eeb5Syz155240 } 555ab25eeb5Syz155240 return 0; 5567c478bd9Sstevel@tonic-gate } 5577c478bd9Sstevel@tonic-gate 5587c478bd9Sstevel@tonic-gate 5597c478bd9Sstevel@tonic-gate int ipsynctestioctl(dev, cmd, data) 5607c478bd9Sstevel@tonic-gate dev_t dev; 5617c478bd9Sstevel@tonic-gate ioctlcmd_t cmd; 5627c478bd9Sstevel@tonic-gate void *data; 5637c478bd9Sstevel@tonic-gate { 5647c478bd9Sstevel@tonic-gate int i; 5657c478bd9Sstevel@tonic-gate 5667c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGSYNC, cmd, data, FWRITE|FREAD); 5677c478bd9Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5687c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(SYNC,%#x,%p) = %d\n", cmd, data, i); 569ab25eeb5Syz155240 if (i != 0) { 570ab25eeb5Syz155240 errno = i; 571ab25eeb5Syz155240 return -1; 572ab25eeb5Syz155240 } 573ab25eeb5Syz155240 return 0; 5747c478bd9Sstevel@tonic-gate } 5757c478bd9Sstevel@tonic-gate 5767c478bd9Sstevel@tonic-gate 5777c478bd9Sstevel@tonic-gate int ipscantestioctl(dev, cmd, data) 5787c478bd9Sstevel@tonic-gate dev_t dev; 5797c478bd9Sstevel@tonic-gate ioctlcmd_t cmd; 5807c478bd9Sstevel@tonic-gate void *data; 5817c478bd9Sstevel@tonic-gate { 5827c478bd9Sstevel@tonic-gate int i; 5837c478bd9Sstevel@tonic-gate 5847c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGSCAN, cmd, data, FWRITE|FREAD); 5857c478bd9Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5867c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(SCAN,%#x,%p) = %d\n", cmd, data, i); 587ab25eeb5Syz155240 if (i != 0) { 588ab25eeb5Syz155240 errno = i; 589ab25eeb5Syz155240 return -1; 590ab25eeb5Syz155240 } 591ab25eeb5Syz155240 return 0; 5927c478bd9Sstevel@tonic-gate } 5937c478bd9Sstevel@tonic-gate 5947c478bd9Sstevel@tonic-gate 5957c478bd9Sstevel@tonic-gate int ipooltestioctl(dev, cmd, data) 5967c478bd9Sstevel@tonic-gate dev_t dev; 5977c478bd9Sstevel@tonic-gate ioctlcmd_t cmd; 5987c478bd9Sstevel@tonic-gate void *data; 5997c478bd9Sstevel@tonic-gate { 6007c478bd9Sstevel@tonic-gate int i; 6017c478bd9Sstevel@tonic-gate 6027c478bd9Sstevel@tonic-gate i = iplioctl(IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD); 6037c478bd9Sstevel@tonic-gate if (opts & OPT_DEBUG) 6047c478bd9Sstevel@tonic-gate fprintf(stderr, "iplioctl(POOL,%#x,%p) = %d\n", cmd, data, i); 605ab25eeb5Syz155240 if (i != 0) { 606ab25eeb5Syz155240 errno = i; 607ab25eeb5Syz155240 return -1; 608ab25eeb5Syz155240 } 609ab25eeb5Syz155240 return 0; 6107c478bd9Sstevel@tonic-gate } 6117c478bd9Sstevel@tonic-gate #endif 6127c478bd9Sstevel@tonic-gate 6137c478bd9Sstevel@tonic-gate 6147c478bd9Sstevel@tonic-gate int kmemcpy(addr, offset, size) 6157c478bd9Sstevel@tonic-gate char *addr; 6167c478bd9Sstevel@tonic-gate long offset; 6177c478bd9Sstevel@tonic-gate int size; 6187c478bd9Sstevel@tonic-gate { 6197c478bd9Sstevel@tonic-gate bcopy((char *)offset, addr, size); 6207c478bd9Sstevel@tonic-gate return 0; 6217c478bd9Sstevel@tonic-gate } 6227c478bd9Sstevel@tonic-gate 6237c478bd9Sstevel@tonic-gate 6247c478bd9Sstevel@tonic-gate int kstrncpy(buf, pos, n) 6257c478bd9Sstevel@tonic-gate char *buf; 6267c478bd9Sstevel@tonic-gate long pos; 6277c478bd9Sstevel@tonic-gate int n; 6287c478bd9Sstevel@tonic-gate { 6297c478bd9Sstevel@tonic-gate char *ptr; 6307c478bd9Sstevel@tonic-gate 6317c478bd9Sstevel@tonic-gate ptr = (char *)pos; 6327c478bd9Sstevel@tonic-gate 6337663b816Sml37995 while ((n-- > 0) && (*buf++ = *ptr++)) 6347c478bd9Sstevel@tonic-gate ; 6357c478bd9Sstevel@tonic-gate return 0; 6367c478bd9Sstevel@tonic-gate } 6377c478bd9Sstevel@tonic-gate 6387c478bd9Sstevel@tonic-gate 6397c478bd9Sstevel@tonic-gate /* 6407c478bd9Sstevel@tonic-gate * Display the built up NAT table rules and mapping entries. 6417c478bd9Sstevel@tonic-gate */ 642*f4b3ec61Sdh155122 void dumpnat(ifs) 643*f4b3ec61Sdh155122 ipf_stack_t *ifs; 6447c478bd9Sstevel@tonic-gate { 6457c478bd9Sstevel@tonic-gate ipnat_t *ipn; 6467c478bd9Sstevel@tonic-gate nat_t *nat; 6477c478bd9Sstevel@tonic-gate 6487c478bd9Sstevel@tonic-gate printf("List of active MAP/Redirect filters:\n"); 649*f4b3ec61Sdh155122 for (ipn = ifs->ifs_nat_list; ipn != NULL; ipn = ipn->in_next) 6507c478bd9Sstevel@tonic-gate printnat(ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); 6517c478bd9Sstevel@tonic-gate printf("\nList of active sessions:\n"); 652*f4b3ec61Sdh155122 for (nat = ifs->ifs_nat_instances; nat; nat = nat->nat_next) { 653*f4b3ec61Sdh155122 printactivenat(nat, opts, 0); 654ab25eeb5Syz155240 if (nat->nat_aps) 655ab25eeb5Syz155240 printaps(nat->nat_aps, opts); 656ab25eeb5Syz155240 } 6577c478bd9Sstevel@tonic-gate } 6587c478bd9Sstevel@tonic-gate 6597c478bd9Sstevel@tonic-gate 6607c478bd9Sstevel@tonic-gate /* 6617c478bd9Sstevel@tonic-gate * Display the built up state table rules and mapping entries. 6627c478bd9Sstevel@tonic-gate */ 663*f4b3ec61Sdh155122 void dumpstate(ifs) 664*f4b3ec61Sdh155122 ipf_stack_t *ifs; 6657c478bd9Sstevel@tonic-gate { 6667c478bd9Sstevel@tonic-gate ipstate_t *ips; 6677c478bd9Sstevel@tonic-gate 6687c478bd9Sstevel@tonic-gate printf("List of active state sessions:\n"); 669*f4b3ec61Sdh155122 for (ips = ifs->ifs_ips_list; ips != NULL; ) 670ab25eeb5Syz155240 ips = printstate(ips, opts & (OPT_DEBUG|OPT_VERBOSE), 671*f4b3ec61Sdh155122 ifs->ifs_fr_ticks); 6727c478bd9Sstevel@tonic-gate } 6737c478bd9Sstevel@tonic-gate 6747c478bd9Sstevel@tonic-gate 675*f4b3ec61Sdh155122 void dumplookups(ifs) 676*f4b3ec61Sdh155122 ipf_stack_t *ifs; 6777c478bd9Sstevel@tonic-gate { 6787c478bd9Sstevel@tonic-gate iphtable_t *iph; 6797c478bd9Sstevel@tonic-gate ip_pool_t *ipl; 6807c478bd9Sstevel@tonic-gate int i; 6817c478bd9Sstevel@tonic-gate 6827c478bd9Sstevel@tonic-gate printf("List of configured pools\n"); 6837c478bd9Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 684*f4b3ec61Sdh155122 for (ipl = ifs->ifs_ip_pool_list[i]; ipl != NULL; 685*f4b3ec61Sdh155122 ipl = ipl->ipo_next) 686ab25eeb5Syz155240 printpool(ipl, bcopywrap, NULL, opts); 6877c478bd9Sstevel@tonic-gate 6887c478bd9Sstevel@tonic-gate printf("List of configured hash tables\n"); 6897c478bd9Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 690*f4b3ec61Sdh155122 for (iph = ifs->ifs_ipf_htables[i]; iph != NULL; 691*f4b3ec61Sdh155122 iph = iph->iph_next) 692ab25eeb5Syz155240 printhash(iph, bcopywrap, NULL, opts); 6937c478bd9Sstevel@tonic-gate } 6947c478bd9Sstevel@tonic-gate 6957c478bd9Sstevel@tonic-gate 696*f4b3ec61Sdh155122 void dumpgroups(ifs) 697*f4b3ec61Sdh155122 ipf_stack_t *ifs; 6987c478bd9Sstevel@tonic-gate { 6997c478bd9Sstevel@tonic-gate frgroup_t *fg; 7007c478bd9Sstevel@tonic-gate frentry_t *fr; 7017c478bd9Sstevel@tonic-gate int i; 7027c478bd9Sstevel@tonic-gate 7037c478bd9Sstevel@tonic-gate printf("List of groups configured (set 0)\n"); 7047c478bd9Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 705*f4b3ec61Sdh155122 for (fg = ifs->ifs_ipfgroups[i][0]; fg != NULL; 706*f4b3ec61Sdh155122 fg = fg->fg_next) { 7077c478bd9Sstevel@tonic-gate printf("Dev.%d. Group %s Ref %d Flags %#x\n", 7087c478bd9Sstevel@tonic-gate i, fg->fg_name, fg->fg_ref, fg->fg_flags); 7097c478bd9Sstevel@tonic-gate for (fr = fg->fg_start; fr != NULL; fr = fr->fr_next) { 7107c478bd9Sstevel@tonic-gate #ifdef USE_QUAD_T 7117c478bd9Sstevel@tonic-gate printf("%qu ",(unsigned long long)fr->fr_hits); 7127c478bd9Sstevel@tonic-gate #else 7137c478bd9Sstevel@tonic-gate printf("%ld ", fr->fr_hits); 7147c478bd9Sstevel@tonic-gate #endif 7157c478bd9Sstevel@tonic-gate printfr(fr, ipftestioctl); 7167c478bd9Sstevel@tonic-gate } 7177c478bd9Sstevel@tonic-gate } 7187c478bd9Sstevel@tonic-gate 7197c478bd9Sstevel@tonic-gate printf("List of groups configured (set 1)\n"); 7207c478bd9Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 721*f4b3ec61Sdh155122 for (fg = ifs->ifs_ipfgroups[i][1]; fg != NULL; 722*f4b3ec61Sdh155122 fg = fg->fg_next) { 7237c478bd9Sstevel@tonic-gate printf("Dev.%d. Group %s Ref %d Flags %#x\n", 7247c478bd9Sstevel@tonic-gate i, fg->fg_name, fg->fg_ref, fg->fg_flags); 7257c478bd9Sstevel@tonic-gate for (fr = fg->fg_start; fr != NULL; fr = fr->fr_next) { 7267c478bd9Sstevel@tonic-gate #ifdef USE_QUAD_T 7277c478bd9Sstevel@tonic-gate printf("%qu ",(unsigned long long)fr->fr_hits); 7287c478bd9Sstevel@tonic-gate #else 7297c478bd9Sstevel@tonic-gate printf("%ld ", fr->fr_hits); 7307c478bd9Sstevel@tonic-gate #endif 7317c478bd9Sstevel@tonic-gate printfr(fr, ipftestioctl); 7327c478bd9Sstevel@tonic-gate } 7337c478bd9Sstevel@tonic-gate } 7347c478bd9Sstevel@tonic-gate } 7357c478bd9Sstevel@tonic-gate 7367c478bd9Sstevel@tonic-gate 737*f4b3ec61Sdh155122 void drain_log(filename, ifs) 7387c478bd9Sstevel@tonic-gate char *filename; 739*f4b3ec61Sdh155122 ipf_stack_t *ifs; 7407c478bd9Sstevel@tonic-gate { 7417c478bd9Sstevel@tonic-gate char buffer[DEFAULT_IPFLOGSIZE]; 7427c478bd9Sstevel@tonic-gate struct iovec iov; 7437c478bd9Sstevel@tonic-gate struct uio uio; 7447c478bd9Sstevel@tonic-gate size_t resid; 745ab25eeb5Syz155240 int fd, i; 7467c478bd9Sstevel@tonic-gate 7477c478bd9Sstevel@tonic-gate fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY, 0644); 7487c478bd9Sstevel@tonic-gate if (fd == -1) { 7497c478bd9Sstevel@tonic-gate perror("drain_log:open"); 7507c478bd9Sstevel@tonic-gate return; 7517c478bd9Sstevel@tonic-gate } 7527c478bd9Sstevel@tonic-gate 753ab25eeb5Syz155240 for (i = 0; i <= IPL_LOGMAX; i++) 7547c478bd9Sstevel@tonic-gate while (1) { 7557c478bd9Sstevel@tonic-gate bzero((char *)&iov, sizeof(iov)); 7567c478bd9Sstevel@tonic-gate iov.iov_base = buffer; 7577c478bd9Sstevel@tonic-gate iov.iov_len = sizeof(buffer); 7587c478bd9Sstevel@tonic-gate 7597c478bd9Sstevel@tonic-gate bzero((char *)&uio, sizeof(uio)); 7607c478bd9Sstevel@tonic-gate uio.uio_iov = &iov; 7617c478bd9Sstevel@tonic-gate uio.uio_iovcnt = 1; 7627c478bd9Sstevel@tonic-gate uio.uio_resid = iov.iov_len; 7637c478bd9Sstevel@tonic-gate resid = uio.uio_resid; 7647c478bd9Sstevel@tonic-gate 765*f4b3ec61Sdh155122 if (ipflog_read(i, &uio, ifs) == 0) { 7667c478bd9Sstevel@tonic-gate /* 7677c478bd9Sstevel@tonic-gate * If nothing was read then break out. 7687c478bd9Sstevel@tonic-gate */ 7697c478bd9Sstevel@tonic-gate if (uio.uio_resid == resid) 7707c478bd9Sstevel@tonic-gate break; 7717c478bd9Sstevel@tonic-gate write(fd, buffer, resid - uio.uio_resid); 7727c478bd9Sstevel@tonic-gate } else 7737c478bd9Sstevel@tonic-gate break; 7747c478bd9Sstevel@tonic-gate } 7757c478bd9Sstevel@tonic-gate 7767c478bd9Sstevel@tonic-gate close(fd); 7777c478bd9Sstevel@tonic-gate } 7787c478bd9Sstevel@tonic-gate 7797c478bd9Sstevel@tonic-gate 7807c478bd9Sstevel@tonic-gate void fixv4sums(m, ip) 7817c478bd9Sstevel@tonic-gate mb_t *m; 7827c478bd9Sstevel@tonic-gate ip_t *ip; 7837c478bd9Sstevel@tonic-gate { 7847c478bd9Sstevel@tonic-gate u_char *csump, *hdr; 7857c478bd9Sstevel@tonic-gate 7867c478bd9Sstevel@tonic-gate ip->ip_sum = 0; 7877c478bd9Sstevel@tonic-gate ip->ip_sum = ipf_cksum((u_short *)ip, IP_HL(ip) << 2); 7887c478bd9Sstevel@tonic-gate 7897c478bd9Sstevel@tonic-gate csump = (u_char *)ip; 7907c478bd9Sstevel@tonic-gate csump += IP_HL(ip) << 2; 7917c478bd9Sstevel@tonic-gate 7927c478bd9Sstevel@tonic-gate switch (ip->ip_p) 7937c478bd9Sstevel@tonic-gate { 7947c478bd9Sstevel@tonic-gate case IPPROTO_TCP : 7957c478bd9Sstevel@tonic-gate hdr = csump; 7967c478bd9Sstevel@tonic-gate csump += offsetof(tcphdr_t, th_sum); 7977c478bd9Sstevel@tonic-gate break; 7987c478bd9Sstevel@tonic-gate case IPPROTO_UDP : 7997c478bd9Sstevel@tonic-gate hdr = csump; 8007c478bd9Sstevel@tonic-gate csump += offsetof(udphdr_t, uh_sum); 8017c478bd9Sstevel@tonic-gate break; 8027c478bd9Sstevel@tonic-gate default : 8037c478bd9Sstevel@tonic-gate csump = NULL; 8047c478bd9Sstevel@tonic-gate hdr = NULL; 8057c478bd9Sstevel@tonic-gate break; 8067c478bd9Sstevel@tonic-gate } 8077c478bd9Sstevel@tonic-gate if (hdr != NULL) { 8087c478bd9Sstevel@tonic-gate *csump = 0; 8097c478bd9Sstevel@tonic-gate *(u_short *)csump = fr_cksum(m, ip, ip->ip_p, hdr); 8107c478bd9Sstevel@tonic-gate } 8117c478bd9Sstevel@tonic-gate } 812*f4b3ec61Sdh155122 813*f4b3ec61Sdh155122 ipf_stack_t *gifs; 814*f4b3ec61Sdh155122 815*f4b3ec61Sdh155122 /* 816*f4b3ec61Sdh155122 * Allocate and keep pointer for get_ifs() 817*f4b3ec61Sdh155122 */ 818*f4b3ec61Sdh155122 ipf_stack_t * 819*f4b3ec61Sdh155122 create_ifs() 820*f4b3ec61Sdh155122 { 821*f4b3ec61Sdh155122 ipf_stack_t *ifs; 822*f4b3ec61Sdh155122 823*f4b3ec61Sdh155122 KMALLOCS(ifs, ipf_stack_t *, sizeof (*ifs)); 824*f4b3ec61Sdh155122 bzero(ifs, sizeof (*ifs)); 825*f4b3ec61Sdh155122 gifs = ifs; 826*f4b3ec61Sdh155122 return (ifs); 827*f4b3ec61Sdh155122 } 828*f4b3ec61Sdh155122 829*f4b3ec61Sdh155122 ipf_stack_t * 830*f4b3ec61Sdh155122 get_ifs() 831*f4b3ec61Sdh155122 { 832*f4b3ec61Sdh155122 return (gifs); 833*f4b3ec61Sdh155122 } 834*f4b3ec61Sdh155122 835*f4b3ec61Sdh155122 netstack_t * 836*f4b3ec61Sdh155122 create_ns() 837*f4b3ec61Sdh155122 { 838*f4b3ec61Sdh155122 netstack_t *ns; 839*f4b3ec61Sdh155122 840*f4b3ec61Sdh155122 KMALLOCS(ns, netstack_t *, sizeof (*ns)); 841*f4b3ec61Sdh155122 bzero(ns, sizeof (*ns)); 842*f4b3ec61Sdh155122 return (ns); 843*f4b3ec61Sdh155122 } 844