ipf/tools/ipfzone.c

*94bdecd9SRob Gulewich/*
*94bdecd9SRob Gulewich * Copyright (c) 2014 Joyent, Inc.  All rights reserved.
*94bdecd9SRob Gulewich * Use is subject to license terms.
*94bdecd9SRob Gulewich *
*94bdecd9SRob Gulewich * See the IPFILTER.LICENCE file for details on licensing.
*94bdecd9SRob Gulewich */
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich#include <errno.h>
*94bdecd9SRob Gulewich#include <net/if.h>
*94bdecd9SRob Gulewich#include <stdio.h>
*94bdecd9SRob Gulewich#include <string.h>
*94bdecd9SRob Gulewich#include <unistd.h>
*94bdecd9SRob Gulewich#include <zone.h>
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich#include "netinet/ip_fil.h"
*94bdecd9SRob Gulewich#include "ipfzone.h"
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewichstatic ipfzoneobj_t	ipzo;
*94bdecd9SRob Gulewichstatic boolean_t	do_setzone = 0;
*94bdecd9SRob Gulewichstatic int		num_setzones = 0;
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewichextern int	errno;
*94bdecd9SRob Gulewichextern int	opterr;
*94bdecd9SRob Gulewichextern int	optind;
*94bdecd9SRob Gulewichextern char	*optarg;
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich/*
*94bdecd9SRob Gulewich * Get the zonename if it's the last argument and set the zonename
*94bdecd9SRob Gulewich * in ipfzo to it. This is used by ipf(1m) only - all of the other tools
*94bdecd9SRob Gulewich * specify the zone with the -z option, and therefore use getzoneopt() below.
*94bdecd9SRob Gulewich */
*94bdecd9SRob Gulewichvoid
*94bdecd9SRob Gulewichgetzonearg(int argc, char *argv[], const char *optstr)
*94bdecd9SRob Gulewich{
*94bdecd9SRob Gulewich	int c;
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich	/*
*94bdecd9SRob Gulewich	 * Don't warn about unknown options - let subsequent calls to
*94bdecd9SRob Gulewich	 * getopt() handle this.
*94bdecd9SRob Gulewich	 */
*94bdecd9SRob Gulewich	opterr = 0;
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich	/*
*94bdecd9SRob Gulewich	 * getopt is also used here to set optind so that we can
*94bdecd9SRob Gulewich	 * determine if the last argument belongs to a flag or is
*94bdecd9SRob Gulewich	 * actually a zonename.
*94bdecd9SRob Gulewich	 */
*94bdecd9SRob Gulewich	while ((c = getopt(argc, argv, optstr)) != -1) {
*94bdecd9SRob Gulewich		if (c == 'G')
*94bdecd9SRob Gulewich			ipzo.ipfz_gz = 1;
*94bdecd9SRob Gulewich	}
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich	if (optind < argc)
*94bdecd9SRob Gulewich		setzonename(argv[optind]);
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich	/*
*94bdecd9SRob Gulewich	 * Reset optind and opterr so the next getopt call will go through all
*94bdecd9SRob Gulewich	 * of argv again and warn about unknown options.
*94bdecd9SRob Gulewich	 */
*94bdecd9SRob Gulewich	optind = 1;
*94bdecd9SRob Gulewich	opterr = 1;
*94bdecd9SRob Gulewich}
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich/*
*94bdecd9SRob Gulewich * Get a -z option from argv and set the zonename in ipfzo accordingly
*94bdecd9SRob Gulewich */
*94bdecd9SRob Gulewichvoid
*94bdecd9SRob Gulewichgetzoneopt(int argc, char *argv[], const char *optstr)
*94bdecd9SRob Gulewich{
*94bdecd9SRob Gulewich	int c;
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich	/*
*94bdecd9SRob Gulewich	 * Don't warn about unknown options - let subsequent calls to
*94bdecd9SRob Gulewich	 * getopt() handle this.
*94bdecd9SRob Gulewich	 */
*94bdecd9SRob Gulewich	opterr = 0;
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich	while ((c = getopt(argc, argv, optstr)) != -1) {
*94bdecd9SRob Gulewich		if (c == 'G')
*94bdecd9SRob Gulewich			setzonename_global(optarg);
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich		if (c == 'z')
*94bdecd9SRob Gulewich			setzonename(optarg);
*94bdecd9SRob Gulewich	}
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich	/*
*94bdecd9SRob Gulewich	 * Reset optind and opterr so the next getopt call will go through all
*94bdecd9SRob Gulewich	 * of argv again and warn about unknown options.
*94bdecd9SRob Gulewich	 */
*94bdecd9SRob Gulewich	optind = 1;
*94bdecd9SRob Gulewich	opterr = 1;
*94bdecd9SRob Gulewich}
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich/*
*94bdecd9SRob Gulewich * Set the zonename in ipfzo to the given string: this is the zone all further
*94bdecd9SRob Gulewich * ioctls will act on.
*94bdecd9SRob Gulewich */
*94bdecd9SRob Gulewichvoid
*94bdecd9SRob Gulewichsetzonename(const char *zonename)
*94bdecd9SRob Gulewich{
*94bdecd9SRob Gulewich	memcpy(ipzo.ipfz_zonename, zonename, sizeof (ipzo.ipfz_zonename));
*94bdecd9SRob Gulewich	do_setzone = B_TRUE;
*94bdecd9SRob Gulewich	num_setzones++;
*94bdecd9SRob Gulewich}
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich/*
*94bdecd9SRob Gulewich * Set the zonename in ipfo, and the gz flag. This indicates that we want all
*94bdecd9SRob Gulewich * further ioctls to act on the GZ-controlled stack for that zone.
*94bdecd9SRob Gulewich */
*94bdecd9SRob Gulewichvoid
*94bdecd9SRob Gulewichsetzonename_global(const char *zonename)
*94bdecd9SRob Gulewich{
*94bdecd9SRob Gulewich	setzonename(zonename);
*94bdecd9SRob Gulewich	ipzo.ipfz_gz = 1;
*94bdecd9SRob Gulewich}
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich/*
*94bdecd9SRob Gulewich * Set the zone that all further ioctls will operate on. See the "GZ-controlled
*94bdecd9SRob Gulewich * and per-zone stacks" note at the top of ip_fil_solaris.c for further
*94bdecd9SRob Gulewich * explanation.
*94bdecd9SRob Gulewich */
*94bdecd9SRob Gulewichint
*94bdecd9SRob Gulewichsetzone(int fd)
*94bdecd9SRob Gulewich{
*94bdecd9SRob Gulewich	if (!do_setzone)
*94bdecd9SRob Gulewich		return (0);
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich	if (num_setzones > 1) {
*94bdecd9SRob Gulewich		(void) fprintf(stderr,
*94bdecd9SRob Gulewich		    "Only one of -G and -z may be set\n");
*94bdecd9SRob Gulewich		return (-1);
*94bdecd9SRob Gulewich	}
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich	if (ipzo.ipfz_gz == 1 &&
*94bdecd9SRob Gulewich	    getzoneidbyname(ipzo.ipfz_zonename) == GLOBAL_ZONEID) {
*94bdecd9SRob Gulewich		(void) fprintf(stderr,
*94bdecd9SRob Gulewich		    "-G cannot be used with the global zone\n");
*94bdecd9SRob Gulewich		return (-1);
*94bdecd9SRob Gulewich	}
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich	if (ioctl(fd, SIOCIPFZONESET, &ipzo) == -1) {
*94bdecd9SRob Gulewich		switch (errno) {
*94bdecd9SRob Gulewich		case ENODEV:
*94bdecd9SRob Gulewich			(void) fprintf(stderr,
*94bdecd9SRob Gulewich			    "Could not find running zone: %s\n",
*94bdecd9SRob Gulewich			    ipzo.ipfz_zonename);
*94bdecd9SRob Gulewich			break;
*94bdecd9SRob Gulewich		case EACCES:
*94bdecd9SRob Gulewich			(void) fprintf(stderr,
*94bdecd9SRob Gulewich			    "Permission denied setting zone: %s\n",
*94bdecd9SRob Gulewich			    ipzo.ipfz_zonename);
*94bdecd9SRob Gulewich			break;
*94bdecd9SRob Gulewich		default:
*94bdecd9SRob Gulewich			perror("Error setting zone");
*94bdecd9SRob Gulewich		}
*94bdecd9SRob Gulewich		return (-1);
*94bdecd9SRob Gulewich	}
*94bdecd9SRob Gulewich
*94bdecd9SRob Gulewich	return (0);
*94bdecd9SRob Gulewich}