2 * Copyright (C) 2012 by Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
7 static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
8 static const char rcsid[] = "@(#)$Id: ipfsyncd.c,v 1.1.2.2 2012/07/22 08:04:24 darren_r Exp $";
10 #include <sys/types.h>
12 #include <sys/socket.h>
13 #include <sys/ioctl.h>
14 #include <sys/sockio.h>
15 #include <sys/errno.h>
17 #include <netinet/in.h>
20 #include <arpa/inet.h>
38 #if defined(sun) && !defined(SOLARIS2)
39 # define STRERROR(x) sys_errlist[x]
40 extern char *sys_errlist[];
42 # define STRERROR(x) strerror(x)
46 int main __P((int, char *[]));
47 void usage __P((char *));
48 void printsynchdr __P((synchdr_t *));
49 void printtable __P((int));
50 void printsmcproto __P((char *));
51 void printcommand __P((int));
52 int do_kbuff __P((int, char *, int *));
53 int do_packet __P((int, char *));
54 int buildsocket __P((char *, struct sockaddr_in *));
55 void do_io __P((void));
56 void handleterm __P((int));
69 "Usage: %s [-d] [-p port] [-i address] -I <interface>\n",
81 /* should be large enough to hold header + any datatype */
82 #define BUFFERLEN 1400
89 struct sockaddr_in sin;
94 progname = strrchr(argv[0], '/');
105 bzero((char *)&sin, sizeof(sin));
106 sin.sin_family = AF_INET;
107 sin.sin_port = htons(0xaf6c);
108 sin.sin_addr.s_addr = htonl(INADDR_UNSPEC_GROUP | 0x697066);
110 while ((opt = getopt(argc, argv, "di:I:p:")) != -1)
120 sin.sin_addr.s_addr = inet_addr(optarg);
123 sin.sin_port = htons(atoi(optarg));
127 if (interface == NULL) {
137 int fd = open("/dev/null", O_RDWR);
145 fprintf(stderr, "%s: fork() failed: %s\n",
146 argv[0], STRERROR(errno));
164 signal(SIGHUP, handleterm);
165 signal(SIGINT, handleterm);
166 signal(SIGTERM, handleterm);
168 openlog(progname, LOG_PID, LOG_SECURITY);
184 if (buildsocket(interface, &sin) == -1)
187 lfd = open(IPSYNC_NAME, O_RDWR);
189 syslog(LOG_ERR, "open(%s):%m", IPSYNC_NAME);
190 debug(1, "open(%s): %s\n", IPSYNC_NAME,
199 syslog(LOG_INFO, "retry in %d seconds", 1 << tries);
200 debug(1, "wait %d seconds\n", 1 << tries);
211 syslog(LOG_ERR, "signal %d received, exiting...", terminate);
212 debug(1, "signal %d received, exiting...", terminate);
221 char nbuff[BUFFERLEN];
222 char buff[BUFFERLEN];
235 debug(2, "nfd %d lfd %d maxfd %d\n", nfd, lfd, maxfd);
239 * A threaded approach to this loop would have one thread
240 * work on reading lfd (only) all the time and another thread
241 * working on reading nfd all the time.
248 n = select(maxfd + 1, &rd, NULL, NULL, NULL);
255 syslog(LOG_ERR, "select error: %m");
256 debug(1, "select error: %s\n", STRERROR(errno));
261 if (FD_ISSET(lfd, &rd)) {
262 n1 = read(lfd, buff+inbuf, BUFFERLEN-inbuf);
264 debug(3, "read(K):%d\n", n1);
267 syslog(LOG_ERR, "read error (k-header): %m");
268 debug(1, "read error (k-header): %s\n",
275 switch (do_kbuff(n1, buff, &left))
288 if (FD_ISSET(nfd, &rd)) {
289 n1 = recv(nfd, nbuff, sizeof(nbuff), 0);
291 debug(3, "read(N):%d\n", n1);
294 syslog(LOG_ERR, "read error (n-header): %m");
295 debug(1, "read error (n-header): %s\n",
300 switch (do_packet(n1, nbuff))
313 buildsocket(nicname, sinp)
315 struct sockaddr_in *sinp;
317 struct sockaddr_in *reqip;
321 debug(2, "binding to %s:%s\n", nicname, inet_ntoa(sinp->sin_addr));
323 if (IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) {
327 igmpfd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP);
329 syslog(LOG_ERR, "socket:%m");
330 debug(1, "socket:%s\n", STRERROR(errno));
334 bzero((char *)&req, sizeof(req));
335 strncpy(req.ifr_name, nicname, sizeof(req.ifr_name));
336 req.ifr_name[sizeof(req.ifr_name) - 1] = '\0';
337 if (ioctl(igmpfd, SIOCGIFADDR, &req) == -1) {
338 syslog(LOG_ERR, "ioctl(SIOCGIFADDR):%m");
339 debug(1, "ioctl(SIOCGIFADDR):%s\n", STRERROR(errno));
344 reqip = (struct sockaddr_in *)&req.ifr_addr;
346 addr = reqip->sin_addr;
347 if (setsockopt(igmpfd, IPPROTO_IP, IP_MULTICAST_IF,
348 (char *)&addr, sizeof(addr)) == -1) {
349 syslog(LOG_ERR, "setsockopt(IP_MULTICAST_IF(%s)):%m",
351 debug(1, "setsockopt(IP_MULTICAST_IF(%s)):%s\n",
352 inet_ntoa(addr), STRERROR(errno));
359 if (setsockopt(igmpfd, IPPROTO_IP, IP_MULTICAST_LOOP,
360 (char *)&opt, sizeof(opt)) == -1) {
361 syslog(LOG_ERR, "setsockopt(IP_MULTICAST_LOOP=0):%m");
362 debug(1, "setsockopt(IP_MULTICAST_LOOP=0):%s\n",
370 if (setsockopt(igmpfd, IPPROTO_IP, IP_MULTICAST_TTL,
371 (char *)&opt, sizeof(opt)) == -1) {
372 syslog(LOG_ERR, "setsockopt(IP_MULTICAST_TTL=%d):%m",
374 debug(1, "setsockopt(IP_MULTICAST_TTL=%d):%s\n", opt,
381 mreq.imr_multiaddr.s_addr = sinp->sin_addr.s_addr;
382 mreq.imr_interface.s_addr = reqip->sin_addr.s_addr;
384 if (setsockopt(igmpfd, IPPROTO_IP, IP_ADD_MEMBERSHIP,
385 (char *)&mreq, sizeof(mreq)) == -1) {
388 sprintf(buffer, "%s,", inet_ntoa(sinp->sin_addr));
389 strcat(buffer, inet_ntoa(reqip->sin_addr));
392 "setsockpt(IP_ADD_MEMBERSHIP,%s):%m", buffer);
393 debug(1, "setsockpt(IP_ADD_MEMBERSHIP,%s):%s\n",
394 buffer, STRERROR(errno));
400 nfd = socket(AF_INET, SOCK_DGRAM, 0);
402 syslog(LOG_ERR, "socket:%m");
409 bzero((char *)&req, sizeof(req));
410 strncpy(req.ifr_name, nicname, sizeof(req.ifr_name));
411 req.ifr_name[sizeof(req.ifr_name) - 1] = '\0';
412 if (ioctl(nfd, SIOCGIFADDR, &req) == -1) {
413 syslog(LOG_ERR, "ioctl(SIOCGIFADDR):%m");
414 debug(1, "ioctl(SIOCGIFADDR):%s\n", STRERROR(errno));
420 if (bind(nfd, (struct sockaddr *)&req.ifr_addr,
421 sizeof(req.ifr_addr)) == -1) {
422 syslog(LOG_ERR, "bind:%m");
423 debug(1, "bind:%s\n", STRERROR(errno));
433 if (connect(nfd, (struct sockaddr *)sinp, sizeof(*sinp)) == -1) {
434 syslog(LOG_ERR, "connect:%m");
435 debug(1, "connect:%s\n", STRERROR(errno));
444 syslog(LOG_INFO, "Sending data to %s", inet_ntoa(sinp->sin_addr));
445 debug(3, "Sending data to %s\n", inet_ntoa(sinp->sin_addr));
452 do_packet(pklen, buff)
463 if (pklen < sizeof(*sh)) {
464 syslog(LOG_ERR, "packet length too short:%d", pklen);
465 debug(2, "packet length too short:%d\n", pklen);
469 sh = (synchdr_t *)buff;
470 len = ntohl(sh->sm_len);
471 magic = ntohl(sh->sm_magic);
473 if (magic != SYNHDRMAGIC) {
474 syslog(LOG_ERR, "invalid header magic %x", magic);
475 debug(2, "invalid header magic %x\n", magic);
479 if (pklen < len + sizeof(*sh)) {
480 syslog(LOG_ERR, "packet length too short:%d", pklen);
481 debug(2, "packet length too short:%d\n", pklen);
485 if (debuglevel > 3) {
487 printcommand(sh->sm_cmd);
488 printtable(sh->sm_table);
492 n2 = sizeof(*sh) + len;
495 n3 = write(lfd, buff, n2);
497 syslog(LOG_ERR, "write error: %m");
498 debug(1, "write error: %s\n", STRERROR(errno));
514 do_kbuff(inbuf, buf, left)
531 sh = (synchdr_t *)buf;
533 for (complete = 0; bytes > 0; complete++) {
534 len = ntohl(sh->sm_len);
535 magic = ntohl(sh->sm_magic);
537 if (magic != SYNHDRMAGIC) {
539 "read invalid header magic 0x%x, flushing",
541 debug(2, "read invalid header magic 0x%x, flushing\n",
544 (void) ioctl(lfd, SIOCIPFFL, &n2);
548 if (debuglevel > 3) {
550 printcommand(sh->sm_cmd);
551 printtable(sh->sm_table);
555 if (bytes < sizeof(*sh) + len) {
556 debug(3, "Not enough bytes %d < %d\n", bytes,
562 if (debuglevel > 3) {
566 sendlen += len + sizeof(*sh);
567 sh = (synchdr_t *)(buf + sendlen);
572 n3 = send(nfd, buf, sendlen, 0);
574 syslog(LOG_ERR, "write error: %m");
575 debug(1, "write error: %s\n", STRERROR(errno));
578 debug(3, "send on %d len %d = %d\n", nfd, sendlen, n3);
582 /* move buffer to the front,we might need to make
583 * this more efficient, by using a rolling pointer
584 * over the buffer and only copying it, when
585 * we are reaching the end
588 bcopy(buf + bytes, buf, bytes);
591 debug(4, "complete %d bytes %d error %d\n", complete, bytes, error);
607 printf(" cmd:CREATE");
610 printf(" cmd:UPDATE");
613 printf(" cmd:Unknown(%d)", cmd);
626 printf(" table:NAT");
629 printf(" table:STATE");
632 printf(" table:Unknown(%d)", table);
645 sh = (synchdr_t *)buff;
647 if (sh->sm_cmd == SMC_CREATE) {
650 } else if (sh->sm_cmd == SMC_UPDATE) {
651 su = (syncupdent_t *)buff;
652 if (sh->sm_p == IPPROTO_TCP) {
653 printf(" TCP Update: age %lu state %d/%d\n",
655 su->sup_tcp.stu_state[0],
656 su->sup_tcp.stu_state[1]);
659 printf("Unknown command\n");
669 printf("v:%d p:%d num:%d len:%d magic:%x", sh->sm_v, sh->sm_p,
670 ntohl(sh->sm_num), ntohl(sh->sm_len), ntohl(sh->sm_magic));