1 /* $OpenBSD: pfctl_radix.c,v 1.27 2005/05/21 21:03:58 henning Exp $ */
4 * SPDX-License-Identifier: BSD-2-Clause
6 * Copyright (c) 2002 Cedric Berger
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * - Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * - Redistributions in binary form must reproduce the above
16 * copyright notice, this list of conditions and the following
17 * disclaimer in the documentation and/or other materials provided
18 * with the distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
28 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
30 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 * POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
38 #include <sys/types.h>
39 #include <sys/ioctl.h>
40 #include <sys/socket.h>
43 #include <net/pfvar.h>
59 static int pfr_next_token(char buf[], FILE *);
62 pfr_report_error(struct pfr_table *tbl, struct pfioc_table *io,
65 unsigned long maxcount;
69 if (sysctlbyname("net.pf.request_maxcount", &maxcount, &s, NULL,
73 if (io->pfrio_size > maxcount || io->pfrio_size2 > maxcount)
74 fprintf(stderr, "cannot %s %s: too many elements.\n"
75 "Consider increasing net.pf.request_maxcount.",
80 pfr_clr_tables(struct pfr_table *filter, int *ndel, int flags)
82 struct pfioc_table io;
84 bzero(&io, sizeof io);
85 io.pfrio_flags = flags;
87 io.pfrio_table = *filter;
88 if (ioctl(dev, DIOCRCLRTABLES, &io))
91 *ndel = io.pfrio_ndel;
96 pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags)
98 struct pfioc_table io;
100 if (size < 0 || (size && tbl == NULL)) {
104 bzero(&io, sizeof io);
105 io.pfrio_flags = flags;
106 io.pfrio_buffer = tbl;
107 io.pfrio_esize = sizeof(*tbl);
108 io.pfrio_size = size;
109 if (ioctl(dev, DIOCRADDTABLES, &io)) {
110 pfr_report_error(tbl, &io, "add table");
114 *nadd = io.pfrio_nadd;
119 pfr_del_tables(struct pfr_table *tbl, int size, int *ndel, int flags)
121 struct pfioc_table io;
123 if (size < 0 || (size && tbl == NULL)) {
127 bzero(&io, sizeof io);
128 io.pfrio_flags = flags;
129 io.pfrio_buffer = tbl;
130 io.pfrio_esize = sizeof(*tbl);
131 io.pfrio_size = size;
132 if (ioctl(dev, DIOCRDELTABLES, &io)) {
133 pfr_report_error(tbl, &io, "delete table");
137 *ndel = io.pfrio_ndel;
142 pfr_get_tables(struct pfr_table *filter, struct pfr_table *tbl, int *size,
145 struct pfioc_table io;
147 if (size == NULL || *size < 0 || (*size && tbl == NULL)) {
151 bzero(&io, sizeof io);
152 io.pfrio_flags = flags;
154 io.pfrio_table = *filter;
155 io.pfrio_buffer = tbl;
156 io.pfrio_esize = sizeof(*tbl);
157 io.pfrio_size = *size;
158 if (ioctl(dev, DIOCRGETTABLES, &io)) {
159 pfr_report_error(tbl, &io, "get table");
162 *size = io.pfrio_size;
167 pfr_get_tstats(struct pfr_table *filter, struct pfr_tstats *tbl, int *size,
170 struct pfioc_table io;
172 if (size == NULL || *size < 0 || (*size && tbl == NULL)) {
176 bzero(&io, sizeof io);
177 io.pfrio_flags = flags;
179 io.pfrio_table = *filter;
180 io.pfrio_buffer = tbl;
181 io.pfrio_esize = sizeof(*tbl);
182 io.pfrio_size = *size;
183 if (ioctl(dev, DIOCRGETTSTATS, &io)) {
184 pfr_report_error(filter, &io, "get tstats for");
187 *size = io.pfrio_size;
192 pfr_clr_addrs(struct pfr_table *tbl, int *ndel, int flags)
194 struct pfioc_table io;
200 bzero(&io, sizeof io);
201 io.pfrio_flags = flags;
202 io.pfrio_table = *tbl;
203 if (ioctl(dev, DIOCRCLRADDRS, &io))
206 *ndel = io.pfrio_ndel;
211 pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
212 int *nadd, int flags)
214 struct pfioc_table io;
216 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
220 bzero(&io, sizeof io);
221 io.pfrio_flags = flags;
222 io.pfrio_table = *tbl;
223 io.pfrio_buffer = addr;
224 io.pfrio_esize = sizeof(*addr);
225 io.pfrio_size = size;
226 if (ioctl(dev, DIOCRADDADDRS, &io)) {
227 pfr_report_error(tbl, &io, "add addresses in");
231 *nadd = io.pfrio_nadd;
236 pfr_del_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
237 int *ndel, int flags)
239 struct pfioc_table io;
241 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
245 bzero(&io, sizeof io);
246 io.pfrio_flags = flags;
247 io.pfrio_table = *tbl;
248 io.pfrio_buffer = addr;
249 io.pfrio_esize = sizeof(*addr);
250 io.pfrio_size = size;
251 if (ioctl(dev, DIOCRDELADDRS, &io)) {
252 pfr_report_error(tbl, &io, "delete addresses in");
256 *ndel = io.pfrio_ndel;
261 pfr_set_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
262 int *size2, int *nadd, int *ndel, int *nchange, int flags)
264 struct pfioc_table io;
266 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
270 bzero(&io, sizeof io);
271 io.pfrio_flags = flags;
272 io.pfrio_table = *tbl;
273 io.pfrio_buffer = addr;
274 io.pfrio_esize = sizeof(*addr);
275 io.pfrio_size = size;
276 io.pfrio_size2 = (size2 != NULL) ? *size2 : 0;
277 if (ioctl(dev, DIOCRSETADDRS, &io)) {
278 pfr_report_error(tbl, &io, "set addresses in");
282 *nadd = io.pfrio_nadd;
284 *ndel = io.pfrio_ndel;
286 *nchange = io.pfrio_nchange;
288 *size2 = io.pfrio_size2;
293 pfr_get_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int *size,
296 struct pfioc_table io;
298 if (tbl == NULL || size == NULL || *size < 0 ||
299 (*size && addr == NULL)) {
303 bzero(&io, sizeof io);
304 io.pfrio_flags = flags;
305 io.pfrio_table = *tbl;
306 io.pfrio_buffer = addr;
307 io.pfrio_esize = sizeof(*addr);
308 io.pfrio_size = *size;
309 if (ioctl(dev, DIOCRGETADDRS, &io)) {
310 pfr_report_error(tbl, &io, "get addresses from");
313 *size = io.pfrio_size;
318 pfr_get_astats(struct pfr_table *tbl, struct pfr_astats *addr, int *size,
321 struct pfioc_table io;
323 if (tbl == NULL || size == NULL || *size < 0 ||
324 (*size && addr == NULL)) {
328 bzero(&io, sizeof io);
329 io.pfrio_flags = flags;
330 io.pfrio_table = *tbl;
331 io.pfrio_buffer = addr;
332 io.pfrio_esize = sizeof(*addr);
333 io.pfrio_size = *size;
334 if (ioctl(dev, DIOCRGETASTATS, &io)) {
335 pfr_report_error(tbl, &io, "get astats from");
338 *size = io.pfrio_size;
343 pfr_clr_tstats(struct pfr_table *tbl, int size, int *nzero, int flags)
345 struct pfioc_table io;
347 if (size < 0 || (size && !tbl)) {
351 bzero(&io, sizeof io);
352 io.pfrio_flags = flags;
353 io.pfrio_buffer = tbl;
354 io.pfrio_esize = sizeof(*tbl);
355 io.pfrio_size = size;
356 if (ioctl(dev, DIOCRCLRTSTATS, &io)) {
357 pfr_report_error(tbl, &io, "clear tstats from");
361 *nzero = io.pfrio_nzero;
366 pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
367 int *nmatch, int flags)
369 struct pfioc_table io;
371 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
375 bzero(&io, sizeof io);
376 io.pfrio_flags = flags;
377 io.pfrio_table = *tbl;
378 io.pfrio_buffer = addr;
379 io.pfrio_esize = sizeof(*addr);
380 io.pfrio_size = size;
381 if (ioctl(dev, DIOCRTSTADDRS, &io)) {
382 pfr_report_error(tbl, &io, "test addresses in");
386 *nmatch = io.pfrio_nmatch;
391 pfr_ina_define(struct pfr_table *tbl, struct pfr_addr *addr, int size,
392 int *nadd, int *naddr, int ticket, int flags)
394 struct pfioc_table io;
396 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
400 bzero(&io, sizeof io);
401 io.pfrio_flags = flags;
402 io.pfrio_table = *tbl;
403 io.pfrio_buffer = addr;
404 io.pfrio_esize = sizeof(*addr);
405 io.pfrio_size = size;
406 io.pfrio_ticket = ticket;
407 if (ioctl(dev, DIOCRINADEFINE, &io)) {
408 pfr_report_error(tbl, &io, "define inactive set table");
412 *nadd = io.pfrio_nadd;
414 *naddr = io.pfrio_naddr;
418 /* interface management code */
421 pfi_get_ifaces(const char *filter, struct pfi_kif *buf, int *size)
423 struct pfioc_iface io;
425 if (size == NULL || *size < 0 || (*size && buf == NULL)) {
429 bzero(&io, sizeof io);
431 if (strlcpy(io.pfiio_name, filter, sizeof(io.pfiio_name)) >=
432 sizeof(io.pfiio_name)) {
436 io.pfiio_buffer = buf;
437 io.pfiio_esize = sizeof(*buf);
438 io.pfiio_size = *size;
439 if (ioctl(dev, DIOCIGETIFACES, &io))
441 *size = io.pfiio_size;
445 /* buffer management code */
447 const size_t buf_esize[PFRB_MAX] = { 0,
448 sizeof(struct pfr_table), sizeof(struct pfr_tstats),
449 sizeof(struct pfr_addr), sizeof(struct pfr_astats),
450 sizeof(struct pfi_kif), sizeof(struct pfioc_trans_e)
454 * add one element to the buffer
457 pfr_buf_add(struct pfr_buffer *b, const void *e)
461 if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX ||
466 bs = buf_esize[b->pfrb_type];
467 if (b->pfrb_size == b->pfrb_msize)
468 if (pfr_buf_grow(b, 0))
470 memcpy(((caddr_t)b->pfrb_caddr) + bs * b->pfrb_size, e, bs);
476 * return next element of the buffer (or first one if prev is NULL)
477 * see PFRB_FOREACH macro
480 pfr_buf_next(struct pfr_buffer *b, const void *prev)
484 if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX)
486 if (b->pfrb_size == 0)
489 return (b->pfrb_caddr);
490 bs = buf_esize[b->pfrb_type];
491 if ((((caddr_t)prev)-((caddr_t)b->pfrb_caddr)) / bs >= b->pfrb_size-1)
493 return (((caddr_t)prev) + bs);
498 * 0: make the buffer somewhat bigger
499 * n: make room for "n" entries in the buffer
502 pfr_buf_grow(struct pfr_buffer *b, int minsize)
507 if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX) {
511 if (minsize != 0 && minsize <= b->pfrb_msize)
513 bs = buf_esize[b->pfrb_type];
514 if (!b->pfrb_msize) {
517 b->pfrb_caddr = calloc(bs, minsize);
518 if (b->pfrb_caddr == NULL)
520 b->pfrb_msize = minsize;
523 minsize = b->pfrb_msize * 2;
524 if (minsize < 0 || minsize >= SIZE_T_MAX / bs) {
529 p = realloc(b->pfrb_caddr, minsize * bs);
532 bzero(p + b->pfrb_msize * bs, (minsize - b->pfrb_msize) * bs);
534 b->pfrb_msize = minsize;
540 * reset buffer and free memory.
543 pfr_buf_clear(struct pfr_buffer *b)
547 if (b->pfrb_caddr != NULL)
549 b->pfrb_caddr = NULL;
550 b->pfrb_size = b->pfrb_msize = 0;
554 pfr_buf_load(struct pfr_buffer *b, char *file, int nonetwork,
555 int (*append_addr)(struct pfr_buffer *, char *, int))
563 if (!strcmp(file, "-"))
566 fp = pfctl_fopen(file, "r");
570 while ((rv = pfr_next_token(buf, fp)) == 1)
571 if (append_addr(b, buf, nonetwork)) {
581 pfr_next_token(char buf[BUF_SIZE], FILE *fp)
583 static char next_ch = ' ';
588 while (isspace(next_ch) && !feof(fp))
590 /* remove from '#' until end of line */
608 } while (!feof(fp) && !isspace(next_ch));
618 pfr_strerror(int errnum)
622 return "Table does not exist";
624 return "Anchor or Ruleset does not exist";
626 return strerror(errnum);