1 /* $OpenBSD: pfctl_radix.c,v 1.27 2005/05/21 21:03:58 henning Exp $ */
4 * SPDX-License-Identifier: BSD-2-Clause
6 * Copyright (c) 2002 Cedric Berger
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * - Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * - Redistributions in binary form must reproduce the above
16 * copyright notice, this list of conditions and the following
17 * disclaimer in the documentation and/or other materials provided
18 * with the distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
28 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
30 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 * POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
38 #include <sys/types.h>
39 #include <sys/ioctl.h>
40 #include <sys/socket.h>
43 #include <net/pfvar.h>
59 static int pfr_next_token(char buf[BUF_SIZE], FILE *);
62 pfr_report_error(struct pfr_table *tbl, struct pfioc_table *io,
65 unsigned long maxcount;
69 if (sysctlbyname("net.pf.request_maxcount", &maxcount, &s, NULL,
73 if (io->pfrio_size > maxcount || io->pfrio_size2 > maxcount)
74 fprintf(stderr, "cannot %s %s: too many elements.\n"
75 "Consider increasing net.pf.request_maxcount.",
80 pfr_clr_tables(struct pfr_table *filter, int *ndel, int flags)
82 struct pfioc_table io;
84 bzero(&io, sizeof io);
85 io.pfrio_flags = flags;
87 io.pfrio_table = *filter;
88 if (ioctl(dev, DIOCRCLRTABLES, &io))
91 *ndel = io.pfrio_ndel;
96 pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags)
98 struct pfioc_table io;
100 if (size < 0 || (size && tbl == NULL)) {
104 bzero(&io, sizeof io);
105 io.pfrio_flags = flags;
106 io.pfrio_buffer = tbl;
107 io.pfrio_esize = sizeof(*tbl);
108 io.pfrio_size = size;
109 if (ioctl(dev, DIOCRADDTABLES, &io)) {
110 pfr_report_error(tbl, &io, "add table");
114 *nadd = io.pfrio_nadd;
119 pfr_del_tables(struct pfr_table *tbl, int size, int *ndel, int flags)
121 struct pfioc_table io;
123 if (size < 0 || (size && tbl == NULL)) {
127 bzero(&io, sizeof io);
128 io.pfrio_flags = flags;
129 io.pfrio_buffer = tbl;
130 io.pfrio_esize = sizeof(*tbl);
131 io.pfrio_size = size;
132 if (ioctl(dev, DIOCRDELTABLES, &io)) {
133 pfr_report_error(tbl, &io, "delete table");
137 *ndel = io.pfrio_ndel;
142 pfr_get_tables(struct pfr_table *filter, struct pfr_table *tbl, int *size,
145 struct pfioc_table io;
147 if (size == NULL || *size < 0 || (*size && tbl == NULL)) {
151 bzero(&io, sizeof io);
152 io.pfrio_flags = flags;
154 io.pfrio_table = *filter;
155 io.pfrio_buffer = tbl;
156 io.pfrio_esize = sizeof(*tbl);
157 io.pfrio_size = *size;
158 if (ioctl(dev, DIOCRGETTABLES, &io)) {
159 pfr_report_error(tbl, &io, "get table");
162 *size = io.pfrio_size;
167 pfr_get_tstats(struct pfr_table *filter, struct pfr_tstats *tbl, int *size,
170 struct pfioc_table io;
172 if (size == NULL || *size < 0 || (*size && tbl == NULL)) {
176 bzero(&io, sizeof io);
177 io.pfrio_flags = flags;
179 io.pfrio_table = *filter;
180 io.pfrio_buffer = tbl;
181 io.pfrio_esize = sizeof(*tbl);
182 io.pfrio_size = *size;
183 if (ioctl(dev, DIOCRGETTSTATS, &io)) {
184 pfr_report_error(filter, &io, "get tstats for");
187 *size = io.pfrio_size;
192 pfr_clr_addrs(struct pfr_table *tbl, int *ndel, int flags)
194 struct pfioc_table io;
200 bzero(&io, sizeof io);
201 io.pfrio_flags = flags;
202 io.pfrio_table = *tbl;
203 if (ioctl(dev, DIOCRCLRADDRS, &io))
206 *ndel = io.pfrio_ndel;
211 pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
212 int *nadd, int flags)
216 ret = pfctl_table_add_addrs(dev, tbl, addr, size, nadd, flags);
225 pfr_del_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
226 int *ndel, int flags)
230 ret = pfctl_table_del_addrs(dev, tbl, addr, size, ndel, flags);
239 pfr_set_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
240 int *size2, int *nadd, int *ndel, int *nchange, int flags)
244 ret = pfctl_table_set_addrs(dev, tbl, addr, size, size2, nadd, ndel,
254 pfr_get_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int *size,
259 ret = pfctl_table_get_addrs(dev, tbl, addr, size, flags);
268 pfr_get_astats(struct pfr_table *tbl, struct pfr_astats *addr, int *size,
271 struct pfioc_table io;
273 if (tbl == NULL || size == NULL || *size < 0 ||
274 (*size && addr == NULL)) {
278 bzero(&io, sizeof io);
279 io.pfrio_flags = flags;
280 io.pfrio_table = *tbl;
281 io.pfrio_buffer = addr;
282 io.pfrio_esize = sizeof(*addr);
283 io.pfrio_size = *size;
284 if (ioctl(dev, DIOCRGETASTATS, &io)) {
285 pfr_report_error(tbl, &io, "get astats from");
288 *size = io.pfrio_size;
293 pfr_clr_tstats(struct pfr_table *tbl, int size, int *nzero, int flags)
295 struct pfioc_table io;
297 if (size < 0 || (size && !tbl)) {
301 bzero(&io, sizeof io);
302 io.pfrio_flags = flags;
303 io.pfrio_buffer = tbl;
304 io.pfrio_esize = sizeof(*tbl);
305 io.pfrio_size = size;
306 if (ioctl(dev, DIOCRCLRTSTATS, &io)) {
307 pfr_report_error(tbl, &io, "clear tstats from");
311 *nzero = io.pfrio_nzero;
316 pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
317 int *nmatch, int flags)
319 struct pfioc_table io;
321 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
325 bzero(&io, sizeof io);
326 io.pfrio_flags = flags;
327 io.pfrio_table = *tbl;
328 io.pfrio_buffer = addr;
329 io.pfrio_esize = sizeof(*addr);
330 io.pfrio_size = size;
331 if (ioctl(dev, DIOCRTSTADDRS, &io)) {
332 pfr_report_error(tbl, &io, "test addresses in");
336 *nmatch = io.pfrio_nmatch;
341 pfr_ina_define(struct pfr_table *tbl, struct pfr_addr *addr, int size,
342 int *nadd, int *naddr, int ticket, int flags)
344 struct pfioc_table io;
346 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
350 bzero(&io, sizeof io);
351 io.pfrio_flags = flags;
352 io.pfrio_table = *tbl;
353 io.pfrio_buffer = addr;
354 io.pfrio_esize = sizeof(*addr);
355 io.pfrio_size = size;
356 io.pfrio_ticket = ticket;
357 if (ioctl(dev, DIOCRINADEFINE, &io)) {
358 pfr_report_error(tbl, &io, "define inactive set table");
362 *nadd = io.pfrio_nadd;
364 *naddr = io.pfrio_naddr;
368 /* interface management code */
371 pfi_get_ifaces(const char *filter, struct pfi_kif *buf, int *size)
373 struct pfioc_iface io;
375 if (size == NULL || *size < 0 || (*size && buf == NULL)) {
379 bzero(&io, sizeof io);
381 if (strlcpy(io.pfiio_name, filter, sizeof(io.pfiio_name)) >=
382 sizeof(io.pfiio_name)) {
386 io.pfiio_buffer = buf;
387 io.pfiio_esize = sizeof(*buf);
388 io.pfiio_size = *size;
389 if (ioctl(dev, DIOCIGETIFACES, &io))
391 *size = io.pfiio_size;
395 /* buffer management code */
397 const size_t buf_esize[PFRB_MAX] = { 0,
398 sizeof(struct pfr_table), sizeof(struct pfr_tstats),
399 sizeof(struct pfr_addr), sizeof(struct pfr_astats),
400 sizeof(struct pfi_kif), sizeof(struct pfioc_trans_e)
404 * add one element to the buffer
407 pfr_buf_add(struct pfr_buffer *b, const void *e)
411 if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX ||
416 bs = buf_esize[b->pfrb_type];
417 if (b->pfrb_size == b->pfrb_msize)
418 if (pfr_buf_grow(b, 0))
420 memcpy(((caddr_t)b->pfrb_caddr) + bs * b->pfrb_size, e, bs);
426 * return next element of the buffer (or first one if prev is NULL)
427 * see PFRB_FOREACH macro
430 pfr_buf_next(struct pfr_buffer *b, const void *prev)
434 if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX)
436 if (b->pfrb_size == 0)
439 return (b->pfrb_caddr);
440 bs = buf_esize[b->pfrb_type];
441 if ((((caddr_t)prev)-((caddr_t)b->pfrb_caddr)) / bs >= b->pfrb_size-1)
443 return (((caddr_t)prev) + bs);
448 * 0: make the buffer somewhat bigger
449 * n: make room for "n" entries in the buffer
452 pfr_buf_grow(struct pfr_buffer *b, int minsize)
457 if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX) {
461 if (minsize != 0 && minsize <= b->pfrb_msize)
463 bs = buf_esize[b->pfrb_type];
464 if (!b->pfrb_msize) {
467 b->pfrb_caddr = calloc(bs, minsize);
468 if (b->pfrb_caddr == NULL)
470 b->pfrb_msize = minsize;
473 minsize = b->pfrb_msize * 2;
474 if (minsize < 0 || minsize >= SIZE_T_MAX / bs) {
479 p = realloc(b->pfrb_caddr, minsize * bs);
482 bzero(p + b->pfrb_msize * bs, (minsize - b->pfrb_msize) * bs);
484 b->pfrb_msize = minsize;
490 * reset buffer and free memory.
493 pfr_buf_clear(struct pfr_buffer *b)
497 if (b->pfrb_caddr != NULL)
499 b->pfrb_caddr = NULL;
500 b->pfrb_size = b->pfrb_msize = 0;
504 pfr_buf_load(struct pfr_buffer *b, char *file, int nonetwork,
505 int (*append_addr)(struct pfr_buffer *, char *, int))
513 if (!strcmp(file, "-"))
516 fp = pfctl_fopen(file, "r");
520 while ((rv = pfr_next_token(buf, fp)) == 1)
521 if (append_addr(b, buf, nonetwork)) {
531 pfr_next_token(char buf[BUF_SIZE], FILE *fp)
533 static char next_ch = ' ';
538 while (isspace(next_ch) && !feof(fp))
540 /* remove from '#' until end of line */
558 } while (!feof(fp) && !isspace(next_ch));
568 pfr_strerror(int errnum)
572 return "Table does not exist";
574 return "Anchor or Ruleset does not exist";
576 return strerror(errnum);
projects / FreeBSD / FreeBSD.git / blob