sbin/pfctl/pfctl_table.c

223637Sbz/*	$OpenBSD: pfctl_table.c,v 1.67 2008/06/10 20:55:02 mcbride Exp $ */
126353Smlaier
126353Smlaier/*
126353Smlaier * Copyright (c) 2002 Cedric Berger
126353Smlaier * All rights reserved.
126353Smlaier *
126353Smlaier * Redistribution and use in source and binary forms, with or without
126353Smlaier * modification, are permitted provided that the following conditions
126353Smlaier * are met:
126353Smlaier *
126353Smlaier *    - Redistributions of source code must retain the above copyright
126353Smlaier *      notice, this list of conditions and the following disclaimer.
126353Smlaier *    - Redistributions in binary form must reproduce the above
126353Smlaier *      copyright notice, this list of conditions and the following
126353Smlaier *      disclaimer in the documentation and/or other materials provided
126353Smlaier *      with the distribution.
126353Smlaier *
126353Smlaier * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
126353Smlaier * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
126353Smlaier * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
126353Smlaier * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
126353Smlaier * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
126353Smlaier * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
126353Smlaier * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
126353Smlaier * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
126353Smlaier * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
126353Smlaier * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
126353Smlaier * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
126353Smlaier * POSSIBILITY OF SUCH DAMAGE.
126353Smlaier *
126353Smlaier */
126353Smlaier
127082Sobrien#include <sys/cdefs.h>
127082Sobrien__FBSDID("$FreeBSD$");
127082Sobrien
126353Smlaier#include <sys/types.h>
126353Smlaier#include <sys/ioctl.h>
126353Smlaier#include <sys/socket.h>
126353Smlaier
126353Smlaier#include <net/if.h>
126353Smlaier#include <net/pfvar.h>
126353Smlaier#include <arpa/inet.h>
126353Smlaier
126353Smlaier#include <ctype.h>
126353Smlaier#include <err.h>
126353Smlaier#include <errno.h>
126353Smlaier#include <netdb.h>
126353Smlaier#include <stdarg.h>
126353Smlaier#include <stdio.h>
126353Smlaier#include <stdlib.h>
126353Smlaier#include <string.h>
126353Smlaier#include <time.h>
126353Smlaier
126353Smlaier#include "pfctl_parser.h"
126353Smlaier#include "pfctl.h"
126353Smlaier
126353Smlaierextern void	usage(void);
126353Smlaierstatic int	pfctl_table(int, char *[], char *, const char *, char *,
145840Smlaier		    const char *, int);
126353Smlaierstatic void	print_table(struct pfr_table *, int, int);
126353Smlaierstatic void	print_tstats(struct pfr_tstats *, int);
126353Smlaierstatic int	load_addr(struct pfr_buffer *, int, char *[], char *, int);
126353Smlaierstatic void	print_addrx(struct pfr_addr *, struct pfr_addr *, int);
126353Smlaierstatic void	print_astats(struct pfr_astats *, int);
126353Smlaierstatic void	radix_perror(void);
126353Smlaierstatic void	xprintf(int, const char *, ...);
171172Smlaierstatic void	print_iface(struct pfi_kif *, int);
126353Smlaier
126353Smlaierstatic const char	*stats_text[PFR_DIR_MAX][PFR_OP_TABLE_MAX] = {
126353Smlaier	{ "In/Block:",	"In/Pass:",	"In/XPass:" },
126353Smlaier	{ "Out/Block:",	"Out/Pass:",	"Out/XPass:" }
126353Smlaier};
126353Smlaier
130617Smlaierstatic const char	*istats_text[2][2][2] = {
130617Smlaier	{ { "In4/Pass:", "In4/Block:" }, { "Out4/Pass:", "Out4/Block:" } },
130617Smlaier	{ { "In6/Pass:", "In6/Block:" }, { "Out6/Pass:", "Out6/Block:" } }
130617Smlaier};
130617Smlaier
126353Smlaier#define RVTEST(fct) do {				\
126353Smlaier		if ((!(opts & PF_OPT_NOACTION) ||	\
126353Smlaier		    (opts & PF_OPT_DUMMYACTION)) &&	\
126353Smlaier		    (fct)) {				\
126353Smlaier			radix_perror();			\
126353Smlaier			goto _error;			\
126353Smlaier		}					\
126353Smlaier	} while (0)
126353Smlaier
126353Smlaier#define CREATE_TABLE do {						\
126353Smlaier		table.pfrt_flags |= PFR_TFLAG_PERSIST;			\
134175Smlaier		if ((!(opts & PF_OPT_NOACTION) ||			\
134175Smlaier		    (opts & PF_OPT_DUMMYACTION)) &&			\
134175Smlaier		    (pfr_add_tables(&table, 1, &nadd, flags)) &&	\
134175Smlaier		    (errno != EPERM)) {					\
134175Smlaier			radix_perror();					\
134175Smlaier			goto _error;					\
134175Smlaier		}							\
126353Smlaier		if (nadd) {						\
126353Smlaier			warn_namespace_collision(table.pfrt_name);	\
126353Smlaier			xprintf(opts, "%d table created", nadd);	\
126353Smlaier			if (opts & PF_OPT_NOACTION)			\
126353Smlaier				return (0);				\
126353Smlaier		}							\
126353Smlaier		table.pfrt_flags &= ~PFR_TFLAG_PERSIST;			\
126353Smlaier	} while(0)
126353Smlaier
126353Smlaierint
145840Smlaierpfctl_clear_tables(const char *anchor, int opts)
126353Smlaier{
145840Smlaier	return pfctl_table(0, NULL, NULL, "-F", NULL, anchor, opts);
126353Smlaier}
126353Smlaier
126353Smlaierint
145840Smlaierpfctl_show_tables(const char *anchor, int opts)
126353Smlaier{
145840Smlaier	return pfctl_table(0, NULL, NULL, "-s", NULL, anchor, opts);
126353Smlaier}
126353Smlaier
126353Smlaierint
126353Smlaierpfctl_command_tables(int argc, char *argv[], char *tname,
145840Smlaier    const char *command, char *file, const char *anchor, int opts)
126353Smlaier{
126353Smlaier	if (tname == NULL || command == NULL)
126353Smlaier		usage();
145840Smlaier	return pfctl_table(argc, argv, tname, command, file, anchor, opts);
126353Smlaier}
126353Smlaier
126353Smlaierint
126353Smlaierpfctl_table(int argc, char *argv[], char *tname, const char *command,
145840Smlaier    char *file, const char *anchor, int opts)
126353Smlaier{
130617Smlaier	struct pfr_table	 table;
130617Smlaier	struct pfr_buffer	 b, b2;
130617Smlaier	struct pfr_addr		*a, *a2;
130617Smlaier	int			 nadd = 0, ndel = 0, nchange = 0, nzero = 0;
130617Smlaier	int			 rv = 0, flags = 0, nmatch = 0;
130617Smlaier	void			*p;
126353Smlaier
126353Smlaier	if (command == NULL)
126353Smlaier		usage();
126353Smlaier	if (opts & PF_OPT_NOACTION)
126353Smlaier		flags |= PFR_FLAG_DUMMY;
126353Smlaier
126353Smlaier	bzero(&b, sizeof(b));
126353Smlaier	bzero(&b2, sizeof(b2));
126353Smlaier	bzero(&table, sizeof(table));
126353Smlaier	if (tname != NULL) {
126353Smlaier		if (strlen(tname) >= PF_TABLE_NAME_SIZE)
126353Smlaier			usage();
126353Smlaier		if (strlcpy(table.pfrt_name, tname,
126353Smlaier		    sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name))
126353Smlaier			errx(1, "pfctl_table: strlcpy");
126353Smlaier	}
126353Smlaier	if (strlcpy(table.pfrt_anchor, anchor,
145840Smlaier	    sizeof(table.pfrt_anchor)) >= sizeof(table.pfrt_anchor))
126353Smlaier		errx(1, "pfctl_table: strlcpy");
126353Smlaier
126353Smlaier	if (!strcmp(command, "-F")) {
126353Smlaier		if (argc || file != NULL)
126353Smlaier			usage();
126353Smlaier		RVTEST(pfr_clr_tables(&table, &ndel, flags));
126353Smlaier		xprintf(opts, "%d tables deleted", ndel);
126353Smlaier	} else if (!strcmp(command, "-s")) {
126353Smlaier		b.pfrb_type = (opts & PF_OPT_VERBOSE2) ?
126353Smlaier		    PFRB_TSTATS : PFRB_TABLES;
126353Smlaier		if (argc || file != NULL)
126353Smlaier			usage();
126353Smlaier		for (;;) {
126353Smlaier			pfr_buf_grow(&b, b.pfrb_size);
126353Smlaier			b.pfrb_size = b.pfrb_msize;
126353Smlaier			if (opts & PF_OPT_VERBOSE2)
126353Smlaier				RVTEST(pfr_get_tstats(&table,
126353Smlaier				    b.pfrb_caddr, &b.pfrb_size, flags));
126353Smlaier			else
126353Smlaier				RVTEST(pfr_get_tables(&table,
126353Smlaier				    b.pfrb_caddr, &b.pfrb_size, flags));
126353Smlaier			if (b.pfrb_size <= b.pfrb_msize)
126353Smlaier				break;
126353Smlaier		}
130617Smlaier
171172Smlaier		if ((opts & PF_OPT_SHOWALL) && b.pfrb_size > 0)
130617Smlaier			pfctl_print_title("TABLES:");
130617Smlaier
126353Smlaier		PFRB_FOREACH(p, &b)
126353Smlaier			if (opts & PF_OPT_VERBOSE2)
126353Smlaier				print_tstats(p, opts & PF_OPT_DEBUG);
126353Smlaier			else
126353Smlaier				print_table(p, opts & PF_OPT_VERBOSE,
126353Smlaier				    opts & PF_OPT_DEBUG);
126353Smlaier	} else if (!strcmp(command, "kill")) {
126353Smlaier		if (argc || file != NULL)
126353Smlaier			usage();
126353Smlaier		RVTEST(pfr_del_tables(&table, 1, &ndel, flags));
126353Smlaier		xprintf(opts, "%d table deleted", ndel);
126353Smlaier	} else if (!strcmp(command, "flush")) {
126353Smlaier		if (argc || file != NULL)
126353Smlaier			usage();
126353Smlaier		RVTEST(pfr_clr_addrs(&table, &ndel, flags));
126353Smlaier		xprintf(opts, "%d addresses deleted", ndel);
126353Smlaier	} else if (!strcmp(command, "add")) {
126353Smlaier		b.pfrb_type = PFRB_ADDRS;
126353Smlaier		if (load_addr(&b, argc, argv, file, 0))
126353Smlaier			goto _error;
126353Smlaier		CREATE_TABLE;
126353Smlaier		if (opts & PF_OPT_VERBOSE)
126353Smlaier			flags |= PFR_FLAG_FEEDBACK;
126353Smlaier		RVTEST(pfr_add_addrs(&table, b.pfrb_caddr, b.pfrb_size,
126353Smlaier		    &nadd, flags));
126353Smlaier		xprintf(opts, "%d/%d addresses added", nadd, b.pfrb_size);
126353Smlaier		if (opts & PF_OPT_VERBOSE)
126353Smlaier			PFRB_FOREACH(a, &b)
126353Smlaier				if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)
126353Smlaier					print_addrx(a, NULL,
126353Smlaier					    opts & PF_OPT_USEDNS);
126353Smlaier	} else if (!strcmp(command, "delete")) {
126353Smlaier		b.pfrb_type = PFRB_ADDRS;
126353Smlaier		if (load_addr(&b, argc, argv, file, 0))
126353Smlaier			goto _error;
126353Smlaier		if (opts & PF_OPT_VERBOSE)
126353Smlaier			flags |= PFR_FLAG_FEEDBACK;
126353Smlaier		RVTEST(pfr_del_addrs(&table, b.pfrb_caddr, b.pfrb_size,
126353Smlaier		    &ndel, flags));
126353Smlaier		xprintf(opts, "%d/%d addresses deleted", ndel, b.pfrb_size);
126353Smlaier		if (opts & PF_OPT_VERBOSE)
126353Smlaier			PFRB_FOREACH(a, &b)
126353Smlaier				if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)
126353Smlaier					print_addrx(a, NULL,
126353Smlaier					    opts & PF_OPT_USEDNS);
126353Smlaier	} else if (!strcmp(command, "replace")) {
126353Smlaier		b.pfrb_type = PFRB_ADDRS;
126353Smlaier		if (load_addr(&b, argc, argv, file, 0))
126353Smlaier			goto _error;
126353Smlaier		CREATE_TABLE;
126353Smlaier		if (opts & PF_OPT_VERBOSE)
126353Smlaier			flags |= PFR_FLAG_FEEDBACK;
126353Smlaier		for (;;) {
126353Smlaier			int sz2 = b.pfrb_msize;
126353Smlaier
126353Smlaier			RVTEST(pfr_set_addrs(&table, b.pfrb_caddr, b.pfrb_size,
126353Smlaier			    &sz2, &nadd, &ndel, &nchange, flags));
126353Smlaier			if (sz2 <= b.pfrb_msize) {
126353Smlaier				b.pfrb_size = sz2;
126353Smlaier				break;
126353Smlaier			} else
126353Smlaier				pfr_buf_grow(&b, sz2);
126353Smlaier		}
126353Smlaier		if (nadd)
126353Smlaier			xprintf(opts, "%d addresses added", nadd);
126353Smlaier		if (ndel)
126353Smlaier			xprintf(opts, "%d addresses deleted", ndel);
126353Smlaier		if (nchange)
126353Smlaier			xprintf(opts, "%d addresses changed", nchange);
126353Smlaier		if (!nadd && !ndel && !nchange)
126353Smlaier			xprintf(opts, "no changes");
126353Smlaier		if (opts & PF_OPT_VERBOSE)
126353Smlaier			PFRB_FOREACH(a, &b)
126353Smlaier				if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)
126353Smlaier					print_addrx(a, NULL,
126353Smlaier					    opts & PF_OPT_USEDNS);
171172Smlaier	} else if (!strcmp(command, "expire")) {
171172Smlaier		const char		*errstr;
171172Smlaier		u_int			 lifetime;
171172Smlaier
171172Smlaier		b.pfrb_type = PFRB_ASTATS;
171172Smlaier		b2.pfrb_type = PFRB_ADDRS;
171172Smlaier		if (argc != 1 || file != NULL)
171172Smlaier			usage();
171172Smlaier		lifetime = strtonum(*argv, 0, UINT_MAX, &errstr);
171172Smlaier		if (errstr)
171172Smlaier			errx(1, "expiry time: %s", errstr);
171172Smlaier		for (;;) {
171172Smlaier			pfr_buf_grow(&b, b.pfrb_size);
171172Smlaier			b.pfrb_size = b.pfrb_msize;
171172Smlaier			RVTEST(pfr_get_astats(&table, b.pfrb_caddr,
171172Smlaier			    &b.pfrb_size, flags));
171172Smlaier			if (b.pfrb_size <= b.pfrb_msize)
171172Smlaier				break;
171172Smlaier		}
223637Sbz		PFRB_FOREACH(p, &b) {
223637Sbz			((struct pfr_astats *)p)->pfras_a.pfra_fback = 0;
171172Smlaier			if (time(NULL) - ((struct pfr_astats *)p)->pfras_tzero >
223637Sbz			    lifetime)
171172Smlaier				if (pfr_buf_add(&b2,
171172Smlaier				    &((struct pfr_astats *)p)->pfras_a))
171172Smlaier					err(1, "duplicate buffer");
223637Sbz		}
171172Smlaier
171172Smlaier		if (opts & PF_OPT_VERBOSE)
171172Smlaier			flags |= PFR_FLAG_FEEDBACK;
171172Smlaier		RVTEST(pfr_del_addrs(&table, b2.pfrb_caddr, b2.pfrb_size,
171172Smlaier		    &ndel, flags));
171172Smlaier		xprintf(opts, "%d/%d addresses expired", ndel, b2.pfrb_size);
171172Smlaier		if (opts & PF_OPT_VERBOSE)
171172Smlaier			PFRB_FOREACH(a, &b2)
171172Smlaier				if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)
171172Smlaier					print_addrx(a, NULL,
171172Smlaier					    opts & PF_OPT_USEDNS);
126353Smlaier	} else if (!strcmp(command, "show")) {
126353Smlaier		b.pfrb_type = (opts & PF_OPT_VERBOSE) ?
130617Smlaier			PFRB_ASTATS : PFRB_ADDRS;
126353Smlaier		if (argc || file != NULL)
126353Smlaier			usage();
126353Smlaier		for (;;) {
126353Smlaier			pfr_buf_grow(&b, b.pfrb_size);
126353Smlaier			b.pfrb_size = b.pfrb_msize;
126353Smlaier			if (opts & PF_OPT_VERBOSE)
126353Smlaier				RVTEST(pfr_get_astats(&table, b.pfrb_caddr,
126353Smlaier				    &b.pfrb_size, flags));
126353Smlaier			else
126353Smlaier				RVTEST(pfr_get_addrs(&table, b.pfrb_caddr,
126353Smlaier				    &b.pfrb_size, flags));
126353Smlaier			if (b.pfrb_size <= b.pfrb_msize)
126353Smlaier				break;
126353Smlaier		}
126353Smlaier		PFRB_FOREACH(p, &b)
126353Smlaier			if (opts & PF_OPT_VERBOSE)
126353Smlaier				print_astats(p, opts & PF_OPT_USEDNS);
126353Smlaier			else
126353Smlaier				print_addrx(p, NULL, opts & PF_OPT_USEDNS);
126353Smlaier	} else if (!strcmp(command, "test")) {
126353Smlaier		b.pfrb_type = PFRB_ADDRS;
126353Smlaier		b2.pfrb_type = PFRB_ADDRS;
126353Smlaier
126353Smlaier		if (load_addr(&b, argc, argv, file, 1))
126353Smlaier			goto _error;
126353Smlaier		if (opts & PF_OPT_VERBOSE2) {
126353Smlaier			flags |= PFR_FLAG_REPLACE;
126353Smlaier			PFRB_FOREACH(a, &b)
126353Smlaier				if (pfr_buf_add(&b2, a))
126353Smlaier					err(1, "duplicate buffer");
126353Smlaier		}
126353Smlaier		RVTEST(pfr_tst_addrs(&table, b.pfrb_caddr, b.pfrb_size,
126353Smlaier		    &nmatch, flags));
126353Smlaier		xprintf(opts, "%d/%d addresses match", nmatch, b.pfrb_size);
171172Smlaier		if ((opts & PF_OPT_VERBOSE) && !(opts & PF_OPT_VERBOSE2))
126353Smlaier			PFRB_FOREACH(a, &b)
126353Smlaier				if (a->pfra_fback == PFR_FB_MATCH)
126353Smlaier					print_addrx(a, NULL,
126353Smlaier					    opts & PF_OPT_USEDNS);
126353Smlaier		if (opts & PF_OPT_VERBOSE2) {
126353Smlaier			a2 = NULL;
126353Smlaier			PFRB_FOREACH(a, &b) {
126353Smlaier				a2 = pfr_buf_next(&b2, a2);
126353Smlaier				print_addrx(a2, a, opts & PF_OPT_USEDNS);
126353Smlaier			}
126353Smlaier		}
126353Smlaier		if (nmatch < b.pfrb_size)
126353Smlaier			rv = 2;
126353Smlaier	} else if (!strcmp(command, "zero")) {
126353Smlaier		if (argc || file != NULL)
126353Smlaier			usage();
126353Smlaier		flags |= PFR_FLAG_ADDRSTOO;
126353Smlaier		RVTEST(pfr_clr_tstats(&table, 1, &nzero, flags));
126353Smlaier		xprintf(opts, "%d table/stats cleared", nzero);
126353Smlaier	} else
126353Smlaier		warnx("pfctl_table: unknown command '%s'", command);
126353Smlaier	goto _cleanup;
126353Smlaier
126353Smlaier_error:
126353Smlaier	rv = -1;
126353Smlaier_cleanup:
126353Smlaier	pfr_buf_clear(&b);
126353Smlaier	pfr_buf_clear(&b2);
126353Smlaier	return (rv);
126353Smlaier}
126353Smlaier
126353Smlaiervoid
126353Smlaierprint_table(struct pfr_table *ta, int verbose, int debug)
126353Smlaier{
126353Smlaier	if (!debug && !(ta->pfrt_flags & PFR_TFLAG_ACTIVE))
126353Smlaier		return;
126353Smlaier	if (verbose) {
223637Sbz		printf("%c%c%c%c%c%c%c\t%s",
126353Smlaier		    (ta->pfrt_flags & PFR_TFLAG_CONST) ? 'c' : '-',
126353Smlaier		    (ta->pfrt_flags & PFR_TFLAG_PERSIST) ? 'p' : '-',
126353Smlaier		    (ta->pfrt_flags & PFR_TFLAG_ACTIVE) ? 'a' : '-',
126353Smlaier		    (ta->pfrt_flags & PFR_TFLAG_INACTIVE) ? 'i' : '-',
126353Smlaier		    (ta->pfrt_flags & PFR_TFLAG_REFERENCED) ? 'r' : '-',
126353Smlaier		    (ta->pfrt_flags & PFR_TFLAG_REFDANCHOR) ? 'h' : '-',
223637Sbz		    (ta->pfrt_flags & PFR_TFLAG_COUNTERS) ? 'C' : '-',
126353Smlaier		    ta->pfrt_name);
126353Smlaier		if (ta->pfrt_anchor[0])
130617Smlaier			printf("\t%s", ta->pfrt_anchor);
126353Smlaier		puts("");
126353Smlaier	} else
126353Smlaier		puts(ta->pfrt_name);
126353Smlaier}
126353Smlaier
126353Smlaiervoid
126353Smlaierprint_tstats(struct pfr_tstats *ts, int debug)
126353Smlaier{
126353Smlaier	time_t	time = ts->pfrts_tzero;
126353Smlaier	int	dir, op;
126353Smlaier
126353Smlaier	if (!debug && !(ts->pfrts_flags & PFR_TFLAG_ACTIVE))
126353Smlaier		return;
126353Smlaier	print_table(&ts->pfrts_t, 1, debug);
126353Smlaier	printf("\tAddresses:   %d\n", ts->pfrts_cnt);
126353Smlaier	printf("\tCleared:     %s", ctime(&time));
126353Smlaier	printf("\tReferences:  [ Anchors: %-18d Rules: %-18d ]\n",
126353Smlaier	    ts->pfrts_refcnt[PFR_REFCNT_ANCHOR],
126353Smlaier	    ts->pfrts_refcnt[PFR_REFCNT_RULE]);
127024Smlaier	printf("\tEvaluations: [ NoMatch: %-18llu Match: %-18llu ]\n",
127024Smlaier	    (unsigned long long)ts->pfrts_nomatch,
127024Smlaier	    (unsigned long long)ts->pfrts_match);
126353Smlaier	for (dir = 0; dir < PFR_DIR_MAX; dir++)
126353Smlaier		for (op = 0; op < PFR_OP_TABLE_MAX; op++)
127024Smlaier			printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",
126353Smlaier			    stats_text[dir][op],
127024Smlaier			    (unsigned long long)ts->pfrts_packets[dir][op],
127024Smlaier			    (unsigned long long)ts->pfrts_bytes[dir][op]);
126353Smlaier}
126353Smlaier
126353Smlaierint
126353Smlaierload_addr(struct pfr_buffer *b, int argc, char *argv[], char *file,
126353Smlaier    int nonetwork)
126353Smlaier{
126353Smlaier	while (argc--)
126353Smlaier		if (append_addr(b, *argv++, nonetwork)) {
126353Smlaier			if (errno)
126353Smlaier				warn("cannot decode %s", argv[-1]);
126353Smlaier			return (-1);
126353Smlaier		}
126353Smlaier	if (pfr_buf_load(b, file, nonetwork, append_addr)) {
126353Smlaier		warn("cannot load %s", file);
126353Smlaier		return (-1);
126353Smlaier	}
126353Smlaier	return (0);
126353Smlaier}
126353Smlaier
126353Smlaiervoid
126353Smlaierprint_addrx(struct pfr_addr *ad, struct pfr_addr *rad, int dns)
126353Smlaier{
126353Smlaier	char		ch, buf[256] = "{error}";
223637Sbz	char		fb[] = { ' ', 'M', 'A', 'D', 'C', 'Z', 'X', ' ', 'Y', ' ' };
126353Smlaier	unsigned int	fback, hostnet;
126353Smlaier
126353Smlaier	fback = (rad != NULL) ? rad->pfra_fback : ad->pfra_fback;
126353Smlaier	ch = (fback < sizeof(fb)/sizeof(*fb)) ? fb[fback] : '?';
126353Smlaier	hostnet = (ad->pfra_af == AF_INET6) ? 128 : 32;
126353Smlaier	inet_ntop(ad->pfra_af, &ad->pfra_u, buf, sizeof(buf));
126353Smlaier	printf("%c %c%s", ch, (ad->pfra_not?'!':' '), buf);
126353Smlaier	if (ad->pfra_net < hostnet)
126353Smlaier		printf("/%d", ad->pfra_net);
126353Smlaier	if (rad != NULL && fback != PFR_FB_NONE) {
126353Smlaier		if (strlcpy(buf, "{error}", sizeof(buf)) >= sizeof(buf))
126353Smlaier			errx(1, "print_addrx: strlcpy");
126353Smlaier		inet_ntop(rad->pfra_af, &rad->pfra_u, buf, sizeof(buf));
126353Smlaier		printf("\t%c%s", (rad->pfra_not?'!':' '), buf);
126353Smlaier		if (rad->pfra_net < hostnet)
126353Smlaier			printf("/%d", rad->pfra_net);
126353Smlaier	}
126353Smlaier	if (rad != NULL && fback == PFR_FB_NONE)
126353Smlaier		printf("\t nomatch");
126353Smlaier	if (dns && ad->pfra_net == hostnet) {
126353Smlaier		char host[NI_MAXHOST];
126353Smlaier		union sockaddr_union sa;
126353Smlaier
126353Smlaier		strlcpy(host, "?", sizeof(host));
126353Smlaier		bzero(&sa, sizeof(sa));
126353Smlaier		sa.sa.sa_family = ad->pfra_af;
126353Smlaier		if (sa.sa.sa_family == AF_INET) {
126353Smlaier			sa.sa.sa_len = sizeof(sa.sin);
126353Smlaier			sa.sin.sin_addr = ad->pfra_ip4addr;
126353Smlaier		} else {
126353Smlaier			sa.sa.sa_len = sizeof(sa.sin6);
126353Smlaier			sa.sin6.sin6_addr = ad->pfra_ip6addr;
126353Smlaier		}
126353Smlaier		if (getnameinfo(&sa.sa, sa.sa.sa_len, host, sizeof(host),
126353Smlaier		    NULL, 0, NI_NAMEREQD) == 0)
126353Smlaier			printf("\t(%s)", host);
126353Smlaier	}
126353Smlaier	printf("\n");
126353Smlaier}
126353Smlaier
126353Smlaiervoid
126353Smlaierprint_astats(struct pfr_astats *as, int dns)
126353Smlaier{
126353Smlaier	time_t	time = as->pfras_tzero;
126353Smlaier	int	dir, op;
126353Smlaier
126353Smlaier	print_addrx(&as->pfras_a, NULL, dns);
126353Smlaier	printf("\tCleared:     %s", ctime(&time));
223637Sbz 	if (as->pfras_a.pfra_fback == PFR_FB_NOCOUNT)
223637Sbz		return;
126353Smlaier	for (dir = 0; dir < PFR_DIR_MAX; dir++)
126353Smlaier		for (op = 0; op < PFR_OP_ADDR_MAX; op++)
127024Smlaier			printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",
126353Smlaier			    stats_text[dir][op],
127024Smlaier			    (unsigned long long)as->pfras_packets[dir][op],
127024Smlaier			    (unsigned long long)as->pfras_bytes[dir][op]);
126353Smlaier}
126353Smlaier
126353Smlaiervoid
126353Smlaierradix_perror(void)
126353Smlaier{
126353Smlaier	extern char *__progname;
126353Smlaier	fprintf(stderr, "%s: %s.\n", __progname, pfr_strerror(errno));
126353Smlaier}
126353Smlaier
126353Smlaierint
126353Smlaierpfctl_define_table(char *name, int flags, int addrs, const char *anchor,
145840Smlaier    struct pfr_buffer *ab, u_int32_t ticket)
126353Smlaier{
126353Smlaier	struct pfr_table tbl;
126353Smlaier
126353Smlaier	bzero(&tbl, sizeof(tbl));
130617Smlaier	if (strlcpy(tbl.pfrt_name, name, sizeof(tbl.pfrt_name)) >=
130617Smlaier	    sizeof(tbl.pfrt_name) || strlcpy(tbl.pfrt_anchor, anchor,
145840Smlaier	    sizeof(tbl.pfrt_anchor)) >= sizeof(tbl.pfrt_anchor))
126353Smlaier		errx(1, "pfctl_define_table: strlcpy");
126353Smlaier	tbl.pfrt_flags = flags;
126353Smlaier
126353Smlaier	return pfr_ina_define(&tbl, ab->pfrb_caddr, ab->pfrb_size, NULL,
126353Smlaier	    NULL, ticket, addrs ? PFR_FLAG_ADDRSTOO : 0);
126353Smlaier}
126353Smlaier
126353Smlaiervoid
126353Smlaierwarn_namespace_collision(const char *filter)
126353Smlaier{
126353Smlaier	struct pfr_buffer b;
126353Smlaier	struct pfr_table *t;
126353Smlaier	const char *name = NULL, *lastcoll;
126353Smlaier	int coll = 0;
126353Smlaier
126353Smlaier	bzero(&b, sizeof(b));
126353Smlaier	b.pfrb_type = PFRB_TABLES;
126353Smlaier	for (;;) {
126353Smlaier		pfr_buf_grow(&b, b.pfrb_size);
126353Smlaier		b.pfrb_size = b.pfrb_msize;
126353Smlaier		if (pfr_get_tables(NULL, b.pfrb_caddr,
126353Smlaier		    &b.pfrb_size, PFR_FLAG_ALLRSETS))
130617Smlaier			err(1, "pfr_get_tables");
126353Smlaier		if (b.pfrb_size <= b.pfrb_msize)
126353Smlaier			break;
126353Smlaier	}
126353Smlaier	PFRB_FOREACH(t, &b) {
126353Smlaier		if (!(t->pfrt_flags & PFR_TFLAG_ACTIVE))
126353Smlaier			continue;
126353Smlaier		if (filter != NULL && strcmp(filter, t->pfrt_name))
126353Smlaier			continue;
126353Smlaier		if (!t->pfrt_anchor[0])
126353Smlaier			name = t->pfrt_name;
126353Smlaier		else if (name != NULL && !strcmp(name, t->pfrt_name)) {
126353Smlaier			coll++;
126353Smlaier			lastcoll = name;
126353Smlaier			name = NULL;
126353Smlaier		}
126353Smlaier	}
126353Smlaier	if (coll == 1)
126353Smlaier		warnx("warning: namespace collision with <%s> global table.",
126353Smlaier		    lastcoll);
126353Smlaier	else if (coll > 1)
126353Smlaier		warnx("warning: namespace collisions with %d global tables.",
126353Smlaier		    coll);
126353Smlaier	pfr_buf_clear(&b);
126353Smlaier}
126353Smlaier
126353Smlaiervoid
126353Smlaierxprintf(int opts, const char *fmt, ...)
126353Smlaier{
126353Smlaier	va_list args;
126353Smlaier
126353Smlaier	if (opts & PF_OPT_QUIET)
126353Smlaier		return;
126353Smlaier
126353Smlaier	va_start(args, fmt);
126353Smlaier	vfprintf(stderr, fmt, args);
126353Smlaier	va_end(args);
126353Smlaier
126353Smlaier	if (opts & PF_OPT_DUMMYACTION)
126353Smlaier		fprintf(stderr, " (dummy).\n");
126353Smlaier	else if (opts & PF_OPT_NOACTION)
126353Smlaier		fprintf(stderr, " (syntax only).\n");
126353Smlaier	else
126353Smlaier		fprintf(stderr, ".\n");
126353Smlaier}
130617Smlaier
130617Smlaier
130617Smlaier/* interface stuff */
130617Smlaier
130617Smlaierint
130617Smlaierpfctl_show_ifaces(const char *filter, int opts)
130617Smlaier{
130617Smlaier	struct pfr_buffer	 b;
171172Smlaier	struct pfi_kif		*p;
171172Smlaier	int			 i = 0;
130617Smlaier
130617Smlaier	bzero(&b, sizeof(b));
130617Smlaier	b.pfrb_type = PFRB_IFACES;
130617Smlaier	for (;;) {
130617Smlaier		pfr_buf_grow(&b, b.pfrb_size);
130617Smlaier		b.pfrb_size = b.pfrb_msize;
171172Smlaier		if (pfi_get_ifaces(filter, b.pfrb_caddr, &b.pfrb_size)) {
130617Smlaier			radix_perror();
130617Smlaier			return (1);
130617Smlaier		}
130617Smlaier		if (b.pfrb_size <= b.pfrb_msize)
130617Smlaier			break;
130617Smlaier		i++;
130617Smlaier	}
130617Smlaier	if (opts & PF_OPT_SHOWALL)
130617Smlaier		pfctl_print_title("INTERFACES:");
130617Smlaier	PFRB_FOREACH(p, &b)
130617Smlaier		print_iface(p, opts);
130617Smlaier	return (0);
130617Smlaier}
130617Smlaier
130617Smlaiervoid
171172Smlaierprint_iface(struct pfi_kif *p, int opts)
130617Smlaier{
171172Smlaier	time_t	tzero = p->pfik_tzero;
130617Smlaier	int	i, af, dir, act;
130617Smlaier
171172Smlaier	printf("%s", p->pfik_name);
171172Smlaier	if (opts & PF_OPT_VERBOSE) {
171172Smlaier		if (p->pfik_flags & PFI_IFLAG_SKIP)
171172Smlaier			printf(" (skip)");
171172Smlaier	}
130617Smlaier	printf("\n");
130617Smlaier
130617Smlaier	if (!(opts & PF_OPT_VERBOSE2))
130617Smlaier		return;
130617Smlaier	printf("\tCleared:     %s", ctime(&tzero));
240233Sglebius	printf("\tReferences:  %-18d\n", p->pfik_rulerefs);
130617Smlaier	for (i = 0; i < 8; i++) {
130617Smlaier		af = (i>>2) & 1;
130617Smlaier		dir = (i>>1) &1;
130617Smlaier		act = i & 1;
130617Smlaier		printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",
130617Smlaier		    istats_text[af][dir][act],
171172Smlaier		    (unsigned long long)p->pfik_packets[af][dir][act],
171172Smlaier		    (unsigned long long)p->pfik_bytes[af][dir][act]);
130617Smlaier	}
130617Smlaier}