1
/*-
2
 * SPDX-License-Identifier: BSD-2-Clause
3
 *
4
 * Copyright (c) 2003 Ryan McBride. All rights reserved.
5
 * Copyright (c) 2004 Max Laier. All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in the
14
 *    documentation and/or other materials provided with the distribution.
15
 *
16
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26
 * SUCH DAMAGE.
27
 */
28

29
#include <sys/param.h>
30
#include <sys/errno.h>
31
#include <sys/ioctl.h>
32
#include <sys/nv.h>
33
#include <sys/socket.h>
34

35
#include <net/if.h>
36
#include <netinet/in.h>
37
#include <net/pfvar.h>
38
#include <net/if_pfsync.h>
39
#include <net/route.h>
40
#include <arpa/inet.h>
41

42
#include <err.h>
43
#include <netdb.h>
44
#include <stdio.h>
45
#include <stdlib.h>
46
#include <string.h>
47
#include <unistd.h>
48

49
#include "ifconfig.h"
50

51
static int
52
pfsync_do_ioctl(if_ctx *ctx, uint cmd, nvlist_t **nvl)
53
{
54
	void *data;
55
	size_t nvlen;
56
	struct ifreq ifr = {};
57

58
	data = nvlist_pack(*nvl, &nvlen);
59

60
	ifr.ifr_cap_nv.buffer = malloc(IFR_CAP_NV_MAXBUFSIZE);
61
	memcpy(ifr.ifr_cap_nv.buffer, data, nvlen);
62
	ifr.ifr_cap_nv.buf_length = IFR_CAP_NV_MAXBUFSIZE;
63
	ifr.ifr_cap_nv.length = nvlen;
64
	free(data);
65

66
	if (ioctl_ctx_ifr(ctx, cmd, &ifr) == -1) {
67
		free(ifr.ifr_cap_nv.buffer);
68
		return -1;
69
	}
70

71
	nvlist_destroy(*nvl);
72
	*nvl = NULL;
73

74
	*nvl = nvlist_unpack(ifr.ifr_cap_nv.buffer, ifr.ifr_cap_nv.length, 0);
75
	if (*nvl == NULL) {
76
		free(ifr.ifr_cap_nv.buffer);
77
		return (EIO);
78
	}
79

80
	free(ifr.ifr_cap_nv.buffer);
81
	return (errno);
82
}
83

84
static nvlist_t *
85
pfsync_sockaddr_to_syncpeer_nvlist(struct sockaddr_storage *sa)
86
{
87
	nvlist_t *nvl;
88

89
	nvl = nvlist_create(0);
90
	if (nvl == NULL) {
91
		return (nvl);
92
	}
93

94
	switch (sa->ss_family) {
95
#ifdef INET
96
	case AF_INET: {
97
		struct sockaddr_in *in = (struct sockaddr_in *)sa;
98
		nvlist_add_number(nvl, "af", in->sin_family);
99
		nvlist_add_binary(nvl, "address", in, sizeof(*in));
100
		break;
101
	}
102
#endif
103
#ifdef INET6
104
	case AF_INET6: {
105
		struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
106
		nvlist_add_number(nvl, "af", in6->sin6_family);
107
		nvlist_add_binary(nvl, "address", in6, sizeof(*in6));
108
		break;
109
	}
110
#endif
111
	default:
112
		nvlist_add_number(nvl, "af", AF_UNSPEC);
113
		nvlist_add_binary(nvl, "address", sa, sizeof(*sa));
114
		break;
115
	}
116

117
	return (nvl);
118
}
119

120
static int
121
pfsync_syncpeer_nvlist_to_sockaddr(const nvlist_t *nvl,
122
    struct sockaddr_storage *sa)
123
{
124
	int af;
125

126
#if (!defined INET && !defined INET6)
127
	(void)sa;
128
#endif
129

130
	if (!nvlist_exists_number(nvl, "af"))
131
		return (EINVAL);
132
	if (!nvlist_exists_binary(nvl, "address"))
133
		return (EINVAL);
134

135
	af = nvlist_get_number(nvl, "af");
136

137
	switch (af) {
138
#ifdef INET
139
	case AF_INET: {
140
		struct sockaddr_in *in = (struct sockaddr_in *)sa;
141
		size_t len;
142
		const void *addr = nvlist_get_binary(nvl, "address", &len);
143
		in->sin_family = af;
144
		if (len != sizeof(*in))
145
			return (EINVAL);
146

147
		memcpy(in, addr, sizeof(*in));
148
		break;
149
	}
150
#endif
151
#ifdef INET6
152
	case AF_INET6: {
153
		struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
154
		size_t len;
155
		const void *addr = nvlist_get_binary(nvl, "address", &len);
156
		if (len != sizeof(*in6))
157
			return (EINVAL);
158

159
		memcpy(in6, addr, sizeof(*in6));
160
		break;
161
	}
162
#endif
163
	default:
164
		return (EINVAL);
165
	}
166

167
	return (0);
168
}
169

170
static void
171
setpfsync_syncdev(if_ctx *ctx, const char *val, int dummy __unused)
172
{
173
	nvlist_t *nvl = nvlist_create(0);
174

175
	if (strlen(val) > IFNAMSIZ)
176
		errx(1, "interface name %s is too long", val);
177

178
	if (pfsync_do_ioctl(ctx, SIOCGETPFSYNCNV, &nvl) == -1)
179
		err(1, "SIOCGETPFSYNCNV");
180

181
	if (nvlist_exists_string(nvl, "syncdev"))
182
		nvlist_free_string(nvl, "syncdev");
183

184
	nvlist_add_string(nvl, "syncdev", val);
185

186
	if (pfsync_do_ioctl(ctx, SIOCSETPFSYNCNV, &nvl) == -1)
187
		err(1, "SIOCSETPFSYNCNV");
188
}
189

190
static void
191
unsetpfsync_syncdev(if_ctx *ctx, const char *val __unused, int dummy __unused)
192
{
193
	nvlist_t *nvl = nvlist_create(0);
194

195
	if (pfsync_do_ioctl(ctx, SIOCGETPFSYNCNV, &nvl) == -1)
196
		err(1, "SIOCGETPFSYNCNV");
197

198
	if (nvlist_exists_string(nvl, "syncdev"))
199
		nvlist_free_string(nvl, "syncdev");
200

201
	nvlist_add_string(nvl, "syncdev", "");
202

203
	if (pfsync_do_ioctl(ctx, SIOCSETPFSYNCNV, &nvl) == -1)
204
		err(1, "SIOCSETPFSYNCNV");
205
}
206

207
static void
208
setpfsync_syncpeer(if_ctx *ctx, const char *val, int dummy __unused)
209
{
210
	struct addrinfo *peerres;
211
	struct sockaddr_storage addr;
212
	int ecode;
213

214
	nvlist_t *nvl = nvlist_create(0);
215

216
	if (pfsync_do_ioctl(ctx, SIOCGETPFSYNCNV, &nvl) == -1)
217
		err(1, "SIOCGETPFSYNCNV");
218

219
	if ((ecode = getaddrinfo(val, NULL, NULL, &peerres)) != 0)
220
		errx(1, "error in parsing address string: %s",
221
		    gai_strerror(ecode));
222

223
	switch (peerres->ai_family) {
224
#ifdef INET
225
	case AF_INET: {
226
		struct sockaddr_in *sin = satosin(peerres->ai_addr);
227

228
		memcpy(&addr, sin, sizeof(*sin));
229
		break;
230
	}
231
#endif
232
#ifdef INET6
233
	case AF_INET6: {
234
		struct sockaddr_in6 *sin6 = satosin6(peerres->ai_addr);
235

236
		memcpy(&addr, sin6, sizeof(*sin6));
237
		break;
238
	}
239
#endif
240
	default:
241
		errx(1, "syncpeer address %s not supported", val);
242
	}
243

244
	if (nvlist_exists_nvlist(nvl, "syncpeer"))
245
		nvlist_free_nvlist(nvl, "syncpeer");
246

247
	nvlist_add_nvlist(nvl, "syncpeer",
248
	    pfsync_sockaddr_to_syncpeer_nvlist(&addr));
249

250
	if (pfsync_do_ioctl(ctx, SIOCSETPFSYNCNV, &nvl) == -1)
251
		err(1, "SIOCSETPFSYNCNV");
252

253
	nvlist_destroy(nvl);
254
	freeaddrinfo(peerres);
255
}
256

257
static void
258
unsetpfsync_syncpeer(if_ctx *ctx, const char *val __unused, int dummy __unused)
259
{
260
	struct sockaddr_storage addr;
261
	memset(&addr, 0, sizeof(addr));
262

263
	nvlist_t *nvl = nvlist_create(0);
264

265
	if (pfsync_do_ioctl(ctx, SIOCGETPFSYNCNV, &nvl) == -1)
266
		err(1, "SIOCGETPFSYNCNV");
267

268
	if (nvlist_exists_nvlist(nvl, "syncpeer"))
269
		nvlist_free_nvlist(nvl, "syncpeer");
270

271
	nvlist_add_nvlist(nvl, "syncpeer",
272
	    pfsync_sockaddr_to_syncpeer_nvlist(&addr));
273

274
	if (pfsync_do_ioctl(ctx, SIOCSETPFSYNCNV, &nvl) == -1)
275
		err(1, "SIOCSETPFSYNCNV");
276

277
	nvlist_destroy(nvl);
278
}
279

280
static void
281
setpfsync_maxupd(if_ctx *ctx, const char *val, int dummy __unused)
282
{
283
	int maxupdates;
284
	nvlist_t *nvl = nvlist_create(0);
285

286
	maxupdates = atoi(val);
287
	if ((maxupdates < 0) || (maxupdates > 255))
288
		errx(1, "maxupd %s: out of range", val);
289

290
	if (pfsync_do_ioctl(ctx, SIOCGETPFSYNCNV, &nvl) == -1)
291
		err(1, "SIOCGETPFSYNCNV");
292

293
	nvlist_free_number(nvl, "maxupdates");
294
	nvlist_add_number(nvl, "maxupdates", maxupdates);
295

296
	if (pfsync_do_ioctl(ctx, SIOCSETPFSYNCNV, &nvl) == -1)
297
		err(1, "SIOCSETPFSYNCNV");
298

299
	nvlist_destroy(nvl);
300
}
301

302
static void
303
setpfsync_defer(if_ctx *ctx, const char *val __unused, int d)
304
{
305
	nvlist_t *nvl = nvlist_create(0);
306

307
	if (pfsync_do_ioctl(ctx, SIOCGETPFSYNCNV, &nvl) == -1)
308
		err(1, "SIOCGETPFSYNCNV");
309

310
	nvlist_free_number(nvl, "flags");
311
	nvlist_add_number(nvl, "flags", d ? PFSYNCF_DEFER : 0);
312

313
	if (pfsync_do_ioctl(ctx, SIOCSETPFSYNCNV, &nvl) == -1)
314
		err(1, "SIOCSETPFSYNCNV");
315

316
	nvlist_destroy(nvl);
317
}
318

319
static void
320
setpfsync_version(if_ctx *ctx, const char *val, int dummy __unused)
321
{
322
	int version;
323
	nvlist_t *nvl = nvlist_create(0);
324

325
	/* Don't verify, kernel knows which versions are supported.*/
326
	version = atoi(val);
327

328
	if (pfsync_do_ioctl(ctx, SIOCGETPFSYNCNV, &nvl) == -1)
329
		err(1, "SIOCGETPFSYNCNV");
330

331
	nvlist_free_number(nvl, "version");
332
	nvlist_add_number(nvl, "version", version);
333

334
	if (pfsync_do_ioctl(ctx, SIOCSETPFSYNCNV, &nvl) == -1)
335
		err(1, "SIOCSETPFSYNCNV");
336

337
	nvlist_destroy(nvl);
338
}
339

340
static void
341
pfsync_status(if_ctx *ctx)
342
{
343
	nvlist_t *nvl;
344
	char syncdev[IFNAMSIZ];
345
	char syncpeer_str[NI_MAXHOST];
346
	struct sockaddr_storage syncpeer;
347
	int maxupdates = 0;
348
	int flags = 0;
349
	int version;
350
	int error;
351

352
	nvl = nvlist_create(0);
353

354
	if (pfsync_do_ioctl(ctx, SIOCGETPFSYNCNV, &nvl) == -1) {
355
		nvlist_destroy(nvl);
356
		return;
357
	}
358

359
	memset((char *)&syncdev, 0, IFNAMSIZ);
360
	if (nvlist_exists_string(nvl, "syncdev"))
361
		strlcpy(syncdev, nvlist_get_string(nvl, "syncdev"),
362
		    IFNAMSIZ);
363
	if (nvlist_exists_number(nvl, "maxupdates"))
364
		maxupdates = nvlist_get_number(nvl, "maxupdates");
365
	if (nvlist_exists_number(nvl, "version"))
366
		version = nvlist_get_number(nvl, "version");
367
	if (nvlist_exists_number(nvl, "flags"))
368
		flags = nvlist_get_number(nvl, "flags");
369
	if (nvlist_exists_nvlist(nvl, "syncpeer")) {
370
		pfsync_syncpeer_nvlist_to_sockaddr(nvlist_get_nvlist(nvl,
371
							     "syncpeer"),
372
		    &syncpeer);
373
	}
374

375
	nvlist_destroy(nvl);
376

377
	printf("\t");
378

379
	if (syncdev[0] != '\0')
380
		printf("syncdev: %s ", syncdev);
381

382
	if ((syncpeer.ss_family == AF_INET &&
383
	    ((struct sockaddr_in *)&syncpeer)->sin_addr.s_addr !=
384
	    htonl(INADDR_PFSYNC_GROUP)) || syncpeer.ss_family == AF_INET6) {
385

386
		struct sockaddr *syncpeer_sa =
387
		    (struct sockaddr *)&syncpeer;
388
		if ((error = getnameinfo(syncpeer_sa, syncpeer_sa->sa_len,
389
			 syncpeer_str, sizeof(syncpeer_str), NULL, 0,
390
			 NI_NUMERICHOST)) != 0)
391
			errx(1, "getnameinfo: %s", gai_strerror(error));
392
		printf("syncpeer: %s ", syncpeer_str);
393
	}
394

395
	printf("maxupd: %d ", maxupdates);
396
	printf("defer: %s ", (flags & PFSYNCF_DEFER) ? "on" : "off");
397
	printf("version: %d\n", version);
398
	printf("\tsyncok: %d\n", (flags & PFSYNCF_OK) ? 1 : 0);
399
}
400

401
static struct cmd pfsync_cmds[] = {
402
	DEF_CMD_ARG("syncdev",		setpfsync_syncdev),
403
	DEF_CMD("-syncdev",	1,	unsetpfsync_syncdev),
404
	DEF_CMD_ARG("syncif",		setpfsync_syncdev),
405
	DEF_CMD("-syncif",	1,	unsetpfsync_syncdev),
406
	DEF_CMD_ARG("syncpeer",		setpfsync_syncpeer),
407
	DEF_CMD("-syncpeer",	1,	unsetpfsync_syncpeer),
408
	DEF_CMD_ARG("maxupd",		setpfsync_maxupd),
409
	DEF_CMD("defer",	1,	setpfsync_defer),
410
	DEF_CMD("-defer",	0,	setpfsync_defer),
411
	DEF_CMD_ARG("version",		setpfsync_version),
412
};
413
static struct afswtch af_pfsync = {
414
	.af_name	= "af_pfsync",
415
	.af_af		= AF_UNSPEC,
416
	.af_other_status = pfsync_status,
417
};
418

419
static __constructor void
420
pfsync_ctor(void)
421
{
422
	for (size_t i = 0; i < nitems(pfsync_cmds);  i++)
423
		cmd_register(&pfsync_cmds[i]);
424
	af_register(&af_pfsync);
425
}
426

427