static void
fwc_to_fr(const struct ip_fwchange *fwc, struct fw_rule *fr)
{
memset(fr, 0, sizeof(*fr));
strlcpy(fr->fw_device, fwc->fwc_rule.ipfw.fw_vianame,
sizeof(fr->fw_device));
if (strcmp(fwc->fwc_rule.label, IP_FW_LABEL_ACCEPT) == 0)
fr->fw_op = FW_OP_ALLOW;
else
fr->fw_op = FW_OP_BLOCK;
if (strcmp(fwc->fwc_label, IP_FW_LABEL_INPUT) == 0)
fr->fw_dir = FW_DIR_IN;
else
fr->fw_dir = FW_DIR_OUT;
fr->fw_proto = fwc->fwc_rule.ipfw.fw_proto;
fr->fw_src.addr_type = fr->fw_dst.addr_type = ADDR_TYPE_IP;
fr->fw_src.addr_ip = fwc->fwc_rule.ipfw.fw_src.s_addr;
fr->fw_dst.addr_ip = fwc->fwc_rule.ipfw.fw_dst.s_addr;
addr_mtob(&fwc->fwc_rule.ipfw.fw_smsk.s_addr, IP_ADDR_LEN,
&fr->fw_src.addr_bits);
addr_mtob(&fwc->fwc_rule.ipfw.fw_dmsk.s_addr, IP_ADDR_LEN,
&fr->fw_dst.addr_bits);
/* XXX - ICMP? */
fr->fw_sport[0] = fwc->fwc_rule.ipfw.fw_spts[0];
fr->fw_sport[1] = fwc->fwc_rule.ipfw.fw_spts[1];
fr->fw_dport[0] = fwc->fwc_rule.ipfw.fw_dpts[0];
fr->fw_dport[1] = fwc->fwc_rule.ipfw.fw_dpts[1];
}
static int
pr_to_fr(const struct pf_rule *pr, struct fw_rule *fr)
{
memset(fr, 0, sizeof(*fr));
strlcpy(fr->fw_device, pr->ifname, sizeof(fr->fw_device));
if (pr->action == PF_DROP)
fr->fw_op = FW_OP_BLOCK;
else if (pr->action == PF_PASS)
fr->fw_op = FW_OP_ALLOW;
else
return (-1);
fr->fw_dir = pr->direction == PF_IN ? FW_DIR_IN : FW_DIR_OUT;
fr->fw_proto = pr->proto;
if (pr->af != AF_INET)
return (-1);
fr->fw_src.addr_type = ADDR_TYPE_IP;
addr_mtob(&(PFRA_MASK(&pr->src)), IP_ADDR_LEN, &fr->fw_src.addr_bits);
fr->fw_src.addr_ip = PFRA_ADDR(&pr->src);
fr->fw_dst.addr_type = ADDR_TYPE_IP;
addr_mtob(&(PFRA_MASK(&pr->dst)), IP_ADDR_LEN, &fr->fw_dst.addr_bits);
fr->fw_dst.addr_ip = PFRA_ADDR(&pr->dst);
switch (fr->fw_proto) {
case IP_PROTO_ICMP:
if (pr->type) {
fr->fw_sport[0] = pr->type - 1;
fr->fw_sport[1] = 0xff;
}
if (pr->code) {
fr->fw_dport[0] = pr->code - 1;
fr->fw_dport[1] = 0xff;
}
break;
case IP_PROTO_TCP:
case IP_PROTO_UDP:
fr->fw_sport[0] = ntohs(pr->src.port[0]);
fr->fw_sport[1] = ntohs(pr->src.port[1]);
if (pr->src.port_op == PF_OP_EQ)
fr->fw_sport[1] = fr->fw_sport[0];
fr->fw_dport[0] = ntohs(pr->dst.port[0]);
fr->fw_dport[1] = ntohs(pr->dst.port[1]);
if (pr->dst.port_op == PF_OP_EQ)
fr->fw_dport[1] = fr->fw_dport[0];
}
return (0);
}
int
route_loop(route_t *r, route_handler callback, void *arg)
{
struct route_entry entry;
ULONG len;
int i, ret;
for (len = sizeof(r->ipftable[0]); ; ) {
if (r->ipftable)
free(r->ipftable);
r->ipftable = malloc(len);
ret = GetIpForwardTable(r->ipftable, &len, FALSE);
if (ret == NO_ERROR)
break;
else if (ret != ERROR_INSUFFICIENT_BUFFER)
return (-1);
}
entry.route_dst.addr_type = ADDR_TYPE_IP;
entry.route_dst.addr_bits = IP_ADDR_BITS;
entry.route_gw.addr_type = ADDR_TYPE_IP;
entry.route_gw.addr_bits = IP_ADDR_BITS;
for (i = 0; i < (int)r->ipftable->dwNumEntries; i++) {
entry.route_dst.addr_ip = r->ipftable->table[i].dwForwardDest;
addr_mtob(&r->ipftable->table[i].dwForwardMask, IP_ADDR_LEN,
&entry.route_dst.addr_bits);
entry.route_gw.addr_ip =
r->ipftable->table[i].dwForwardNextHop;
if ((ret = (*callback)(&entry, arg)) != 0)
return (ret);
}
return (0);
}
int
addr_pton(const char *src, struct addr *dst)
{
struct hostent *hp;
char *ep, tmp[300];
long bits = -1;
int i;
for (i = 0; i < (int)sizeof(tmp) - 1; i++) {
if (src[i] == '/') {
tmp[i] = '\0';
if (strchr(&src[i + 1], '.')) {
uint32_t m;
uint16_t b;
/* XXX - mask is specified like /255.0.0.0 */
if (ip_pton(&src[i + 1], &m) != 0) {
errno = EINVAL;
return (-1);
}
addr_mtob(&m, sizeof(m), &b);
bits = b;
} else {
bits = strtol(&src[i + 1], &ep, 10);
if (ep == src || *ep != '\0' || bits < 0) {
errno = EINVAL;
return (-1);
}
}
break;
} else if ((tmp[i] = src[i]) == '\0')
break;
}
if (ip_pton(tmp, &dst->addr_ip) == 0) {
dst->addr_type = ADDR_TYPE_IP;
dst->addr_bits = IP_ADDR_BITS;
} else if (eth_pton(tmp, &dst->addr_eth) == 0) {
dst->addr_type = ADDR_TYPE_ETH;
dst->addr_bits = ETH_ADDR_BITS;
} else if (ip6_pton(tmp, &dst->addr_ip6) == 0) {
dst->addr_type = ADDR_TYPE_IP6;
dst->addr_bits = IP6_ADDR_BITS;
} else if ((hp = gethostbyname(tmp)) != NULL) {
memcpy(&dst->addr_ip, hp->h_addr, IP_ADDR_LEN);
dst->addr_type = ADDR_TYPE_IP;
dst->addr_bits = IP_ADDR_BITS;
} else {
errno = EINVAL;
return (-1);
}
if (bits >= 0) {
if (bits > dst->addr_bits) {
errno = EINVAL;
return (-1);
}
dst->addr_bits = (uint16_t)bits;
}
return (0);
}
int
route_loop(route_t *r, route_handler callback, void *arg)
{
FILE *fp;
struct route_entry entry;
char buf[BUFSIZ];
int ret = 0;
if ((fp = fopen(PROC_ROUTE_FILE, "r")) != NULL) {
char ifbuf[16];
int i, iflags, refcnt, use, metric, mss, win, irtt;
uint32_t mask;
while (fgets(buf, sizeof(buf), fp) != NULL) {
i = sscanf(buf, "%16s %X %X %X %d %d %d %X %d %d %d\n",
ifbuf, &entry.route_dst.addr_ip,
&entry.route_gw.addr_ip, &iflags, &refcnt, &use,
&metric, &mask, &mss, &win, &irtt);
if (i < 10 || !(iflags & RTF_UP))
continue;
if (entry.route_gw.addr_ip == IP_ADDR_ANY)
continue;
entry.route_dst.addr_type = entry.route_gw.addr_type =
ADDR_TYPE_IP;
if (addr_mtob(&mask, IP_ADDR_LEN,
&entry.route_dst.addr_bits) < 0)
continue;
entry.route_gw.addr_bits = IP_ADDR_BITS;
if ((ret = callback(&entry, arg)) != 0)
break;
}
fclose(fp);
}
if (ret == 0 && (fp = fopen(PROC_IPV6_ROUTE_FILE, "r")) != NULL) {
char s[33], d[8][5], n[8][5];
u_int slen, dlen;
while (fgets(buf, sizeof(buf), fp) != NULL) {
sscanf(buf, "%04s%04s%04s%04s%04s%04s%04s%04s %02x "
"%32s %02x %04s%04s%04s%04s%04s%04s%04s%04s ",
d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7],
&dlen, s, &slen,
n[0], n[1], n[2], n[3], n[4], n[5], n[6], n[7]);
snprintf(buf, sizeof(buf), "%s:%s:%s:%s:%s:%s:%s:%s/%d",
d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7],
dlen);
addr_aton(buf, &entry.route_dst);
snprintf(buf, sizeof(buf), "%s:%s:%s:%s:%s:%s:%s:%s/%d",
n[0], n[1], n[2], n[3], n[4], n[5], n[6], n[7],
IP6_ADDR_BITS);
addr_aton(buf, &entry.route_gw);
if ((ret = callback(&entry, arg)) != 0)
break;
}
fclose(fp);
}
return (ret);
}
static void
_ifrow_to_entry(intf_t *intf, MIB_IFROW *ifrow, struct intf_entry *entry)
{
struct addr *ap, *lap;
int i;
memset(entry, 0, sizeof(*entry));
for (i = 0; i < intf->ifcombo[ifrow->dwType].cnt; i++) {
if (intf->ifcombo[ifrow->dwType].idx[i] == ifrow->dwIndex)
break;
}
/* XXX - dwType matches MIB-II ifType. */
snprintf(entry->intf_name, sizeof(entry->intf_name), "%s%lu",
_ifcombo_name(ifrow->dwType), i);
entry->intf_type = (uint16_t)ifrow->dwType;
/* Get interface flags. */
entry->intf_flags = 0;
if (ifrow->dwAdminStatus == MIB_IF_ADMIN_STATUS_UP &&
(ifrow->dwOperStatus == MIB_IF_OPER_STATUS_OPERATIONAL ||
ifrow->dwOperStatus == MIB_IF_OPER_STATUS_CONNECTED))
entry->intf_flags |= INTF_FLAG_UP;
if (ifrow->dwType == MIB_IF_TYPE_LOOPBACK)
entry->intf_flags |= INTF_FLAG_LOOPBACK;
else
entry->intf_flags |= INTF_FLAG_MULTICAST;
/* Get interface MTU. */
entry->intf_mtu = ifrow->dwMtu;
/* Get hardware address. */
if (ifrow->dwPhysAddrLen == ETH_ADDR_LEN) {
entry->intf_link_addr.addr_type = ADDR_TYPE_ETH;
entry->intf_link_addr.addr_bits = ETH_ADDR_BITS;
memcpy(&entry->intf_link_addr.addr_eth, ifrow->bPhysAddr,
ETH_ADDR_LEN);
}
/* Get addresses. */
ap = entry->intf_alias_addrs;
lap = ap + ((entry->intf_len - sizeof(*entry)) /
sizeof(entry->intf_alias_addrs[0]));
for (i = 0; i < (int)intf->iptable->dwNumEntries; i++) {
if (intf->iptable->table[i].dwIndex == ifrow->dwIndex &&
intf->iptable->table[i].dwAddr != 0) {
if (entry->intf_addr.addr_type == ADDR_TYPE_NONE) {
/* Set primary address if unset. */
entry->intf_addr.addr_type = ADDR_TYPE_IP;
entry->intf_addr.addr_ip =
intf->iptable->table[i].dwAddr;
addr_mtob(&intf->iptable->table[i].dwMask,
IP_ADDR_LEN, &entry->intf_addr.addr_bits);
} else if (ap < lap) {
/* Set aliases. */
ap->addr_type = ADDR_TYPE_IP;
ap->addr_ip = intf->iptable->table[i].dwAddr;
addr_mtob(&intf->iptable->table[i].dwMask,
IP_ADDR_LEN, &ap->addr_bits);
ap++, entry->intf_alias_num++;
}
}
}
entry->intf_len = (unsigned int) ((u_char *)ap - (u_char *)entry);
}
