void print_state(struct pfsync_state *s, int opts) { struct pfsync_state_peer *src, *dst; struct pfsync_state_key *sk, *nk; struct protoent *p; int min, sec; if (s->direction == PF_OUT) { src = &s->src; dst = &s->dst; sk = &s->key[PF_SK_STACK]; nk = &s->key[PF_SK_WIRE]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[0] = nk->port[0]; } else { src = &s->dst; dst = &s->src; sk = &s->key[PF_SK_WIRE]; nk = &s->key[PF_SK_STACK]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[1] = nk->port[1]; } printf("%s ", s->ifname); if ((p = getprotobynumber(s->proto)) != NULL) printf("%s ", p->p_name); else printf("%u ", s->proto); print_host(&nk->addr[1], nk->port[1], s->af, opts); if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) || nk->port[1] != sk->port[1]) { printf(" ("); print_host(&sk->addr[1], sk->port[1], s->af, opts); printf(")"); } if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); print_host(&nk->addr[0], nk->port[0], s->af, opts); if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) || nk->port[0] != sk->port[0]) { printf(" ("); print_host(&sk->addr[0], sk->port[0], s->af, opts); printf(")"); } printf(" "); if (s->proto == IPPROTO_TCP) { if (src->state <= TCPS_TIME_WAIT && dst->state <= TCPS_TIME_WAIT) printf(" %s:%s\n", tcpstates[src->state], tcpstates[dst->state]); else if (src->state == PF_TCPS_PROXY_SRC || dst->state == PF_TCPS_PROXY_SRC) printf(" PROXY:SRC\n"); else if (src->state == PF_TCPS_PROXY_DST || dst->state == PF_TCPS_PROXY_DST) printf(" PROXY:DST\n"); else printf(" <BAD STATE LEVELS %u:%u>\n", src->state, dst->state); if (opts & PF_OPT_VERBOSE) { printf(" "); print_seq(src); if (src->wscale && dst->wscale) printf(" wscale %u", src->wscale & PF_WSCALE_MASK); printf(" "); print_seq(dst); if (src->wscale && dst->wscale) printf(" wscale %u", dst->wscale & PF_WSCALE_MASK); printf("\n"); } } else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES && dst->state < PFUDPS_NSTATES) { const char *states[] = PFUDPS_NAMES; printf(" %s:%s\n", states[src->state], states[dst->state]); } else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) { /* XXX ICMP doesn't really have state levels */ const char *states[] = PFOTHERS_NAMES; printf(" %s:%s\n", states[src->state], states[dst->state]); } else { printf(" %u:%u\n", src->state, dst->state); } if (opts & PF_OPT_VERBOSE) { u_int64_t packets[2]; u_int64_t bytes[2]; u_int32_t creation = ntohl(s->creation); u_int32_t expire = ntohl(s->expire); printf(" rule %u", ntohl(s->rule)); if (ntohl(s->anchor) != -1) printf(", anchor %u", ntohl(s->anchor)); printf(", flags:"); if (s->state_flags & PFSTATE_ALLOWOPTS) printf(" allowopts"); if (s->state_flags & PFSTATE_SLOPPY) printf(" sloppy"); if (s->state_flags & PFSTATE_STACK_GLOBAL) printf(" global"); if (s->state_flags & PFSTATE_CREATEINPROG) printf(" creating"); if (s->state_flags & PFSTATE_HALF_DUPLEX) printf(" (TRANSLATION COLLISION)"); if (s->sync_flags & PFSYNC_FLAG_SRCNODE) printf(" source-track"); if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE) printf(" sticky-address"); switch(s->pickup_mode) { case PF_PICKUPS_UNSPECIFIED: break; case PF_PICKUPS_DISABLED: printf(" no-pickups"); break; case PF_PICKUPS_HASHONLY: printf(" hash-only"); break; case PF_PICKUPS_ENABLED: printf(" pickups"); break; } printf("\n"); sec = creation % 60; creation /= 60; min = creation % 60; creation /= 60; printf(" age %.2u:%.2u:%.2u", creation, min, sec); sec = expire % 60; expire /= 60; min = expire % 60; expire /= 60; printf(", expires in %.2u:%.2u:%.2u", expire, min, sec); bcopy(s->packets[0], &packets[0], sizeof(u_int64_t)); bcopy(s->packets[1], &packets[1], sizeof(u_int64_t)); bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t)); bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t)); printf(", %" PRIu64 ":%" PRIu64 " pkts, %" PRIu64 ":%" PRIu64 " bytes\n", be64toh(packets[0]), be64toh(packets[1]), be64toh(bytes[0]), be64toh(bytes[1])); } if (opts & PF_OPT_VERBOSE2) { u_int64_t id; bcopy(&s->id, &id, sizeof(u_int64_t)); printf(" id: %016jx creatorid: %08x cpuid: %-3d", be64toh(id), ntohl(s->creatorid), s->cpuid); printf("\n"); } }
int main(int argc, char *argv[]) { int argi, hosti, testi; char *pagepattern = NULL, *hostpattern = NULL; char *envarea = NULL, *cookie = NULL, *nexthost; char *hobbitcmd, *procscmd, *svcscmd; int alertcolors, alertinterval; char configfn[PATH_MAX]; char *respbuf = NULL, *procsbuf = NULL, *svcsbuf = NULL; hostlist_t *hwalk; htnames_t *twalk; hostlist_t **allhosts = NULL; htnames_t **alltests = NULL; int hostcount = 0, maxtests = 0; time_t now = getcurrenttime(NULL); sendreturn_t *sres; for (argi=1; (argi < argc); argi++) { if (argnmatch(argv[argi], "--env=")) { char *p = strchr(argv[argi], '='); loadenv(p+1, envarea); } else if (argnmatch(argv[argi], "--area=")) { char *p = strchr(argv[argi], '='); envarea = strdup(p+1); } else if (strcmp(argv[argi], "--debug") == 0) { debug = 1; } else if (argnmatch(argv[argi], "--delimiter=")) { char *p = strchr(argv[argi], '='); coldelim = strdup(p+1); } else if (strcmp(argv[argi], "--critical") == 0) { nkonly = 1; } else if (strcmp(argv[argi], "--old-nk-config") == 0) { newnkconfig = 0; } } redirect_cgilog("hobbit-confreport"); load_hostnames(xgetenv("BBHOSTS"), NULL, get_fqdn()); load_nkconfig(NULL); /* Setup the filter we use for the report */ cookie = get_cookie("pagepath"); if (cookie && *cookie) pagepattern = strdup(cookie); cookie = get_cookie("host"); if (cookie && *cookie) hostpattern = strdup(cookie); /* Fetch the list of host+test statuses we currently know about */ if (pagepattern) { hobbitcmd = (char *)malloc(2*strlen(pagepattern) + 1024); procscmd = (char *)malloc(2*strlen(pagepattern) + 1024); svcscmd = (char *)malloc(2*strlen(pagepattern) + 1024); sprintf(hobbitcmd, "hobbitdboard page=^%s$|^%s/.+ fields=hostname,testname", pagepattern, pagepattern); sprintf(procscmd, "hobbitdboard page=^%s$|^%s/.+ test=procs fields=hostname,msg", pagepattern, pagepattern); sprintf(svcscmd, "hobbitdboard page=^%s$|^%s/.+ test=svcs fields=hostname,msg", pagepattern, pagepattern); } else if (hostpattern) { hobbitcmd = (char *)malloc(strlen(hostpattern) + 1024); procscmd = (char *)malloc(strlen(hostpattern) + 1024); svcscmd = (char *)malloc(strlen(hostpattern) + 1024); sprintf(hobbitcmd, "hobbitdboard host=^%s$ fields=hostname,testname", hostpattern); sprintf(procscmd, "hobbitdboard host=^%s$ test=procs fields=hostname,msg", hostpattern); sprintf(svcscmd, "hobbitdboard host=^%s$ test=svcs fields=hostname,msg", hostpattern); } else { hobbitcmd = (char *)malloc(1024); procscmd = (char *)malloc(1024); svcscmd = (char *)malloc(1024); sprintf(hobbitcmd, "hobbitdboard fields=hostname,testname"); sprintf(procscmd, "hobbitdboard test=procs fields=hostname,msg"); sprintf(svcscmd, "hobbitdboard test=svcs fields=hostname,msg"); } sres = newsendreturnbuf(1, NULL); if (sendmessage(hobbitcmd, NULL, BBTALK_TIMEOUT, sres) != BB_OK) { errormsg("Cannot contact the Hobbit server\n"); return 1; } respbuf = getsendreturnstr(sres, 1); if (sendmessage(procscmd, NULL, BBTALK_TIMEOUT, sres) != BB_OK) { errormsg("Cannot contact the Hobbit server\n"); return 1; } procsbuf = getsendreturnstr(sres, 1); if (sendmessage(svcscmd, NULL, BBTALK_TIMEOUT, sres) != BB_OK) { errormsg("Cannot contact the Hobbit server\n"); return 1; } svcsbuf = getsendreturnstr(sres, 1); freesendreturnbuf(sres); if (!respbuf) { errormsg("Unable to find host information\n"); return 1; } /* Parse it into a usable list */ nexthost = respbuf; do { char *hname, *tname, *eoln; int wanted = 1; eoln = strchr(nexthost, '\n'); if (eoln) *eoln = '\0'; hname = nexthost; tname = strchr(nexthost, '|'); if (tname) { *tname = '\0'; tname++; } if (nkonly) { void *hinfo = hostinfo(hname); char *nkalerts = bbh_item(hinfo, BBH_NK); if (newnkconfig) { if (strcmp(nkval(hname, tname, nkalerts), "No") == 0 ) wanted = 0; } else { if (!nkalerts) wanted = 0; } } if (wanted && hname && tname && strcmp(hname, "summary") && strcmp(tname, xgetenv("INFOCOLUMN")) && strcmp(tname, xgetenv("TRENDSCOLUMN"))) { htnames_t *newitem = (htnames_t *)malloc(sizeof(htnames_t)); for (hwalk = hosthead; (hwalk && strcmp(hwalk->hostname, hname)); hwalk = hwalk->next); if (!hwalk) { hwalk = (hostlist_t *)calloc(1, sizeof(hostlist_t)); hwalk->hostname = strdup(hname); hwalk->procs = get_proclist(hname, procsbuf); hwalk->svcs = get_proclist(hname, svcsbuf); hwalk->next = hosthead; hosthead = hwalk; hostcount++; } newitem->name = strdup(tname); newitem->next = hwalk->tests; hwalk->tests = newitem; hwalk->testcount++; } if (eoln) { nexthost = eoln+1; if (*nexthost == '\0') nexthost = NULL; } } while (nexthost); allhosts = (hostlist_t **) malloc(hostcount * sizeof(hostlist_t *)); for (hwalk = hosthead, hosti=0; (hwalk); hwalk = hwalk->next, hosti++) { allhosts[hosti] = hwalk; if (hwalk->testcount > maxtests) maxtests = hwalk->testcount; } alltests = (htnames_t **) malloc(maxtests * sizeof(htnames_t *)); qsort(&allhosts[0], hostcount, sizeof(hostlist_t **), host_compare); /* Get the static info */ load_all_links(); init_tcp_services(); pingcolumn = xgetenv("PINGCOLUMN"); pingplus = (char *)malloc(strlen(pingcolumn) + 2); sprintf(pingplus, "%s=", pingcolumn); /* Load alert config */ alertcolors = colorset(xgetenv("ALERTCOLORS"), ((1 << COL_GREEN) | (1 << COL_BLUE))); alertinterval = 60*atoi(xgetenv("ALERTREPEAT")); sprintf(configfn, "%s/etc/hobbit-alerts.cfg", xgetenv("BBHOME")); load_alertconfig(configfn, alertcolors, alertinterval); load_columndocs(); printf("Content-Type: %s\n\n", xgetenv("HTMLCONTENTTYPE")); sethostenv("", "", "", colorname(COL_BLUE), NULL); headfoot(stdout, "confreport", "", "header", COL_BLUE); fprintf(stdout, "<table width=\"100%%\" border=0>\n"); fprintf(stdout, "<tr><th align=center colspan=2><font size=\"+2\">Hobbit configuration Report</font></th></tr>\n"); fprintf(stdout, "<tr><th valign=top align=left>Date</th><td>%s</td></tr>\n", ctime(&now)); fprintf(stdout, "<tr><th valign=top align=left>%d hosts included</th><td>\n", hostcount); for (hosti=0; (hosti < hostcount); hosti++) { fprintf(stdout, "%s ", allhosts[hosti]->hostname); } fprintf(stdout, "</td></tr>\n"); if (nkonly) { fprintf(stdout, "<tr><th valign=top align=left>Filter</th><td>Only data for the "Critical Systems" view reported</td></tr>\n"); } fprintf(stdout, "</table>\n"); headfoot(stdout, "confreport", "", "front", COL_BLUE); for (hosti=0; (hosti < hostcount); hosti++) { for (twalk = allhosts[hosti]->tests, testi = 0; (twalk); twalk = twalk->next, testi++) { alltests[testi] = twalk; } qsort(&alltests[0], allhosts[hosti]->testcount, sizeof(htnames_t **), test_compare); print_host(allhosts[hosti], alltests, allhosts[hosti]->testcount); } headfoot(stdout, "confreport", "", "back", COL_BLUE); print_columndocs(); headfoot(stdout, "confreport", "", "footer", COL_BLUE); return 0; }
void print_state(struct pfsync_state *s, int opts) { struct pfsync_state_peer *src, *dst; struct pfsync_state_key *key, *sk, *nk; struct protoent *p; int min, sec; #ifndef __NO_STRICT_ALIGNMENT struct pfsync_state_key aligned_key[2]; bcopy(&s->key, aligned_key, sizeof(aligned_key)); key = aligned_key; #else key = s->key; #endif if (s->direction == PF_OUT) { src = &s->src; dst = &s->dst; sk = &key[PF_SK_STACK]; nk = &key[PF_SK_WIRE]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[0] = nk->port[0]; } else { src = &s->dst; dst = &s->src; sk = &key[PF_SK_WIRE]; nk = &key[PF_SK_STACK]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[1] = nk->port[1]; } printf("%s ", s->ifname); if ((p = getprotobynumber(s->proto)) != NULL) printf("%s ", p->p_name); else printf("%u ", s->proto); print_host(&nk->addr[1], nk->port[1], s->af, opts); if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) || nk->port[1] != sk->port[1]) { printf(" ("); print_host(&sk->addr[1], sk->port[1], s->af, opts); printf(")"); } if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); print_host(&nk->addr[0], nk->port[0], s->af, opts); if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) || nk->port[0] != sk->port[0]) { printf(" ("); print_host(&sk->addr[0], sk->port[0], s->af, opts); printf(")"); } printf(" "); if (s->proto == IPPROTO_TCP) { if (src->state <= TCPS_TIME_WAIT && dst->state <= TCPS_TIME_WAIT) printf(" %s:%s\n", tcpstates[src->state], tcpstates[dst->state]); else if (src->state == PF_TCPS_PROXY_SRC || dst->state == PF_TCPS_PROXY_SRC) printf(" PROXY:SRC\n"); else if (src->state == PF_TCPS_PROXY_DST || dst->state == PF_TCPS_PROXY_DST) printf(" PROXY:DST\n"); else printf(" <BAD STATE LEVELS %u:%u>\n", src->state, dst->state); if (opts & PF_OPT_VERBOSE) { printf(" "); print_seq(src); if (src->wscale && dst->wscale) printf(" wscale %u", src->wscale & PF_WSCALE_MASK); printf(" "); print_seq(dst); if (src->wscale && dst->wscale) printf(" wscale %u", dst->wscale & PF_WSCALE_MASK); printf("\n"); } } else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES && dst->state < PFUDPS_NSTATES) { const char *states[] = PFUDPS_NAMES; printf(" %s:%s\n", states[src->state], states[dst->state]); #ifndef INET6 } else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) { #else } else if (s->proto != IPPROTO_ICMP && s->proto != IPPROTO_ICMPV6 && src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) { #endif /* XXX ICMP doesn't really have state levels */ const char *states[] = PFOTHERS_NAMES; printf(" %s:%s\n", states[src->state], states[dst->state]); } else { printf(" %u:%u\n", src->state, dst->state); } if (opts & PF_OPT_VERBOSE) { u_int64_t packets[2]; u_int64_t bytes[2]; u_int32_t creation = ntohl(s->creation); u_int32_t expire = ntohl(s->expire); sec = creation % 60; creation /= 60; min = creation % 60; creation /= 60; printf(" age %.2u:%.2u:%.2u", creation, min, sec); sec = expire % 60; expire /= 60; min = expire % 60; expire /= 60; printf(", expires in %.2u:%.2u:%.2u", expire, min, sec); bcopy(s->packets[0], &packets[0], sizeof(u_int64_t)); bcopy(s->packets[1], &packets[1], sizeof(u_int64_t)); bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t)); bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t)); printf(", %ju:%ju pkts, %ju:%ju bytes", (uintmax_t )be64toh(packets[0]), (uintmax_t )be64toh(packets[1]), (uintmax_t )be64toh(bytes[0]), (uintmax_t )be64toh(bytes[1])); if (ntohl(s->anchor) != -1) printf(", anchor %u", ntohl(s->anchor)); if (ntohl(s->rule) != -1) printf(", rule %u", ntohl(s->rule)); if (s->state_flags & PFSTATE_SLOPPY) printf(", sloppy"); if (s->sync_flags & PFSYNC_FLAG_SRCNODE) printf(", source-track"); if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE) printf(", sticky-address"); printf("\n"); } if (opts & PF_OPT_VERBOSE2) { u_int64_t id; bcopy(&s->id, &id, sizeof(u_int64_t)); printf(" id: %016jx creatorid: %08x", (uintmax_t )be64toh(id), ntohl(s->creatorid)); printf("\n"); } }
int server_fcgi(struct httpd *env, struct client *clt) { struct server_fcgi_param param; struct server_config *srv_conf = clt->clt_srv_conf; struct http_descriptor *desc = clt->clt_descreq; struct fcgi_record_header *h; struct fcgi_begin_request_body *begin; char hbuf[HOST_NAME_MAX+1]; size_t scriptlen; int pathlen; int fd = -1, ret; const char *stripped, *p, *alias, *errstr = NULL; char *str, *script = NULL; if (srv_conf->socket[0] == ':') { struct sockaddr_storage ss; in_port_t port; p = srv_conf->socket + 1; port = strtonum(p, 0, 0xffff, &errstr); if (errstr != NULL) { log_warn("%s: strtonum %s, %s", __func__, p, errstr); goto fail; } memset(&ss, 0, sizeof(ss)); ss.ss_family = AF_INET; ((struct sockaddr_in *) &ss)->sin_addr.s_addr = htonl(INADDR_LOOPBACK); port = htons(port); if ((fd = server_socket_connect(&ss, port, srv_conf)) == -1) goto fail; } else { struct sockaddr_un sun; size_t len; #if (defined(__FreeBSD_version) && (__FreeBSD_version < 1000000)) if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) #else if ((fd = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0)) == -1) #endif goto fail; memset(&sun, 0, sizeof(sun)); sun.sun_family = AF_UNIX; len = strlcpy(sun.sun_path, srv_conf->socket, sizeof(sun.sun_path)); if (len >= sizeof(sun.sun_path)) { errstr = "socket path too long"; goto fail; } sun.sun_len = len; if (connect(fd, (struct sockaddr *)&sun, sizeof(sun)) == -1) goto fail; } memset(hbuf, 0, sizeof(hbuf)); clt->clt_fcgi.state = FCGI_READ_HEADER; clt->clt_fcgi.toread = sizeof(struct fcgi_record_header); clt->clt_fcgi.status = 200; clt->clt_fcgi.headersdone = 0; if (clt->clt_srvevb != NULL) evbuffer_free(clt->clt_srvevb); clt->clt_srvevb = evbuffer_new(); if (clt->clt_srvevb == NULL) { errstr = "failed to allocate evbuffer"; goto fail; } close(clt->clt_fd); clt->clt_fd = fd; if (clt->clt_srvbev != NULL) bufferevent_free(clt->clt_srvbev); clt->clt_srvbev_throttled = 0; clt->clt_srvbev = bufferevent_new(fd, server_fcgi_read, NULL, server_file_error, clt); if (clt->clt_srvbev == NULL) { errstr = "failed to allocate fcgi buffer event"; goto fail; } memset(¶m, 0, sizeof(param)); h = (struct fcgi_record_header *)¶m.buf; h->version = 1; h->type = FCGI_BEGIN_REQUEST; h->id = htons(1); h->content_len = htons(sizeof(struct fcgi_begin_request_body)); h->padding_len = 0; begin = (struct fcgi_begin_request_body *)¶m.buf[sizeof(struct fcgi_record_header)]; begin->role = htons(FCGI_RESPONDER); if (bufferevent_write(clt->clt_srvbev, ¶m.buf, sizeof(struct fcgi_record_header) + sizeof(struct fcgi_begin_request_body)) == -1) { errstr = "failed to write to evbuffer"; goto fail; } h->type = FCGI_PARAMS; h->content_len = param.total_len = 0; alias = desc->http_path_alias != NULL ? desc->http_path_alias : desc->http_path; stripped = server_root_strip(alias, srv_conf->strip); if ((pathlen = asprintf(&script, "%s%s", srv_conf->root, stripped)) == -1) { errstr = "failed to get script name"; goto fail; } scriptlen = path_info(script); /* * no part of root should show up in PATH_INFO. * therefore scriptlen should be >= strlen(root) */ if (scriptlen < strlen(srv_conf->root)) scriptlen = strlen(srv_conf->root); if ((int)scriptlen < pathlen) { if (fcgi_add_param(¶m, "PATH_INFO", script + scriptlen, clt) == -1) { errstr = "failed to encode param"; goto fail; } script[scriptlen] = '\0'; } else { /* RFC 3875 mandates that PATH_INFO is empty if not set */ if (fcgi_add_param(¶m, "PATH_INFO", "", clt) == -1) { errstr = "failed to encode param"; goto fail; } } /* * calculate length of http SCRIPT_NAME: * add length of stripped prefix, * subtract length of prepended local root */ scriptlen += (stripped - alias) - strlen(srv_conf->root); if ((str = strndup(alias, scriptlen)) == NULL) goto fail; ret = fcgi_add_param(¶m, "SCRIPT_NAME", str, clt); free(str); if (ret == -1) { errstr = "failed to encode param"; goto fail; } if (fcgi_add_param(¶m, "SCRIPT_FILENAME", script, clt) == -1) { errstr = "failed to encode param"; goto fail; } if (desc->http_query) { if (fcgi_add_param(¶m, "QUERY_STRING", desc->http_query, clt) == -1) { errstr = "failed to encode param"; goto fail; } } else if (fcgi_add_param(¶m, "QUERY_STRING", "", clt) == -1) { errstr = "failed to encode param"; goto fail; } if (fcgi_add_param(¶m, "DOCUMENT_ROOT", srv_conf->root, clt) == -1) { errstr = "failed to encode param"; goto fail; } if (fcgi_add_param(¶m, "DOCUMENT_URI", alias, clt) == -1) { errstr = "failed to encode param"; goto fail; } if (fcgi_add_param(¶m, "GATEWAY_INTERFACE", "CGI/1.1", clt) == -1) { errstr = "failed to encode param"; goto fail; } if (srv_conf->flags & SRVFLAG_AUTH) { if (fcgi_add_param(¶m, "REMOTE_USER", clt->clt_remote_user, clt) == -1) { errstr = "failed to encode param"; goto fail; } } /* Add HTTP_* headers */ if (server_headers(clt, desc, server_fcgi_writeheader, ¶m) == -1) { errstr = "failed to encode param"; goto fail; } if (srv_conf->flags & SRVFLAG_TLS) if (fcgi_add_param(¶m, "HTTPS", "on", clt) == -1) { errstr = "failed to encode param"; goto fail; } (void)print_host(&clt->clt_ss, hbuf, sizeof(hbuf)); if (fcgi_add_param(¶m, "REMOTE_ADDR", hbuf, clt) == -1) { errstr = "failed to encode param"; goto fail; } (void)snprintf(hbuf, sizeof(hbuf), "%d", ntohs(clt->clt_port)); if (fcgi_add_param(¶m, "REMOTE_PORT", hbuf, clt) == -1) { errstr = "failed to encode param"; goto fail; } if (fcgi_add_param(¶m, "REQUEST_METHOD", server_httpmethod_byid(desc->http_method), clt) == -1) { errstr = "failed to encode param"; goto fail; } if (!desc->http_query) { if (fcgi_add_param(¶m, "REQUEST_URI", desc->http_path, clt) == -1) { errstr = "failed to encode param"; goto fail; } } else { if (asprintf(&str, "%s?%s", desc->http_path, desc->http_query) == -1) { errstr = "failed to encode param"; goto fail; } ret = fcgi_add_param(¶m, "REQUEST_URI", str, clt); free(str); if (ret == -1) { errstr = "failed to encode param"; goto fail; } } (void)print_host(&clt->clt_srv_ss, hbuf, sizeof(hbuf)); if (fcgi_add_param(¶m, "SERVER_ADDR", hbuf, clt) == -1) { errstr = "failed to encode param"; goto fail; } (void)snprintf(hbuf, sizeof(hbuf), "%d", ntohs(server_socket_getport(&clt->clt_srv_ss))); if (fcgi_add_param(¶m, "SERVER_PORT", hbuf, clt) == -1) { errstr = "failed to encode param"; goto fail; } if (fcgi_add_param(¶m, "SERVER_NAME", srv_conf->name, clt) == -1) { errstr = "failed to encode param"; goto fail; } if (fcgi_add_param(¶m, "SERVER_PROTOCOL", desc->http_version, clt) == -1) { errstr = "failed to encode param"; goto fail; } if (fcgi_add_param(¶m, "SERVER_SOFTWARE", HTTPD_SERVERNAME, clt) == -1) { errstr = "failed to encode param"; goto fail; } if (param.total_len != 0) { /* send last params record */ if (bufferevent_write(clt->clt_srvbev, ¶m.buf, sizeof(struct fcgi_record_header) + ntohs(h->content_len)) == -1) { errstr = "failed to write to client evbuffer"; goto fail; } } /* send "no more params" message */ h->content_len = 0; if (bufferevent_write(clt->clt_srvbev, ¶m.buf, sizeof(struct fcgi_record_header)) == -1) { errstr = "failed to write to client evbuffer"; goto fail; } bufferevent_settimeout(clt->clt_srvbev, srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec); bufferevent_enable(clt->clt_srvbev, EV_READ|EV_WRITE); if (clt->clt_toread != 0) { server_read_httpcontent(clt->clt_bev, clt); bufferevent_enable(clt->clt_bev, EV_READ); } else { bufferevent_disable(clt->clt_bev, EV_READ); fcgi_add_stdin(clt, NULL); } if (strcmp(desc->http_version, "HTTP/1.1") == 0) { clt->clt_fcgi.chunked = 1; } else { /* HTTP/1.0 does not support chunked encoding */ clt->clt_fcgi.chunked = 0; clt->clt_persist = 0; } clt->clt_fcgi.end = 0; clt->clt_done = 0; free(script); return (0); fail: free(script); if (errstr == NULL) errstr = strerror(errno); if (fd != -1 && clt->clt_fd != fd) close(fd); server_abort_http(clt, 500, errstr); return (-1); }
static void print_state(netdissect_options *ndo, struct pfsync_state *s) { struct pfsync_state_peer *src, *dst; struct pfsync_state_key *sk, *nk; int min, sec; if (s->direction == PF_OUT) { src = &s->src; dst = &s->dst; sk = &s->key[PF_SK_STACK]; nk = &s->key[PF_SK_WIRE]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[0] = nk->port[0]; } else { src = &s->dst; dst = &s->src; sk = &s->key[PF_SK_WIRE]; nk = &s->key[PF_SK_STACK]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[1] = nk->port[1]; } ND_PRINT((ndo, "\t%s ", s->ifname)); ND_PRINT((ndo, "proto %u ", s->proto)); print_host(ndo, &nk->addr[1], nk->port[1], s->af, NULL); if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) || nk->port[1] != sk->port[1]) { ND_PRINT((ndo, " (")); print_host(ndo, &sk->addr[1], sk->port[1], s->af, NULL); ND_PRINT((ndo, ")")); } if (s->direction == PF_OUT) ND_PRINT((ndo, " -> ")); else ND_PRINT((ndo, " <- ")); print_host(ndo, &nk->addr[0], nk->port[0], s->af, NULL); if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) || nk->port[0] != sk->port[0]) { ND_PRINT((ndo, " (")); print_host(ndo, &sk->addr[0], sk->port[0], s->af, NULL); ND_PRINT((ndo, ")")); } print_src_dst(ndo, src, dst, s->proto); if (vflag > 1) { uint64_t packets[2]; uint64_t bytes[2]; uint32_t creation = ntohl(s->creation); uint32_t expire = ntohl(s->expire); sec = creation % 60; creation /= 60; min = creation % 60; creation /= 60; ND_PRINT((ndo, "\n\tage %.2u:%.2u:%.2u", creation, min, sec)); sec = expire % 60; expire /= 60; min = expire % 60; expire /= 60; ND_PRINT((ndo, ", expires in %.2u:%.2u:%.2u", expire, min, sec)); bcopy(s->packets[0], &packets[0], sizeof(uint64_t)); bcopy(s->packets[1], &packets[1], sizeof(uint64_t)); bcopy(s->bytes[0], &bytes[0], sizeof(uint64_t)); bcopy(s->bytes[1], &bytes[1], sizeof(uint64_t)); ND_PRINT((ndo, ", %ju:%ju pkts, %ju:%ju bytes", be64toh(packets[0]), be64toh(packets[1]), be64toh(bytes[0]), be64toh(bytes[1]))); if (s->anchor != ntohl(-1)) ND_PRINT((ndo, ", anchor %u", ntohl(s->anchor))); if (s->rule != ntohl(-1)) ND_PRINT((ndo, ", rule %u", ntohl(s->rule))); } if (vflag > 1) { uint64_t id; bcopy(&s->id, &id, sizeof(uint64_t)); ND_PRINT((ndo, "\n\tid: %016jx creatorid: %08x", (uintmax_t )be64toh(id), ntohl(s->creatorid))); } }
int ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld, struct iked_message *msg, off_t offset, u_int payload) { struct ikev2_tsp tsp; struct ikev2_ts ts; size_t len, i; struct sockaddr_in s4; struct sockaddr_in6 s6; u_int8_t buf[2][128]; u_int8_t *msgbuf = ibuf_data(msg->msg_data); memcpy(&tsp, msgbuf + offset, sizeof(tsp)); offset += sizeof(tsp); len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(tsp); log_debug("%s: count %d length %d", __func__, tsp.tsp_count, len); for (i = 0; i < tsp.tsp_count; i++) { memcpy(&ts, msgbuf + offset, sizeof(ts)); log_debug("%s: type %s protoid %u length %d " "startport %u endport %u", __func__, print_map(ts.ts_type, ikev2_ts_map), ts.ts_protoid, betoh16(ts.ts_length), betoh16(ts.ts_startport), betoh16(ts.ts_endport)); switch (ts.ts_type) { case IKEV2_TS_IPV4_ADDR_RANGE: bzero(&s4, sizeof(s4)); s4.sin_family = AF_INET; s4.sin_len = sizeof(s4); memcpy(&s4.sin_addr.s_addr, msgbuf + offset + sizeof(ts), 4); print_host((struct sockaddr *)&s4, (char *)buf[0], sizeof(buf[0])); memcpy(&s4.sin_addr.s_addr, msgbuf + offset + sizeof(ts) + 4, 4); print_host((struct sockaddr *)&s4, (char *)buf[1], sizeof(buf[1])); log_debug("%s: start %s end %s", __func__, buf[0], buf[1]); break; case IKEV2_TS_IPV6_ADDR_RANGE: bzero(&s6, sizeof(s6)); s6.sin6_family = AF_INET6; s6.sin6_len = sizeof(s6); memcpy(&s6.sin6_addr, msgbuf + offset + sizeof(ts), 16); print_host((struct sockaddr *)&s6, (char *)buf[0], sizeof(buf[0])); memcpy(&s6.sin6_addr, msgbuf + offset + sizeof(ts) + 16, 16); print_host((struct sockaddr *)&s6, (char *)buf[1], sizeof(buf[1])); log_debug("%s: start %s end %s", __func__, buf[0], buf[1]); break; default: break; } offset += betoh16(ts.ts_length); } return (0); }
int show_summary_msg(struct imsg *imsg, int type) { struct rdr *rdr; struct table *table; struct host *host; struct relay *rlay; struct router *rt; struct netroute *nr; struct ctl_stats stats[RELAY_MAXPROC]; char name[MAXHOSTNAMELEN]; switch (imsg->hdr.type) { case IMSG_CTL_RDR: if (!(type == SHOW_SUM || type == SHOW_RDRS)) break; rdr = imsg->data; printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n", rdr->conf.id, "redirect", rdr->conf.name, "", print_rdr_status(rdr->conf.flags)); break; case IMSG_CTL_TABLE: if (!(type == SHOW_SUM || type == SHOW_HOSTS)) break; table = imsg->data; printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n", table->conf.id, "table", table->conf.name, "", print_table_status(table->up, table->conf.flags)); break; case IMSG_CTL_HOST: if (!(type == SHOW_SUM || type == SHOW_HOSTS)) break; host = imsg->data; if (host->conf.parentid) snprintf(name, sizeof(name), "%s parent %u", host->conf.name, host->conf.parentid); else strlcpy(name, host->conf.name, sizeof(name)); printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n", host->conf.id, "host", name, print_availability(host->check_cnt, host->up_cnt), print_host_status(host->up, host->flags)); if (type == SHOW_HOSTS && host->check_cnt) { printf("\t%8s\ttotal: %lu/%lu checks", "", host->up_cnt, host->check_cnt); if (host->retry_cnt) printf(", %d retries", host->retry_cnt); if (host->he && host->up == HOST_DOWN) printf(", error: %s", host_error(host->he)); printf("\n"); } break; case IMSG_CTL_RELAY: if (!(type == SHOW_SUM || type == SHOW_RELAYS)) break; rlay = imsg->data; printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n", rlay->rl_conf.id, "relay", rlay->rl_conf.name, "", print_relay_status(rlay->rl_conf.flags)); break; case IMSG_CTL_RDR_STATS: if (type != SHOW_RDRS) break; bcopy(imsg->data, &stats[0], sizeof(stats[0])); stats[1].id = EMPTY_ID; print_statistics(stats); break; case IMSG_CTL_RELAY_STATS: if (type != SHOW_RELAYS) break; bcopy(imsg->data, &stats, sizeof(stats)); print_statistics(stats); break; case IMSG_CTL_ROUTER: if (!(type == SHOW_SUM || type == SHOW_ROUTERS)) break; rt = imsg->data; printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n", rt->rt_conf.id, "router", rt->rt_conf.name, "", print_relay_status(rt->rt_conf.flags)); if (type != SHOW_ROUTERS) break; if (rt->rt_conf.rtable) printf("\t%8s\trtable: %d\n", "", rt->rt_conf.rtable); if (strlen(rt->rt_conf.label)) printf("\t%8s\trtlabel: %s\n", "", rt->rt_conf.label); break; case IMSG_CTL_NETROUTE: if (type != SHOW_ROUTERS) break; nr = imsg->data; (void)print_host(&nr->nr_conf.ss, name, sizeof(name)); printf("\t%8s\troute: %s/%d\n", "", name, nr->nr_conf.prefixlen); break; case IMSG_CTL_END: return (1); default: errx(1, "wrong message in summary: %u", imsg->hdr.type); break; } return (0); }
void print_state(struct pfsync_state *s, int opts) { struct pfsync_state_peer *src, *dst; struct pfsync_state_key *sk, *nk; struct protoent *p; int min, sec; int afto = (s->key[PF_SK_STACK].af != s->key[PF_SK_WIRE].af); int idx; if (s->direction == PF_OUT) { src = &s->src; dst = &s->dst; sk = &s->key[PF_SK_STACK]; nk = &s->key[PF_SK_WIRE]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[0] = nk->port[0]; } else { src = &s->dst; dst = &s->src; sk = &s->key[PF_SK_WIRE]; nk = &s->key[PF_SK_STACK]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[1] = nk->port[1]; } printf("%s ", s->ifname); if ((p = getprotobynumber(s->proto)) != NULL) printf("%s ", p->p_name); else printf("%u ", s->proto); print_host(&nk->addr[1], nk->port[1], nk->af, nk->rdomain, opts); if (nk->af != sk->af || PF_ANEQ(&nk->addr[1], &sk->addr[1], nk->af) || nk->port[1] != sk->port[1] || nk->rdomain != sk->rdomain) { idx = afto ? 0 : 1; printf(" ("); print_host(&sk->addr[idx], sk->port[idx], sk->af, sk->rdomain, opts); printf(")"); } if (s->direction == PF_OUT || (afto && s->direction == PF_IN)) printf(" -> "); else printf(" <- "); print_host(&nk->addr[0], nk->port[0], nk->af, nk->rdomain, opts); if (nk->af != sk->af || PF_ANEQ(&nk->addr[0], &sk->addr[0], nk->af) || nk->port[0] != sk->port[0] || nk->rdomain != sk->rdomain) { idx = afto ? 1 : 0; printf(" ("); print_host(&sk->addr[idx], sk->port[idx], sk->af, sk->rdomain, opts); printf(")"); } printf(" "); if (s->proto == IPPROTO_TCP) { if (src->state <= TCPS_TIME_WAIT && dst->state <= TCPS_TIME_WAIT) printf(" %s:%s\n", tcpstates[src->state], tcpstates[dst->state]); else if (src->state == PF_TCPS_PROXY_SRC || dst->state == PF_TCPS_PROXY_SRC) printf(" PROXY:SRC\n"); else if (src->state == PF_TCPS_PROXY_DST || dst->state == PF_TCPS_PROXY_DST) printf(" PROXY:DST\n"); else printf(" <BAD STATE LEVELS %u:%u>\n", src->state, dst->state); if (opts & PF_OPT_VERBOSE) { printf(" "); print_seq(src); if (src->wscale && dst->wscale) printf(" wscale %u", src->wscale & PF_WSCALE_MASK); printf(" "); print_seq(dst); if (src->wscale && dst->wscale) printf(" wscale %u", dst->wscale & PF_WSCALE_MASK); printf("\n"); } } else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES && dst->state < PFUDPS_NSTATES) { const char *states[] = PFUDPS_NAMES; printf(" %s:%s\n", states[src->state], states[dst->state]); } else if (s->proto != IPPROTO_ICMP && s->proto != IPPROTO_ICMPV6 && src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) { /* XXX ICMP doesn't really have state levels */ const char *states[] = PFOTHERS_NAMES; printf(" %s:%s\n", states[src->state], states[dst->state]); } else { printf(" %u:%u\n", src->state, dst->state); } if (opts & PF_OPT_VERBOSE) { u_int64_t packets[2]; u_int64_t bytes[2]; u_int32_t creation = ntohl(s->creation); u_int32_t expire = ntohl(s->expire); sec = creation % 60; creation /= 60; min = creation % 60; creation /= 60; printf(" age %.2u:%.2u:%.2u", creation, min, sec); sec = expire % 60; expire /= 60; min = expire % 60; expire /= 60; printf(", expires in %.2u:%.2u:%.2u", expire, min, sec); bcopy(s->packets[0], &packets[0], sizeof(u_int64_t)); bcopy(s->packets[1], &packets[1], sizeof(u_int64_t)); bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t)); bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t)); printf(", %llu:%llu pkts, %llu:%llu bytes", betoh64(packets[0]), betoh64(packets[1]), betoh64(bytes[0]), betoh64(bytes[1])); if (ntohl(s->anchor) != -1) printf(", anchor %u", ntohl(s->anchor)); if (ntohl(s->rule) != -1) printf(", rule %u", ntohl(s->rule)); if (s->state_flags & PFSTATE_SLOPPY) printf(", sloppy"); if (s->state_flags & PFSTATE_PFLOW) printf(", pflow"); if (s->sync_flags & PFSYNC_FLAG_SRCNODE) printf(", source-track"); if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE) printf(", sticky-address"); printf("\n"); } if (opts & PF_OPT_VERBOSE2) { u_int64_t id; bcopy(&s->id, &id, sizeof(u_int64_t)); printf(" id: %016llx creatorid: %08x", betoh64(id), ntohl(s->creatorid)); printf("\n"); } }
int ikev2_msg_send(struct iked *env, struct iked_message *msg) { struct iked_sa *sa = msg->msg_sa; struct ibuf *buf = msg->msg_data; uint32_t natt = 0x00000000; int isnatt = 0; uint8_t exchange, flags; struct ike_header *hdr; struct iked_message *m; if (buf == NULL || (hdr = ibuf_seek(msg->msg_data, msg->msg_offset, sizeof(*hdr))) == NULL) return (-1); isnatt = (msg->msg_natt || (msg->msg_sa && msg->msg_sa->sa_natt)); exchange = hdr->ike_exchange; flags = hdr->ike_flags; log_info("%s: %s %s from %s to %s msgid %u, %ld bytes%s", __func__, print_map(exchange, ikev2_exchange_map), (flags & IKEV2_FLAG_RESPONSE) ? "response" : "request", print_host((struct sockaddr *)&msg->msg_local, NULL, 0), print_host((struct sockaddr *)&msg->msg_peer, NULL, 0), betoh32(hdr->ike_msgid), ibuf_length(buf), isnatt ? ", NAT-T" : ""); if (isnatt) { if (ibuf_prepend(buf, &natt, sizeof(natt)) == -1) { log_debug("%s: failed to set NAT-T", __func__); return (-1); } msg->msg_offset += sizeof(natt); } if (sendtofrom(msg->msg_fd, ibuf_data(buf), ibuf_size(buf), 0, (struct sockaddr *)&msg->msg_peer, msg->msg_peerlen, (struct sockaddr *)&msg->msg_local, msg->msg_locallen) == -1) { log_warn("%s: sendtofrom", __func__); return (-1); } if (!sa) return (0); if ((m = ikev2_msg_copy(env, msg)) == NULL) { log_debug("%s: failed to copy a message", __func__); return (-1); } m->msg_exchange = exchange; if (flags & IKEV2_FLAG_RESPONSE) { TAILQ_INSERT_TAIL(&sa->sa_responses, m, msg_entry); timer_set(env, &m->msg_timer, ikev2_msg_response_timeout, m); timer_add(env, &m->msg_timer, IKED_RESPONSE_TIMEOUT); } else { TAILQ_INSERT_TAIL(&sa->sa_requests, m, msg_entry); timer_set(env, &m->msg_timer, ikev2_msg_retransmit_timeout, m); timer_add(env, &m->msg_timer, IKED_RETRANSMIT_TIMEOUT); } return (0); }
int recverr(int fd, int ttl) { int res; struct probehdr rcvbuf; char cbuf[512]; struct iovec iov; struct msghdr msg; struct cmsghdr *cmsg; struct sock_extended_err *e; struct sockaddr_in addr; struct timeval tv; struct timeval *rettv; int slot; int rethops; int sndhops; int progress = -1; int broken_router; char hnamebuf[NI_MAXHOST] = ""; restart: memset(&rcvbuf, -1, sizeof(rcvbuf)); iov.iov_base = &rcvbuf; iov.iov_len = sizeof(rcvbuf); msg.msg_name = (__u8*)&addr; msg.msg_namelen = sizeof(addr); msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_flags = 0; msg.msg_control = cbuf; msg.msg_controllen = sizeof(cbuf); gettimeofday(&tv, NULL); res = recvmsg(fd, &msg, MSG_ERRQUEUE); if (res < 0) { if (errno == EAGAIN) return progress; goto restart; } progress = mtu; rethops = -1; sndhops = -1; e = NULL; rettv = NULL; slot = ntohs(addr.sin_port) - base_port; if (slot>=0 && slot < 63 && his[slot].hops) { sndhops = his[slot].hops; rettv = &his[slot].sendtime; his[slot].hops = 0; } broken_router = 0; if (res == sizeof(rcvbuf)) { if (rcvbuf.ttl == 0 || rcvbuf.tv.tv_sec == 0) { broken_router = 1; } else { sndhops = rcvbuf.ttl; rettv = &rcvbuf.tv; } } for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { if (cmsg->cmsg_level == SOL_IP) { if (cmsg->cmsg_type == IP_RECVERR) { e = (struct sock_extended_err *) CMSG_DATA(cmsg); } else if (cmsg->cmsg_type == IP_TTL) { memcpy(&rethops, CMSG_DATA(cmsg), sizeof(rethops)); } else { printf("cmsg:%d\n ", cmsg->cmsg_type); } } } if (e == NULL) { printf("no info\n"); return 0; } if (e->ee_origin == SO_EE_ORIGIN_LOCAL) { printf("%2d?: %*s ", ttl, -(HOST_COLUMN_SIZE - 1), "[LOCALHOST]"); } else if (e->ee_origin == SO_EE_ORIGIN_ICMP) { char abuf[128]; struct sockaddr_in *sin = (struct sockaddr_in*)(e+1); inet_ntop(AF_INET, &sin->sin_addr, abuf, sizeof(abuf)); if (sndhops>0) printf("%2d: ", sndhops); else printf("%2d?: ", ttl); if (!no_resolve || show_both) { fflush(stdout); getnameinfo((struct sockaddr *) sin, sizeof *sin, hnamebuf, sizeof hnamebuf, NULL, 0, getnameinfo_flags); } if (no_resolve) print_host(abuf, hnamebuf, show_both); else print_host(hnamebuf, abuf, show_both); } if (rettv) { int diff = (tv.tv_sec-rettv->tv_sec)*1000000+(tv.tv_usec-rettv->tv_usec); printf("%3d.%03dms ", diff/1000, diff%1000); if (broken_router) printf("(This broken router returned corrupted payload) "); } if (rethops<=64) rethops = 65-rethops; else if (rethops<=128) rethops = 129-rethops; else rethops = 256-rethops; switch (e->ee_errno) { case ETIMEDOUT: printf("\n"); break; case EMSGSIZE: printf("pmtu %d\n", e->ee_info); mtu = e->ee_info; progress = mtu; break; case ECONNREFUSED: printf("reached\n"); hops_to = sndhops<0 ? ttl : sndhops; hops_from = rethops; return 0; case EPROTO: printf("!P\n"); return 0; case EHOSTUNREACH: if (e->ee_origin == SO_EE_ORIGIN_ICMP && e->ee_type == 11 && e->ee_code == 0) { if (rethops>=0) { if (sndhops>=0 && rethops != sndhops) printf("asymm %2d ", rethops); else if (sndhops<0 && rethops != ttl) printf("asymm %2d ", rethops); } printf("\n"); break; } printf("!H\n"); return 0; case ENETUNREACH: printf("!N\n"); return 0; case EACCES: printf("!A\n"); return 0; default: printf("\n"); errno = e->ee_errno; perror("NET ERROR"); return 0; } goto restart; }
void print_state(struct pfsync_state *s, int opts) { struct pfsync_state_peer *src, *dst; struct pfsync_state_key *sk, *nk; int min, sec, sidx, didx; if (s->direction == PF_OUT) { src = &s->src; dst = &s->dst; sk = &s->key[PF_SK_STACK]; nk = &s->key[PF_SK_WIRE]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[0] = nk->port[0]; } else { src = &s->dst; dst = &s->src; sk = &s->key[PF_SK_WIRE]; nk = &s->key[PF_SK_STACK]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[1] = nk->port[1]; } printf("%s ", s->ifname); printf("%s ", ipproto_string(s->proto)); if (nk->af != sk->af) sidx = 1, didx = 0; else sidx = 0, didx = 1; print_host(&nk->addr[didx], nk->port[didx], nk->af, nk->rdomain, NULL, opts); if (nk->af != sk->af || PF_ANEQ(&nk->addr[1], &sk->addr[1], nk->af) || nk->port[1] != sk->port[1]) { printf(" ("); print_host(&sk->addr[1], sk->port[1], sk->af, sk->rdomain, NULL, opts); printf(")"); } if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); print_host(&nk->addr[sidx], nk->port[sidx], nk->af, nk->rdomain, NULL, opts); if (nk->af != sk->af || PF_ANEQ(&nk->addr[0], &sk->addr[0], nk->af) || nk->port[0] != sk->port[0]) { printf(" ("); print_host(&sk->addr[0], sk->port[0], sk->af, sk->rdomain, NULL, opts); printf(")"); } printf(" "); if (s->proto == IPPROTO_TCP) { if (src->state <= TCPS_TIME_WAIT && dst->state <= TCPS_TIME_WAIT) printf("\n %s:%s", tcpstates[src->state], tcpstates[dst->state]); else if (src->state == PF_TCPS_PROXY_SRC || dst->state == PF_TCPS_PROXY_SRC) printf("\n PROXY:SRC"); else if (src->state == PF_TCPS_PROXY_DST || dst->state == PF_TCPS_PROXY_DST) printf("\n PROXY:DST"); else printf("\n <BAD STATE LEVELS %u:%u>", src->state, dst->state); if (opts & PF_OPT_VERBOSE) { printf("\n "); print_seq(src); if (src->wscale && dst->wscale) printf(" wscale %u", src->wscale & PF_WSCALE_MASK); printf(" "); print_seq(dst); if (src->wscale && dst->wscale) printf(" wscale %u", dst->wscale & PF_WSCALE_MASK); } } else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES && dst->state < PFUDPS_NSTATES) { const char *states[] = PFUDPS_NAMES; printf(" %s:%s", states[src->state], states[dst->state]); } else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) { /* XXX ICMP doesn't really have state levels */ const char *states[] = PFOTHERS_NAMES; printf(" %s:%s", states[src->state], states[dst->state]); } else { printf(" %u:%u", src->state, dst->state); } if (opts & PF_OPT_VERBOSE) { u_int64_t packets[2]; u_int64_t bytes[2]; u_int32_t creation = ntohl(s->creation); u_int32_t expire = ntohl(s->expire); sec = creation % 60; creation /= 60; min = creation % 60; creation /= 60; printf("\n age %.2u:%.2u:%.2u", creation, min, sec); sec = expire % 60; expire /= 60; min = expire % 60; expire /= 60; printf(", expires in %.2u:%.2u:%.2u", expire, min, sec); bcopy(s->packets[0], &packets[0], sizeof(u_int64_t)); bcopy(s->packets[1], &packets[1], sizeof(u_int64_t)); bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t)); bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t)); printf(", %llu:%llu pkts, %llu:%llu bytes", betoh64(packets[0]), betoh64(packets[1]), betoh64(bytes[0]), betoh64(bytes[1])); if (s->anchor != -1) printf(", anchor %u", ntohl(s->anchor)); if (s->rule != -1) printf(", rule %u", ntohl(s->rule)); } if (opts & PF_OPT_VERBOSE2) { u_int64_t id; bcopy(&s->id, &id, sizeof(u_int64_t)); printf("\n id: %016llx creatorid: %08x", betoh64(id), ntohl(s->creatorid)); } }
static void print_obj(enum journal_operation ope, void *obj) { switch (ope) { case GFM_JOURNAL_BEGIN: case GFM_JOURNAL_END: break; case GFM_JOURNAL_HOST_ADD: print_host(obj); break; case GFM_JOURNAL_HOST_MODIFY: { struct db_host_modify_arg *m = obj; print_host(&m->hi); if (opt_verbose) { print_modflags(m->modflags, host_modflag_info); if (m->add_count > 0) print_stringlist("add_aliases", m->add_aliases); if (m->del_count > 0) print_stringlist("del_aliases", m->del_aliases); } break; } case GFM_JOURNAL_USER_ADD: print_user(obj); break; case GFM_JOURNAL_USER_MODIFY: { struct db_user_modify_arg *m = obj; print_user(&m->ui); if (opt_verbose) print_modflags(m->modflags, user_modflag_info); break; } case GFM_JOURNAL_GROUP_ADD: print_group(obj); break; case GFM_JOURNAL_GROUP_MODIFY: { struct db_group_modify_arg *m = obj; print_group(&m->gi); if (opt_verbose) { print_modflags(m->modflags, NULL); if (m->add_count > 0) print_stringlist("add_users", m->add_users); if (m->del_count > 0) print_stringlist("del_users", m->del_users); } break; } case GFM_JOURNAL_HOST_REMOVE: case GFM_JOURNAL_USER_REMOVE: case GFM_JOURNAL_GROUP_REMOVE: case GFM_JOURNAL_MDHOST_REMOVE: printf("name=%s", (const char *)obj); break; case GFM_JOURNAL_INODE_ADD: case GFM_JOURNAL_INODE_MODIFY: print_stat(obj); break; case GFM_JOURNAL_INODE_GEN_MODIFY: case GFM_JOURNAL_INODE_NLINK_MODIFY: case GFM_JOURNAL_INODE_SIZE_MODIFY: { struct db_inode_uint64_modify_arg *m = obj; printf("ino=%" GFARM_PRId64, m->inum); if (opt_verbose) printf(";uint64=%" GFARM_PRId64 "", m->uint64); break; } case GFM_JOURNAL_INODE_MODE_MODIFY: { struct db_inode_uint32_modify_arg *m = obj; printf("ino=%" GFARM_PRId64, m->inum); if (opt_verbose) printf(";uint32=%d", m->uint32); break; } case GFM_JOURNAL_INODE_USER_MODIFY: case GFM_JOURNAL_INODE_GROUP_MODIFY: { struct db_inode_string_modify_arg *m = obj; printf("ino=%" GFARM_PRId64, m->inum); if (opt_verbose) printf(";string=%s", m->string); break; } case GFM_JOURNAL_INODE_ATIME_MODIFY: case GFM_JOURNAL_INODE_MTIME_MODIFY: case GFM_JOURNAL_INODE_CTIME_MODIFY: { struct db_inode_timespec_modify_arg *m = obj; printf("ino=%" GFARM_PRId64, m->inum); if (opt_verbose) print_timespec("time", &m->time); break; } case GFM_JOURNAL_INODE_CKSUM_ADD: case GFM_JOURNAL_INODE_CKSUM_MODIFY: { struct db_inode_cksum_arg *m = obj; printf("ino=%" GFARM_PRId64, m->inum); if (opt_verbose) printf(";type=%s;len=%lu", m->type, (unsigned long)m->len); break; } case GFM_JOURNAL_INODE_CKSUM_REMOVE: case GFM_JOURNAL_SYMLINK_REMOVE: { struct db_inode_inum_arg *m = obj; printf("ino=%" GFARM_PRId64, m->inum); break; } case GFM_JOURNAL_FILECOPY_ADD: case GFM_JOURNAL_FILECOPY_REMOVE: { struct db_filecopy_arg *m = obj; printf("ino=%" GFARM_PRId64, m->inum); if (opt_verbose) printf(";hostname=%s", m->hostname); break; } case GFM_JOURNAL_DEADFILECOPY_ADD: case GFM_JOURNAL_DEADFILECOPY_REMOVE: { struct db_deadfilecopy_arg *m = obj; printf("ino=%" GFARM_PRId64, m->inum); if (opt_verbose) printf(";igen=%" GFARM_PRId64 ";hostname=%s", m->igen, m->hostname); break; } case GFM_JOURNAL_DIRENTRY_ADD: case GFM_JOURNAL_DIRENTRY_REMOVE: { struct db_direntry_arg *m = obj; printf("ino=%" GFARM_PRId64, m->dir_inum); if (opt_verbose) printf(";entry_ino=%" GFARM_PRId64 ";entry_name=%s;entry_len=%d", m->entry_inum, m->entry_name, m->entry_len); break; } case GFM_JOURNAL_SYMLINK_ADD: { struct db_symlink_arg *m = obj; printf("ino=%" GFARM_PRId64, m->inum); if (opt_verbose) printf(";source_path=%s", m->source_path); break; } case GFM_JOURNAL_XATTR_ADD: case GFM_JOURNAL_XATTR_MODIFY: case GFM_JOURNAL_XATTR_REMOVE: case GFM_JOURNAL_XATTR_REMOVEALL: { struct db_xattr_arg *m = obj; printf("ino=%" GFARM_PRId64, m->inum); if (opt_verbose) { printf(";xml_mode=%d;attrname=%s;size=%lu", m->xmlMode, m->attrname, (unsigned long)m->size); print_bin_value("value", m->value, m->size); } break; } case GFM_JOURNAL_QUOTA_ADD: case GFM_JOURNAL_QUOTA_MODIFY: { struct db_quota_arg *m = obj; printf("name=%s;is_group=%d", m->name, m->is_group); if (opt_verbose) print_quota(&m->quota); break; } case GFM_JOURNAL_QUOTA_REMOVE: { struct db_quota_remove_arg *m = obj; printf("name=%s;is_group=%d", m->name, m->is_group); break; } case GFM_JOURNAL_MDHOST_ADD: print_mdhost(obj); break; case GFM_JOURNAL_MDHOST_MODIFY: { struct db_mdhost_modify_arg *m = obj; print_mdhost(&m->ms); break; } case GFM_JOURNAL_FSNGROUP_MODIFY: { struct db_fsngroup_modify_arg *m = obj; print_fsngroup_modify(m->hostname, m->fsngroupname); break; } default: break; } }
int recverr(int fd, int ttl) { int res; struct probehdr rcvbuf; char cbuf[512]; struct iovec iov; struct msghdr msg; struct cmsghdr *cmsg; struct sock_extended_err *e; struct sockaddr_storage addr; struct timeval tv; struct timeval *rettv; int slot = 0; int rethops; int sndhops; int progress = -1; int broken_router; restart: memset(&rcvbuf, -1, sizeof(rcvbuf)); iov.iov_base = &rcvbuf; iov.iov_len = sizeof(rcvbuf); msg.msg_name = (caddr_t)&addr; msg.msg_namelen = sizeof(addr); msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_flags = 0; msg.msg_control = cbuf; msg.msg_controllen = sizeof(cbuf); gettimeofday(&tv, NULL); res = recvmsg(fd, &msg, MSG_ERRQUEUE); if (res < 0) { if (errno == EAGAIN) return progress; goto restart; } progress = mtu; rethops = -1; sndhops = -1; e = NULL; rettv = NULL; slot = -base_port; switch (family) { case AF_INET6: slot += ntohs(((struct sockaddr_in6 *)&addr)->sin6_port); break; case AF_INET: slot += ntohs(((struct sockaddr_in *)&addr)->sin_port); break; } if (slot >= 0 && slot < 63 && his[slot].hops) { sndhops = his[slot].hops; rettv = &his[slot].sendtime; his[slot].hops = 0; } broken_router = 0; if (res == sizeof(rcvbuf)) { if (rcvbuf.ttl == 0 || rcvbuf.tv.tv_sec == 0) broken_router = 1; else { sndhops = rcvbuf.ttl; rettv = &rcvbuf.tv; } } for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { switch (cmsg->cmsg_level) { case SOL_IPV6: switch(cmsg->cmsg_type) { case IPV6_RECVERR: e = (struct sock_extended_err *)CMSG_DATA(cmsg); break; case IPV6_HOPLIMIT: #ifdef IPV6_2292HOPLIMIT case IPV6_2292HOPLIMIT: #endif memcpy(&rethops, CMSG_DATA(cmsg), sizeof(rethops)); break; default: printf("cmsg6:%d\n ", cmsg->cmsg_type); } break; case SOL_IP: switch(cmsg->cmsg_type) { case IP_RECVERR: e = (struct sock_extended_err *)CMSG_DATA(cmsg); break; case IP_TTL: rethops = *(__u8*)CMSG_DATA(cmsg); break; default: printf("cmsg4:%d\n ", cmsg->cmsg_type); } } } if (e == NULL) { printf("no info\n"); return 0; } if (e->ee_origin == SO_EE_ORIGIN_LOCAL) printf("%2d?: %-32s ", ttl, "[LOCALHOST]"); else if (e->ee_origin == SO_EE_ORIGIN_ICMP6 || e->ee_origin == SO_EE_ORIGIN_ICMP) { char abuf[NI_MAXHOST], hbuf[NI_MAXHOST]; struct sockaddr *sa = (struct sockaddr *)(e + 1); socklen_t salen; if (sndhops>0) printf("%2d: ", sndhops); else printf("%2d?: ", ttl); switch (sa->sa_family) { case AF_INET6: salen = sizeof(struct sockaddr_in6); break; case AF_INET: salen = sizeof(struct sockaddr_in); break; default: salen = 0; } if (no_resolve || show_both) { if (getnameinfo(sa, salen, abuf, sizeof(abuf), NULL, 0, NI_NUMERICHOST)) strcpy(abuf, "???"); } else abuf[0] = 0; if (!no_resolve || show_both) { fflush(stdout); if (getnameinfo(sa, salen, hbuf, sizeof(hbuf), NULL, 0, 0 #ifdef USE_IDN | NI_IDN #endif )) strcpy(hbuf, "???"); } else hbuf[0] = 0; if (no_resolve) print_host(abuf, hbuf, show_both); else print_host(hbuf, abuf, show_both); } if (rettv) { int diff = (tv.tv_sec-rettv->tv_sec)*1000000+(tv.tv_usec-rettv->tv_usec); printf("%3d.%03dms ", diff/1000, diff%1000); if (broken_router) printf("(This broken router returned corrupted payload) "); } if (rethops<=64) rethops = 65-rethops; else if (rethops<=128) rethops = 129-rethops; else rethops = 256-rethops; switch (e->ee_errno) { case ETIMEDOUT: printf("\n"); break; case EMSGSIZE: printf("pmtu %d\n", e->ee_info); mtu = e->ee_info; progress = mtu; break; case ECONNREFUSED: printf("reached\n"); hops_to = sndhops<0 ? ttl : sndhops; hops_from = rethops; return 0; case EPROTO: printf("!P\n"); return 0; case EHOSTUNREACH: if ((e->ee_origin == SO_EE_ORIGIN_ICMP && e->ee_type == 11 && e->ee_code == 0) || (e->ee_origin == SO_EE_ORIGIN_ICMP6 && e->ee_type == 3 && e->ee_code == 0)) { if (rethops>=0) { if (sndhops>=0 && rethops != sndhops) printf("asymm %2d ", rethops); else if (sndhops<0 && rethops != ttl) printf("asymm %2d ", rethops); } printf("\n"); break; } printf("!H\n"); return 0; case ENETUNREACH: printf("!N\n"); return 0; case EACCES: printf("!A\n"); return 0; default: printf("\n"); errno = e->ee_errno; perror("NET ERROR"); return 0; } goto restart; }
int main(int argc, char **argv) { char *dev; int oldMonitor, newMonitor; u_char packet[4096]; int pktlen; wiviz_cfg cfg; int i; int defaultHopSeq[] = { 1, 3, 6, 8, 11 }; int s, one; memset(&cfg, 0, sizeof(cfg)); #ifdef HAVE_RT2880 wl_dev = "ra0"; #elif HAVE_MADWIFI wl_dev = nvram_safe_get("wifi_display"); #else char tmp[32]; sprintf(tmp, "%s_ifname", nvram_safe_get("wifi_display")); wl_dev = nvram_safe_get(tmp); #endif if (argc > 1) if (!strcmp(argv[1], "terminate")) { #ifdef HAVE_MADWIFI // return to original channel #ifdef HAVE_ATH9K if (!is_ath9k(wl_dev)) #endif { sysprintf("iwconfig %s channel %sM", get_monitor(), nvram_nget("%s_channel", nvram_safe_get("wifi_display"))); sleep(1); sysprintf("ifconfig %s down", get_monitor()); if (is_ar5008(nvram_safe_get("wifi_display"))) { sysprintf("80211n_wlanconfig %s destroy", get_monitor()); } else { sysprintf("wlanconfig %s destroy", get_monitor()); } } #elif HAVE_RT2880 nvram_set("wl0_mode", nvram_safe_get("wl0_oldmode")); sysprintf("startservice configurewifi"); if (nvram_match("wl0_mode", "sta") || nvram_match("wl0_mode", "apsta")) { sysprintf("startstop wan"); } #else oldMonitor = 0; wl_ioctl(wl_dev, WLC_SET_MONITOR, &oldMonitor, 4); #endif return 0; } global_cfg = &cfg; signal(SIGUSR1, &signal_handler); signal(SIGUSR2, &signal_handler); printf("Wi-Viz 2 infogathering daemon by Nathan True\n"); printf("http://wiviz.natetrue.com\n"); memset(&cfg, 0, sizeof(wiviz_cfg)); cfg.numHosts = 0; cfg.lastKeepAlive = time(NULL); cfg.channelHopping = 0; cfg.channelDwellTime = 1000; cfg.channelHopSeqLen = 5; memcpy(cfg.channelHopSeq, defaultHopSeq, sizeof(defaultHopSeq)); #if !defined(HAVE_MADWIFI) && !defined(HAVE_RT2880) wl_ioctl(wl_dev, WLC_GET_MAGIC, &i, 4); if (i != WLC_IOCTL_MAGIC) { printf("Wireless magic not correct, not querying wl for info %X!=%X\n", i, WLC_IOCTL_MAGIC); cfg.readFromWl = 0; } else { cfg.readFromWl = 1; wl_ioctl(wl_dev, WLC_GET_MONITOR, &oldMonitor, 4); newMonitor = 1; wl_ioctl(wl_dev, WLC_SET_MONITOR, &newMonitor, 4); } #elif HAVE_RT2880 nvram_set("wl0_oldmode", nvram_safe_get("wl0_mode")); nvram_set("wl0_mode", "sta"); if (!nvram_match("wl0_oldmode", "sta")) sysprintf("startservice configurewifi"); sysprintf("iwconfig ra0 mode monitor"); cfg.readFromWl = 1; #else #ifdef HAVE_ATH9K if (!is_ath9k(nvram_safe_get("wifi_display"))) #endif { if (is_ar5008(nvram_safe_get("wifi_display"))) { sysprintf("80211n_wlanconfig %s create wlandev %s wlanmode monitor", get_monitor(), getWifi(nvram_safe_get("wifi_display"))); } else { sysprintf("wlanconfig %s create wlandev %s wlanmode monitor", get_monitor(), getWifi(nvram_safe_get("wifi_display"))); } sysprintf("ifconfig %s up", get_monitor()); } cfg.readFromWl = 1; #endif reloadConfig(); #if defined(HAVE_MADWIFI) || defined(HAVE_RT2880) s = openMonitorSocket(get_monitor()); // for testing we use ath0 #else if (nvram_match("wifi_display", "wl1")) s = openMonitorSocket("prism1"); else s = openMonitorSocket("prism0"); #endif if (s == -1) return; one = 1; ioctl(s, FIONBIO, (char *)&one); if (cfg.readFromWl) { readWL(&cfg); } #ifdef WIVIZ_GPS gps_init(&cfg); #endif while (!stop) { #ifdef WIVIZ_GPS gps_tick(); #else if (time(NULL) - cfg.lastKeepAlive > 30) stop = 1; #endif pktlen = recv(s, packet, 4096, 0); if (pktlen <= 0) continue; dealWithPacket(&cfg, pktlen, packet); } signal_handler(SIGUSR1); if (cfg.channelHopperPID) kill(cfg.channelHopperPID, SIGKILL); #ifndef WIVIZ_GPS for (i = 0; i < MAX_HOSTS; i++) { print_host(stderr, cfg.hosts + i); if (cfg.hosts[i].occupied) printf("\n"); if (cfg.hosts[i].apInfo) free(cfg.hosts[i].apInfo); if (cfg.hosts[i].staInfo) free(cfg.hosts[i].staInfo); } #endif close(s); return 0; }
void print_state(struct pf_state *s, int opts) { struct pf_state_peer *src, *dst; struct protoent *p; u_int8_t hrs, min, sec; if (s->direction == PF_OUT) { src = &s->src; dst = &s->dst; } else { src = &s->dst; dst = &s->src; } if ((p = getprotobynumber(s->proto)) != NULL) printf("%s ", p->p_name); else printf("%u ", s->proto); if (PF_ANEQ(&s->lan.addr, &s->gwy.addr, s->af) || (s->lan.port != s->gwy.port)) { print_host(&s->lan, s->af); if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); } print_host(&s->gwy, s->af); if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); print_host(&s->ext, s->af); printf(" "); if (s->proto == IPPROTO_TCP) { if (src->state <= TCPS_TIME_WAIT && dst->state <= TCPS_TIME_WAIT) { printf(" %s:%s\n", tcpstates[src->state], tcpstates[dst->state]); } else { printf(" <BAD STATE LEVELS>\n"); } if (opts & PF_OPT_VERBOSE) { printf(" "); print_seq(src); printf(" "); print_seq(dst); printf("\n"); } } else { printf(" %u:%u\n", src->state, dst->state); } if (opts & PF_OPT_VERBOSE) { sec = s->creation % 60; s->creation /= 60; min = s->creation % 60; s->creation /= 60; hrs = s->creation; printf(" age %.2u:%.2u:%.2u", hrs, min, sec); sec = s->expire % 60; s->expire /= 60; min = s->expire % 60; s->expire /= 60; hrs = s->expire; printf(", expires in %.2u:%.2u:%.2u", hrs, min, sec); printf(", %u pkts, %u bytes\n", s->packets, s->bytes); } }