void
print_state(struct pfsync_state *s, int opts)
{
struct pfsync_state_peer *src, *dst;
struct pfsync_state_key *sk, *nk;
struct protoent *p;
int min, sec;
if (s->direction == PF_OUT) {
src = &s->src;
dst = &s->dst;
sk = &s->key[PF_SK_STACK];
nk = &s->key[PF_SK_WIRE];
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
sk->port[0] = nk->port[0];
} else {
src = &s->dst;
dst = &s->src;
sk = &s->key[PF_SK_WIRE];
nk = &s->key[PF_SK_STACK];
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
sk->port[1] = nk->port[1];
}
printf("%s ", s->ifname);
if ((p = getprotobynumber(s->proto)) != NULL)
printf("%s ", p->p_name);
else
printf("%u ", s->proto);
print_host(&nk->addr[1], nk->port[1], s->af, opts);
if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) ||
nk->port[1] != sk->port[1]) {
printf(" (");
print_host(&sk->addr[1], sk->port[1], s->af, opts);
printf(")");
}
if (s->direction == PF_OUT)
printf(" -> ");
else
printf(" <- ");
print_host(&nk->addr[0], nk->port[0], s->af, opts);
if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) ||
nk->port[0] != sk->port[0]) {
printf(" (");
print_host(&sk->addr[0], sk->port[0], s->af, opts);
printf(")");
}
printf(" ");
if (s->proto == IPPROTO_TCP) {
if (src->state <= TCPS_TIME_WAIT &&
dst->state <= TCPS_TIME_WAIT)
printf(" %s:%s\n", tcpstates[src->state],
tcpstates[dst->state]);
else if (src->state == PF_TCPS_PROXY_SRC ||
dst->state == PF_TCPS_PROXY_SRC)
printf(" PROXY:SRC\n");
else if (src->state == PF_TCPS_PROXY_DST ||
dst->state == PF_TCPS_PROXY_DST)
printf(" PROXY:DST\n");
else
printf(" <BAD STATE LEVELS %u:%u>\n",
src->state, dst->state);
if (opts & PF_OPT_VERBOSE) {
printf(" ");
print_seq(src);
if (src->wscale && dst->wscale)
printf(" wscale %u",
src->wscale & PF_WSCALE_MASK);
printf(" ");
print_seq(dst);
if (src->wscale && dst->wscale)
printf(" wscale %u",
dst->wscale & PF_WSCALE_MASK);
printf("\n");
}
} else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES &&
dst->state < PFUDPS_NSTATES) {
const char *states[] = PFUDPS_NAMES;
printf(" %s:%s\n", states[src->state], states[dst->state]);
} else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES &&
dst->state < PFOTHERS_NSTATES) {
/* XXX ICMP doesn't really have state levels */
const char *states[] = PFOTHERS_NAMES;
printf(" %s:%s\n", states[src->state], states[dst->state]);
} else {
printf(" %u:%u\n", src->state, dst->state);
}
if (opts & PF_OPT_VERBOSE) {
u_int64_t packets[2];
u_int64_t bytes[2];
u_int32_t creation = ntohl(s->creation);
u_int32_t expire = ntohl(s->expire);
printf(" rule %u", ntohl(s->rule));
if (ntohl(s->anchor) != -1)
printf(", anchor %u", ntohl(s->anchor));
printf(", flags:");
if (s->state_flags & PFSTATE_ALLOWOPTS)
printf(" allowopts");
if (s->state_flags & PFSTATE_SLOPPY)
printf(" sloppy");
if (s->state_flags & PFSTATE_STACK_GLOBAL)
printf(" global");
if (s->state_flags & PFSTATE_CREATEINPROG)
printf(" creating");
if (s->state_flags & PFSTATE_HALF_DUPLEX)
printf(" (TRANSLATION COLLISION)");
if (s->sync_flags & PFSYNC_FLAG_SRCNODE)
printf(" source-track");
if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE)
printf(" sticky-address");
switch(s->pickup_mode) {
case PF_PICKUPS_UNSPECIFIED:
break;
case PF_PICKUPS_DISABLED:
printf(" no-pickups");
break;
case PF_PICKUPS_HASHONLY:
printf(" hash-only");
break;
case PF_PICKUPS_ENABLED:
printf(" pickups");
break;
}
printf("\n");
sec = creation % 60;
creation /= 60;
min = creation % 60;
creation /= 60;
printf(" age %.2u:%.2u:%.2u", creation, min, sec);
sec = expire % 60;
expire /= 60;
min = expire % 60;
expire /= 60;
printf(", expires in %.2u:%.2u:%.2u", expire, min, sec);
bcopy(s->packets[0], &packets[0], sizeof(u_int64_t));
bcopy(s->packets[1], &packets[1], sizeof(u_int64_t));
bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t));
bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t));
printf(", %" PRIu64 ":%" PRIu64 " pkts, %" PRIu64 ":%"
PRIu64 " bytes\n",
be64toh(packets[0]),
be64toh(packets[1]),
be64toh(bytes[0]),
be64toh(bytes[1]));
}
if (opts & PF_OPT_VERBOSE2) {
u_int64_t id;
bcopy(&s->id, &id, sizeof(u_int64_t));
printf(" id: %016jx creatorid: %08x cpuid: %-3d",
be64toh(id), ntohl(s->creatorid), s->cpuid);
printf("\n");
}
}
int main(int argc, char *argv[])
{
int argi, hosti, testi;
char *pagepattern = NULL, *hostpattern = NULL;
char *envarea = NULL, *cookie = NULL, *nexthost;
char *hobbitcmd, *procscmd, *svcscmd;
int alertcolors, alertinterval;
char configfn[PATH_MAX];
char *respbuf = NULL, *procsbuf = NULL, *svcsbuf = NULL;
hostlist_t *hwalk;
htnames_t *twalk;
hostlist_t **allhosts = NULL;
htnames_t **alltests = NULL;
int hostcount = 0, maxtests = 0;
time_t now = getcurrenttime(NULL);
sendreturn_t *sres;
for (argi=1; (argi < argc); argi++) {
if (argnmatch(argv[argi], "--env=")) {
char *p = strchr(argv[argi], '=');
loadenv(p+1, envarea);
}
else if (argnmatch(argv[argi], "--area=")) {
char *p = strchr(argv[argi], '=');
envarea = strdup(p+1);
}
else if (strcmp(argv[argi], "--debug") == 0) {
debug = 1;
}
else if (argnmatch(argv[argi], "--delimiter=")) {
char *p = strchr(argv[argi], '=');
coldelim = strdup(p+1);
}
else if (strcmp(argv[argi], "--critical") == 0) {
nkonly = 1;
}
else if (strcmp(argv[argi], "--old-nk-config") == 0) {
newnkconfig = 0;
}
}
redirect_cgilog("hobbit-confreport");
load_hostnames(xgetenv("BBHOSTS"), NULL, get_fqdn());
load_nkconfig(NULL);
/* Setup the filter we use for the report */
cookie = get_cookie("pagepath");
if (cookie && *cookie) pagepattern = strdup(cookie);
cookie = get_cookie("host");
if (cookie && *cookie) hostpattern = strdup(cookie);
/* Fetch the list of host+test statuses we currently know about */
if (pagepattern) {
hobbitcmd = (char *)malloc(2*strlen(pagepattern) + 1024);
procscmd = (char *)malloc(2*strlen(pagepattern) + 1024);
svcscmd = (char *)malloc(2*strlen(pagepattern) + 1024);
sprintf(hobbitcmd, "hobbitdboard page=^%s$|^%s/.+ fields=hostname,testname",
pagepattern, pagepattern);
sprintf(procscmd, "hobbitdboard page=^%s$|^%s/.+ test=procs fields=hostname,msg",
pagepattern, pagepattern);
sprintf(svcscmd, "hobbitdboard page=^%s$|^%s/.+ test=svcs fields=hostname,msg",
pagepattern, pagepattern);
}
else if (hostpattern) {
hobbitcmd = (char *)malloc(strlen(hostpattern) + 1024);
procscmd = (char *)malloc(strlen(hostpattern) + 1024);
svcscmd = (char *)malloc(strlen(hostpattern) + 1024);
sprintf(hobbitcmd, "hobbitdboard host=^%s$ fields=hostname,testname", hostpattern);
sprintf(procscmd, "hobbitdboard host=^%s$ test=procs fields=hostname,msg", hostpattern);
sprintf(svcscmd, "hobbitdboard host=^%s$ test=svcs fields=hostname,msg", hostpattern);
}
else {
hobbitcmd = (char *)malloc(1024);
procscmd = (char *)malloc(1024);
svcscmd = (char *)malloc(1024);
sprintf(hobbitcmd, "hobbitdboard fields=hostname,testname");
sprintf(procscmd, "hobbitdboard test=procs fields=hostname,msg");
sprintf(svcscmd, "hobbitdboard test=svcs fields=hostname,msg");
}
sres = newsendreturnbuf(1, NULL);
if (sendmessage(hobbitcmd, NULL, BBTALK_TIMEOUT, sres) != BB_OK) {
errormsg("Cannot contact the Hobbit server\n");
return 1;
}
respbuf = getsendreturnstr(sres, 1);
if (sendmessage(procscmd, NULL, BBTALK_TIMEOUT, sres) != BB_OK) {
errormsg("Cannot contact the Hobbit server\n");
return 1;
}
procsbuf = getsendreturnstr(sres, 1);
if (sendmessage(svcscmd, NULL, BBTALK_TIMEOUT, sres) != BB_OK) {
errormsg("Cannot contact the Hobbit server\n");
return 1;
}
svcsbuf = getsendreturnstr(sres, 1);
freesendreturnbuf(sres);
if (!respbuf) {
errormsg("Unable to find host information\n");
return 1;
}
/* Parse it into a usable list */
nexthost = respbuf;
do {
char *hname, *tname, *eoln;
int wanted = 1;
eoln = strchr(nexthost, '\n');
if (eoln) *eoln = '\0';
hname = nexthost;
tname = strchr(nexthost, '|');
if (tname) {
*tname = '\0';
tname++;
}
if (nkonly) {
void *hinfo = hostinfo(hname);
char *nkalerts = bbh_item(hinfo, BBH_NK);
if (newnkconfig) {
if (strcmp(nkval(hname, tname, nkalerts), "No") == 0 ) wanted = 0;
} else {
if (!nkalerts) wanted = 0;
}
}
if (wanted && hname && tname && strcmp(hname, "summary") && strcmp(tname, xgetenv("INFOCOLUMN")) && strcmp(tname, xgetenv("TRENDSCOLUMN"))) {
htnames_t *newitem = (htnames_t *)malloc(sizeof(htnames_t));
for (hwalk = hosthead; (hwalk && strcmp(hwalk->hostname, hname)); hwalk = hwalk->next);
if (!hwalk) {
hwalk = (hostlist_t *)calloc(1, sizeof(hostlist_t));
hwalk->hostname = strdup(hname);
hwalk->procs = get_proclist(hname, procsbuf);
hwalk->svcs = get_proclist(hname, svcsbuf);
hwalk->next = hosthead;
hosthead = hwalk;
hostcount++;
}
newitem->name = strdup(tname);
newitem->next = hwalk->tests;
hwalk->tests = newitem;
hwalk->testcount++;
}
if (eoln) {
nexthost = eoln+1;
if (*nexthost == '\0') nexthost = NULL;
}
} while (nexthost);
allhosts = (hostlist_t **) malloc(hostcount * sizeof(hostlist_t *));
for (hwalk = hosthead, hosti=0; (hwalk); hwalk = hwalk->next, hosti++) {
allhosts[hosti] = hwalk;
if (hwalk->testcount > maxtests) maxtests = hwalk->testcount;
}
alltests = (htnames_t **) malloc(maxtests * sizeof(htnames_t *));
qsort(&allhosts[0], hostcount, sizeof(hostlist_t **), host_compare);
/* Get the static info */
load_all_links();
init_tcp_services();
pingcolumn = xgetenv("PINGCOLUMN");
pingplus = (char *)malloc(strlen(pingcolumn) + 2);
sprintf(pingplus, "%s=", pingcolumn);
/* Load alert config */
alertcolors = colorset(xgetenv("ALERTCOLORS"), ((1 << COL_GREEN) | (1 << COL_BLUE)));
alertinterval = 60*atoi(xgetenv("ALERTREPEAT"));
sprintf(configfn, "%s/etc/hobbit-alerts.cfg", xgetenv("BBHOME"));
load_alertconfig(configfn, alertcolors, alertinterval);
load_columndocs();
printf("Content-Type: %s\n\n", xgetenv("HTMLCONTENTTYPE"));
sethostenv("", "", "", colorname(COL_BLUE), NULL);
headfoot(stdout, "confreport", "", "header", COL_BLUE);
fprintf(stdout, "<table width=\"100%%\" border=0>\n");
fprintf(stdout, "<tr><th align=center colspan=2><font size=\"+2\">Hobbit configuration Report</font></th></tr>\n");
fprintf(stdout, "<tr><th valign=top align=left>Date</th><td>%s</td></tr>\n", ctime(&now));
fprintf(stdout, "<tr><th valign=top align=left>%d hosts included</th><td>\n", hostcount);
for (hosti=0; (hosti < hostcount); hosti++) {
fprintf(stdout, "%s ", allhosts[hosti]->hostname);
}
fprintf(stdout, "</td></tr>\n");
if (nkonly) {
fprintf(stdout, "<tr><th valign=top align=left>Filter</th><td>Only data for the "Critical Systems" view reported</td></tr>\n");
}
fprintf(stdout, "</table>\n");
headfoot(stdout, "confreport", "", "front", COL_BLUE);
for (hosti=0; (hosti < hostcount); hosti++) {
for (twalk = allhosts[hosti]->tests, testi = 0; (twalk); twalk = twalk->next, testi++) {
alltests[testi] = twalk;
}
qsort(&alltests[0], allhosts[hosti]->testcount, sizeof(htnames_t **), test_compare);
print_host(allhosts[hosti], alltests, allhosts[hosti]->testcount);
}
headfoot(stdout, "confreport", "", "back", COL_BLUE);
print_columndocs();
headfoot(stdout, "confreport", "", "footer", COL_BLUE);
return 0;
}
void
print_state(struct pfsync_state *s, int opts)
{
struct pfsync_state_peer *src, *dst;
struct pfsync_state_key *key, *sk, *nk;
struct protoent *p;
int min, sec;
#ifndef __NO_STRICT_ALIGNMENT
struct pfsync_state_key aligned_key[2];
bcopy(&s->key, aligned_key, sizeof(aligned_key));
key = aligned_key;
#else
key = s->key;
#endif
if (s->direction == PF_OUT) {
src = &s->src;
dst = &s->dst;
sk = &key[PF_SK_STACK];
nk = &key[PF_SK_WIRE];
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
sk->port[0] = nk->port[0];
} else {
src = &s->dst;
dst = &s->src;
sk = &key[PF_SK_WIRE];
nk = &key[PF_SK_STACK];
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
sk->port[1] = nk->port[1];
}
printf("%s ", s->ifname);
if ((p = getprotobynumber(s->proto)) != NULL)
printf("%s ", p->p_name);
else
printf("%u ", s->proto);
print_host(&nk->addr[1], nk->port[1], s->af, opts);
if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) ||
nk->port[1] != sk->port[1]) {
printf(" (");
print_host(&sk->addr[1], sk->port[1], s->af, opts);
printf(")");
}
if (s->direction == PF_OUT)
printf(" -> ");
else
printf(" <- ");
print_host(&nk->addr[0], nk->port[0], s->af, opts);
if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) ||
nk->port[0] != sk->port[0]) {
printf(" (");
print_host(&sk->addr[0], sk->port[0], s->af, opts);
printf(")");
}
printf(" ");
if (s->proto == IPPROTO_TCP) {
if (src->state <= TCPS_TIME_WAIT &&
dst->state <= TCPS_TIME_WAIT)
printf(" %s:%s\n", tcpstates[src->state],
tcpstates[dst->state]);
else if (src->state == PF_TCPS_PROXY_SRC ||
dst->state == PF_TCPS_PROXY_SRC)
printf(" PROXY:SRC\n");
else if (src->state == PF_TCPS_PROXY_DST ||
dst->state == PF_TCPS_PROXY_DST)
printf(" PROXY:DST\n");
else
printf(" <BAD STATE LEVELS %u:%u>\n",
src->state, dst->state);
if (opts & PF_OPT_VERBOSE) {
printf(" ");
print_seq(src);
if (src->wscale && dst->wscale)
printf(" wscale %u",
src->wscale & PF_WSCALE_MASK);
printf(" ");
print_seq(dst);
if (src->wscale && dst->wscale)
printf(" wscale %u",
dst->wscale & PF_WSCALE_MASK);
printf("\n");
}
} else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES &&
dst->state < PFUDPS_NSTATES) {
const char *states[] = PFUDPS_NAMES;
printf(" %s:%s\n", states[src->state], states[dst->state]);
#ifndef INET6
} else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES &&
dst->state < PFOTHERS_NSTATES) {
#else
} else if (s->proto != IPPROTO_ICMP && s->proto != IPPROTO_ICMPV6 &&
src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) {
#endif
/* XXX ICMP doesn't really have state levels */
const char *states[] = PFOTHERS_NAMES;
printf(" %s:%s\n", states[src->state], states[dst->state]);
} else {
printf(" %u:%u\n", src->state, dst->state);
}
if (opts & PF_OPT_VERBOSE) {
u_int64_t packets[2];
u_int64_t bytes[2];
u_int32_t creation = ntohl(s->creation);
u_int32_t expire = ntohl(s->expire);
sec = creation % 60;
creation /= 60;
min = creation % 60;
creation /= 60;
printf(" age %.2u:%.2u:%.2u", creation, min, sec);
sec = expire % 60;
expire /= 60;
min = expire % 60;
expire /= 60;
printf(", expires in %.2u:%.2u:%.2u", expire, min, sec);
bcopy(s->packets[0], &packets[0], sizeof(u_int64_t));
bcopy(s->packets[1], &packets[1], sizeof(u_int64_t));
bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t));
bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t));
printf(", %ju:%ju pkts, %ju:%ju bytes",
(uintmax_t )be64toh(packets[0]),
(uintmax_t )be64toh(packets[1]),
(uintmax_t )be64toh(bytes[0]),
(uintmax_t )be64toh(bytes[1]));
if (ntohl(s->anchor) != -1)
printf(", anchor %u", ntohl(s->anchor));
if (ntohl(s->rule) != -1)
printf(", rule %u", ntohl(s->rule));
if (s->state_flags & PFSTATE_SLOPPY)
printf(", sloppy");
if (s->sync_flags & PFSYNC_FLAG_SRCNODE)
printf(", source-track");
if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE)
printf(", sticky-address");
printf("\n");
}
if (opts & PF_OPT_VERBOSE2) {
u_int64_t id;
bcopy(&s->id, &id, sizeof(u_int64_t));
printf(" id: %016jx creatorid: %08x",
(uintmax_t )be64toh(id), ntohl(s->creatorid));
printf("\n");
}
}
int
server_fcgi(struct httpd *env, struct client *clt)
{
struct server_fcgi_param param;
struct server_config *srv_conf = clt->clt_srv_conf;
struct http_descriptor *desc = clt->clt_descreq;
struct fcgi_record_header *h;
struct fcgi_begin_request_body *begin;
char hbuf[HOST_NAME_MAX+1];
size_t scriptlen;
int pathlen;
int fd = -1, ret;
const char *stripped, *p, *alias, *errstr = NULL;
char *str, *script = NULL;
if (srv_conf->socket[0] == ':') {
struct sockaddr_storage ss;
in_port_t port;
p = srv_conf->socket + 1;
port = strtonum(p, 0, 0xffff, &errstr);
if (errstr != NULL) {
log_warn("%s: strtonum %s, %s", __func__, p, errstr);
goto fail;
}
memset(&ss, 0, sizeof(ss));
ss.ss_family = AF_INET;
((struct sockaddr_in *)
&ss)->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
port = htons(port);
if ((fd = server_socket_connect(&ss, port, srv_conf)) == -1)
goto fail;
} else {
struct sockaddr_un sun;
size_t len;
#if (defined(__FreeBSD_version) && (__FreeBSD_version < 1000000))
if ((fd = socket(AF_UNIX,
SOCK_STREAM, 0)) == -1)
#else
if ((fd = socket(AF_UNIX,
SOCK_STREAM | SOCK_NONBLOCK, 0)) == -1)
#endif
goto fail;
memset(&sun, 0, sizeof(sun));
sun.sun_family = AF_UNIX;
len = strlcpy(sun.sun_path,
srv_conf->socket, sizeof(sun.sun_path));
if (len >= sizeof(sun.sun_path)) {
errstr = "socket path too long";
goto fail;
}
sun.sun_len = len;
if (connect(fd, (struct sockaddr *)&sun, sizeof(sun)) == -1)
goto fail;
}
memset(hbuf, 0, sizeof(hbuf));
clt->clt_fcgi.state = FCGI_READ_HEADER;
clt->clt_fcgi.toread = sizeof(struct fcgi_record_header);
clt->clt_fcgi.status = 200;
clt->clt_fcgi.headersdone = 0;
if (clt->clt_srvevb != NULL)
evbuffer_free(clt->clt_srvevb);
clt->clt_srvevb = evbuffer_new();
if (clt->clt_srvevb == NULL) {
errstr = "failed to allocate evbuffer";
goto fail;
}
close(clt->clt_fd);
clt->clt_fd = fd;
if (clt->clt_srvbev != NULL)
bufferevent_free(clt->clt_srvbev);
clt->clt_srvbev_throttled = 0;
clt->clt_srvbev = bufferevent_new(fd, server_fcgi_read,
NULL, server_file_error, clt);
if (clt->clt_srvbev == NULL) {
errstr = "failed to allocate fcgi buffer event";
goto fail;
}
memset(¶m, 0, sizeof(param));
h = (struct fcgi_record_header *)¶m.buf;
h->version = 1;
h->type = FCGI_BEGIN_REQUEST;
h->id = htons(1);
h->content_len = htons(sizeof(struct fcgi_begin_request_body));
h->padding_len = 0;
begin = (struct fcgi_begin_request_body *)¶m.buf[sizeof(struct
fcgi_record_header)];
begin->role = htons(FCGI_RESPONDER);
if (bufferevent_write(clt->clt_srvbev, ¶m.buf,
sizeof(struct fcgi_record_header) +
sizeof(struct fcgi_begin_request_body)) == -1) {
errstr = "failed to write to evbuffer";
goto fail;
}
h->type = FCGI_PARAMS;
h->content_len = param.total_len = 0;
alias = desc->http_path_alias != NULL
? desc->http_path_alias
: desc->http_path;
stripped = server_root_strip(alias, srv_conf->strip);
if ((pathlen = asprintf(&script, "%s%s", srv_conf->root, stripped))
== -1) {
errstr = "failed to get script name";
goto fail;
}
scriptlen = path_info(script);
/*
* no part of root should show up in PATH_INFO.
* therefore scriptlen should be >= strlen(root)
*/
if (scriptlen < strlen(srv_conf->root))
scriptlen = strlen(srv_conf->root);
if ((int)scriptlen < pathlen) {
if (fcgi_add_param(¶m, "PATH_INFO",
script + scriptlen, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
script[scriptlen] = '\0';
} else {
/* RFC 3875 mandates that PATH_INFO is empty if not set */
if (fcgi_add_param(¶m, "PATH_INFO", "", clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
}
/*
* calculate length of http SCRIPT_NAME:
* add length of stripped prefix,
* subtract length of prepended local root
*/
scriptlen += (stripped - alias) - strlen(srv_conf->root);
if ((str = strndup(alias, scriptlen)) == NULL)
goto fail;
ret = fcgi_add_param(¶m, "SCRIPT_NAME", str, clt);
free(str);
if (ret == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "SCRIPT_FILENAME", script, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (desc->http_query) {
if (fcgi_add_param(¶m, "QUERY_STRING", desc->http_query,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
} else if (fcgi_add_param(¶m, "QUERY_STRING", "", clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "DOCUMENT_ROOT", srv_conf->root,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "DOCUMENT_URI", alias,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "GATEWAY_INTERFACE", "CGI/1.1",
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (srv_conf->flags & SRVFLAG_AUTH) {
if (fcgi_add_param(¶m, "REMOTE_USER",
clt->clt_remote_user, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
}
/* Add HTTP_* headers */
if (server_headers(clt, desc, server_fcgi_writeheader, ¶m) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (srv_conf->flags & SRVFLAG_TLS)
if (fcgi_add_param(¶m, "HTTPS", "on", clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
(void)print_host(&clt->clt_ss, hbuf, sizeof(hbuf));
if (fcgi_add_param(¶m, "REMOTE_ADDR", hbuf, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
(void)snprintf(hbuf, sizeof(hbuf), "%d", ntohs(clt->clt_port));
if (fcgi_add_param(¶m, "REMOTE_PORT", hbuf, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "REQUEST_METHOD",
server_httpmethod_byid(desc->http_method), clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (!desc->http_query) {
if (fcgi_add_param(¶m, "REQUEST_URI", desc->http_path,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
} else {
if (asprintf(&str, "%s?%s", desc->http_path,
desc->http_query) == -1) {
errstr = "failed to encode param";
goto fail;
}
ret = fcgi_add_param(¶m, "REQUEST_URI", str, clt);
free(str);
if (ret == -1) {
errstr = "failed to encode param";
goto fail;
}
}
(void)print_host(&clt->clt_srv_ss, hbuf, sizeof(hbuf));
if (fcgi_add_param(¶m, "SERVER_ADDR", hbuf, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
(void)snprintf(hbuf, sizeof(hbuf), "%d",
ntohs(server_socket_getport(&clt->clt_srv_ss)));
if (fcgi_add_param(¶m, "SERVER_PORT", hbuf, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "SERVER_NAME", srv_conf->name,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "SERVER_PROTOCOL", desc->http_version,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "SERVER_SOFTWARE", HTTPD_SERVERNAME,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (param.total_len != 0) { /* send last params record */
if (bufferevent_write(clt->clt_srvbev, ¶m.buf,
sizeof(struct fcgi_record_header) +
ntohs(h->content_len)) == -1) {
errstr = "failed to write to client evbuffer";
goto fail;
}
}
/* send "no more params" message */
h->content_len = 0;
if (bufferevent_write(clt->clt_srvbev, ¶m.buf,
sizeof(struct fcgi_record_header)) == -1) {
errstr = "failed to write to client evbuffer";
goto fail;
}
bufferevent_settimeout(clt->clt_srvbev,
srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec);
bufferevent_enable(clt->clt_srvbev, EV_READ|EV_WRITE);
if (clt->clt_toread != 0) {
server_read_httpcontent(clt->clt_bev, clt);
bufferevent_enable(clt->clt_bev, EV_READ);
} else {
bufferevent_disable(clt->clt_bev, EV_READ);
fcgi_add_stdin(clt, NULL);
}
if (strcmp(desc->http_version, "HTTP/1.1") == 0) {
clt->clt_fcgi.chunked = 1;
} else {
/* HTTP/1.0 does not support chunked encoding */
clt->clt_fcgi.chunked = 0;
clt->clt_persist = 0;
}
clt->clt_fcgi.end = 0;
clt->clt_done = 0;
free(script);
return (0);
fail:
free(script);
if (errstr == NULL)
errstr = strerror(errno);
if (fd != -1 && clt->clt_fd != fd)
close(fd);
server_abort_http(clt, 500, errstr);
return (-1);
}
static void
print_state(netdissect_options *ndo, struct pfsync_state *s)
{
struct pfsync_state_peer *src, *dst;
struct pfsync_state_key *sk, *nk;
int min, sec;
if (s->direction == PF_OUT) {
src = &s->src;
dst = &s->dst;
sk = &s->key[PF_SK_STACK];
nk = &s->key[PF_SK_WIRE];
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
sk->port[0] = nk->port[0];
} else {
src = &s->dst;
dst = &s->src;
sk = &s->key[PF_SK_WIRE];
nk = &s->key[PF_SK_STACK];
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
sk->port[1] = nk->port[1];
}
ND_PRINT((ndo, "\t%s ", s->ifname));
ND_PRINT((ndo, "proto %u ", s->proto));
print_host(ndo, &nk->addr[1], nk->port[1], s->af, NULL);
if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) ||
nk->port[1] != sk->port[1]) {
ND_PRINT((ndo, " ("));
print_host(ndo, &sk->addr[1], sk->port[1], s->af, NULL);
ND_PRINT((ndo, ")"));
}
if (s->direction == PF_OUT)
ND_PRINT((ndo, " -> "));
else
ND_PRINT((ndo, " <- "));
print_host(ndo, &nk->addr[0], nk->port[0], s->af, NULL);
if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) ||
nk->port[0] != sk->port[0]) {
ND_PRINT((ndo, " ("));
print_host(ndo, &sk->addr[0], sk->port[0], s->af, NULL);
ND_PRINT((ndo, ")"));
}
print_src_dst(ndo, src, dst, s->proto);
if (vflag > 1) {
uint64_t packets[2];
uint64_t bytes[2];
uint32_t creation = ntohl(s->creation);
uint32_t expire = ntohl(s->expire);
sec = creation % 60;
creation /= 60;
min = creation % 60;
creation /= 60;
ND_PRINT((ndo, "\n\tage %.2u:%.2u:%.2u", creation, min, sec));
sec = expire % 60;
expire /= 60;
min = expire % 60;
expire /= 60;
ND_PRINT((ndo, ", expires in %.2u:%.2u:%.2u", expire, min, sec));
bcopy(s->packets[0], &packets[0], sizeof(uint64_t));
bcopy(s->packets[1], &packets[1], sizeof(uint64_t));
bcopy(s->bytes[0], &bytes[0], sizeof(uint64_t));
bcopy(s->bytes[1], &bytes[1], sizeof(uint64_t));
ND_PRINT((ndo, ", %ju:%ju pkts, %ju:%ju bytes",
be64toh(packets[0]), be64toh(packets[1]),
be64toh(bytes[0]), be64toh(bytes[1])));
if (s->anchor != ntohl(-1))
ND_PRINT((ndo, ", anchor %u", ntohl(s->anchor)));
if (s->rule != ntohl(-1))
ND_PRINT((ndo, ", rule %u", ntohl(s->rule)));
}
if (vflag > 1) {
uint64_t id;
bcopy(&s->id, &id, sizeof(uint64_t));
ND_PRINT((ndo, "\n\tid: %016jx creatorid: %08x",
(uintmax_t )be64toh(id), ntohl(s->creatorid)));
}
}
int
ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld,
struct iked_message *msg, off_t offset, u_int payload)
{
struct ikev2_tsp tsp;
struct ikev2_ts ts;
size_t len, i;
struct sockaddr_in s4;
struct sockaddr_in6 s6;
u_int8_t buf[2][128];
u_int8_t *msgbuf = ibuf_data(msg->msg_data);
memcpy(&tsp, msgbuf + offset, sizeof(tsp));
offset += sizeof(tsp);
len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(tsp);
log_debug("%s: count %d length %d", __func__,
tsp.tsp_count, len);
for (i = 0; i < tsp.tsp_count; i++) {
memcpy(&ts, msgbuf + offset, sizeof(ts));
log_debug("%s: type %s protoid %u length %d "
"startport %u endport %u", __func__,
print_map(ts.ts_type, ikev2_ts_map),
ts.ts_protoid, betoh16(ts.ts_length),
betoh16(ts.ts_startport),
betoh16(ts.ts_endport));
switch (ts.ts_type) {
case IKEV2_TS_IPV4_ADDR_RANGE:
bzero(&s4, sizeof(s4));
s4.sin_family = AF_INET;
s4.sin_len = sizeof(s4);
memcpy(&s4.sin_addr.s_addr,
msgbuf + offset + sizeof(ts), 4);
print_host((struct sockaddr *)&s4,
(char *)buf[0], sizeof(buf[0]));
memcpy(&s4.sin_addr.s_addr,
msgbuf + offset + sizeof(ts) + 4, 4);
print_host((struct sockaddr *)&s4,
(char *)buf[1], sizeof(buf[1]));
log_debug("%s: start %s end %s", __func__,
buf[0], buf[1]);
break;
case IKEV2_TS_IPV6_ADDR_RANGE:
bzero(&s6, sizeof(s6));
s6.sin6_family = AF_INET6;
s6.sin6_len = sizeof(s6);
memcpy(&s6.sin6_addr,
msgbuf + offset + sizeof(ts), 16);
print_host((struct sockaddr *)&s6,
(char *)buf[0], sizeof(buf[0]));
memcpy(&s6.sin6_addr,
msgbuf + offset + sizeof(ts) + 16, 16);
print_host((struct sockaddr *)&s6,
(char *)buf[1], sizeof(buf[1]));
log_debug("%s: start %s end %s", __func__,
buf[0], buf[1]);
break;
default:
break;
}
offset += betoh16(ts.ts_length);
}
return (0);
}
int
show_summary_msg(struct imsg *imsg, int type)
{
struct rdr *rdr;
struct table *table;
struct host *host;
struct relay *rlay;
struct router *rt;
struct netroute *nr;
struct ctl_stats stats[RELAY_MAXPROC];
char name[MAXHOSTNAMELEN];
switch (imsg->hdr.type) {
case IMSG_CTL_RDR:
if (!(type == SHOW_SUM || type == SHOW_RDRS))
break;
rdr = imsg->data;
printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n",
rdr->conf.id, "redirect", rdr->conf.name, "",
print_rdr_status(rdr->conf.flags));
break;
case IMSG_CTL_TABLE:
if (!(type == SHOW_SUM || type == SHOW_HOSTS))
break;
table = imsg->data;
printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n",
table->conf.id, "table", table->conf.name, "",
print_table_status(table->up, table->conf.flags));
break;
case IMSG_CTL_HOST:
if (!(type == SHOW_SUM || type == SHOW_HOSTS))
break;
host = imsg->data;
if (host->conf.parentid)
snprintf(name, sizeof(name), "%s parent %u",
host->conf.name, host->conf.parentid);
else
strlcpy(name, host->conf.name, sizeof(name));
printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n",
host->conf.id, "host", name,
print_availability(host->check_cnt, host->up_cnt),
print_host_status(host->up, host->flags));
if (type == SHOW_HOSTS && host->check_cnt) {
printf("\t%8s\ttotal: %lu/%lu checks",
"", host->up_cnt, host->check_cnt);
if (host->retry_cnt)
printf(", %d retries", host->retry_cnt);
if (host->he && host->up == HOST_DOWN)
printf(", error: %s", host_error(host->he));
printf("\n");
}
break;
case IMSG_CTL_RELAY:
if (!(type == SHOW_SUM || type == SHOW_RELAYS))
break;
rlay = imsg->data;
printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n",
rlay->rl_conf.id, "relay", rlay->rl_conf.name, "",
print_relay_status(rlay->rl_conf.flags));
break;
case IMSG_CTL_RDR_STATS:
if (type != SHOW_RDRS)
break;
bcopy(imsg->data, &stats[0], sizeof(stats[0]));
stats[1].id = EMPTY_ID;
print_statistics(stats);
break;
case IMSG_CTL_RELAY_STATS:
if (type != SHOW_RELAYS)
break;
bcopy(imsg->data, &stats, sizeof(stats));
print_statistics(stats);
break;
case IMSG_CTL_ROUTER:
if (!(type == SHOW_SUM || type == SHOW_ROUTERS))
break;
rt = imsg->data;
printf("%-4u\t%-8s\t%-24s\t%-7s\t%s\n",
rt->rt_conf.id, "router", rt->rt_conf.name, "",
print_relay_status(rt->rt_conf.flags));
if (type != SHOW_ROUTERS)
break;
if (rt->rt_conf.rtable)
printf("\t%8s\trtable: %d\n", "", rt->rt_conf.rtable);
if (strlen(rt->rt_conf.label))
printf("\t%8s\trtlabel: %s\n", "", rt->rt_conf.label);
break;
case IMSG_CTL_NETROUTE:
if (type != SHOW_ROUTERS)
break;
nr = imsg->data;
(void)print_host(&nr->nr_conf.ss, name, sizeof(name));
printf("\t%8s\troute: %s/%d\n",
"", name, nr->nr_conf.prefixlen);
break;
case IMSG_CTL_END:
return (1);
default:
errx(1, "wrong message in summary: %u", imsg->hdr.type);
break;
}
return (0);
}
void
print_state(struct pfsync_state *s, int opts)
{
struct pfsync_state_peer *src, *dst;
struct pfsync_state_key *sk, *nk;
struct protoent *p;
int min, sec;
int afto = (s->key[PF_SK_STACK].af != s->key[PF_SK_WIRE].af);
int idx;
if (s->direction == PF_OUT) {
src = &s->src;
dst = &s->dst;
sk = &s->key[PF_SK_STACK];
nk = &s->key[PF_SK_WIRE];
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
sk->port[0] = nk->port[0];
} else {
src = &s->dst;
dst = &s->src;
sk = &s->key[PF_SK_WIRE];
nk = &s->key[PF_SK_STACK];
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
sk->port[1] = nk->port[1];
}
printf("%s ", s->ifname);
if ((p = getprotobynumber(s->proto)) != NULL)
printf("%s ", p->p_name);
else
printf("%u ", s->proto);
print_host(&nk->addr[1], nk->port[1], nk->af, nk->rdomain, opts);
if (nk->af != sk->af || PF_ANEQ(&nk->addr[1], &sk->addr[1], nk->af) ||
nk->port[1] != sk->port[1] ||
nk->rdomain != sk->rdomain) {
idx = afto ? 0 : 1;
printf(" (");
print_host(&sk->addr[idx], sk->port[idx], sk->af,
sk->rdomain, opts);
printf(")");
}
if (s->direction == PF_OUT || (afto && s->direction == PF_IN))
printf(" -> ");
else
printf(" <- ");
print_host(&nk->addr[0], nk->port[0], nk->af, nk->rdomain, opts);
if (nk->af != sk->af || PF_ANEQ(&nk->addr[0], &sk->addr[0], nk->af) ||
nk->port[0] != sk->port[0] ||
nk->rdomain != sk->rdomain) {
idx = afto ? 1 : 0;
printf(" (");
print_host(&sk->addr[idx], sk->port[idx], sk->af,
sk->rdomain, opts);
printf(")");
}
printf(" ");
if (s->proto == IPPROTO_TCP) {
if (src->state <= TCPS_TIME_WAIT &&
dst->state <= TCPS_TIME_WAIT)
printf(" %s:%s\n", tcpstates[src->state],
tcpstates[dst->state]);
else if (src->state == PF_TCPS_PROXY_SRC ||
dst->state == PF_TCPS_PROXY_SRC)
printf(" PROXY:SRC\n");
else if (src->state == PF_TCPS_PROXY_DST ||
dst->state == PF_TCPS_PROXY_DST)
printf(" PROXY:DST\n");
else
printf(" <BAD STATE LEVELS %u:%u>\n",
src->state, dst->state);
if (opts & PF_OPT_VERBOSE) {
printf(" ");
print_seq(src);
if (src->wscale && dst->wscale)
printf(" wscale %u",
src->wscale & PF_WSCALE_MASK);
printf(" ");
print_seq(dst);
if (src->wscale && dst->wscale)
printf(" wscale %u",
dst->wscale & PF_WSCALE_MASK);
printf("\n");
}
} else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES &&
dst->state < PFUDPS_NSTATES) {
const char *states[] = PFUDPS_NAMES;
printf(" %s:%s\n", states[src->state], states[dst->state]);
} else if (s->proto != IPPROTO_ICMP && s->proto != IPPROTO_ICMPV6 &&
src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) {
/* XXX ICMP doesn't really have state levels */
const char *states[] = PFOTHERS_NAMES;
printf(" %s:%s\n", states[src->state], states[dst->state]);
} else {
printf(" %u:%u\n", src->state, dst->state);
}
if (opts & PF_OPT_VERBOSE) {
u_int64_t packets[2];
u_int64_t bytes[2];
u_int32_t creation = ntohl(s->creation);
u_int32_t expire = ntohl(s->expire);
sec = creation % 60;
creation /= 60;
min = creation % 60;
creation /= 60;
printf(" age %.2u:%.2u:%.2u", creation, min, sec);
sec = expire % 60;
expire /= 60;
min = expire % 60;
expire /= 60;
printf(", expires in %.2u:%.2u:%.2u", expire, min, sec);
bcopy(s->packets[0], &packets[0], sizeof(u_int64_t));
bcopy(s->packets[1], &packets[1], sizeof(u_int64_t));
bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t));
bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t));
printf(", %llu:%llu pkts, %llu:%llu bytes",
betoh64(packets[0]),
betoh64(packets[1]),
betoh64(bytes[0]),
betoh64(bytes[1]));
if (ntohl(s->anchor) != -1)
printf(", anchor %u", ntohl(s->anchor));
if (ntohl(s->rule) != -1)
printf(", rule %u", ntohl(s->rule));
if (s->state_flags & PFSTATE_SLOPPY)
printf(", sloppy");
if (s->state_flags & PFSTATE_PFLOW)
printf(", pflow");
if (s->sync_flags & PFSYNC_FLAG_SRCNODE)
printf(", source-track");
if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE)
printf(", sticky-address");
printf("\n");
}
if (opts & PF_OPT_VERBOSE2) {
u_int64_t id;
bcopy(&s->id, &id, sizeof(u_int64_t));
printf(" id: %016llx creatorid: %08x",
betoh64(id), ntohl(s->creatorid));
printf("\n");
}
}
int
ikev2_msg_send(struct iked *env, struct iked_message *msg)
{
struct iked_sa *sa = msg->msg_sa;
struct ibuf *buf = msg->msg_data;
uint32_t natt = 0x00000000;
int isnatt = 0;
uint8_t exchange, flags;
struct ike_header *hdr;
struct iked_message *m;
if (buf == NULL || (hdr = ibuf_seek(msg->msg_data,
msg->msg_offset, sizeof(*hdr))) == NULL)
return (-1);
isnatt = (msg->msg_natt || (msg->msg_sa && msg->msg_sa->sa_natt));
exchange = hdr->ike_exchange;
flags = hdr->ike_flags;
log_info("%s: %s %s from %s to %s msgid %u, %ld bytes%s", __func__,
print_map(exchange, ikev2_exchange_map),
(flags & IKEV2_FLAG_RESPONSE) ? "response" : "request",
print_host((struct sockaddr *)&msg->msg_local, NULL, 0),
print_host((struct sockaddr *)&msg->msg_peer, NULL, 0),
betoh32(hdr->ike_msgid),
ibuf_length(buf), isnatt ? ", NAT-T" : "");
if (isnatt) {
if (ibuf_prepend(buf, &natt, sizeof(natt)) == -1) {
log_debug("%s: failed to set NAT-T", __func__);
return (-1);
}
msg->msg_offset += sizeof(natt);
}
if (sendtofrom(msg->msg_fd, ibuf_data(buf), ibuf_size(buf), 0,
(struct sockaddr *)&msg->msg_peer, msg->msg_peerlen,
(struct sockaddr *)&msg->msg_local, msg->msg_locallen) == -1) {
log_warn("%s: sendtofrom", __func__);
return (-1);
}
if (!sa)
return (0);
if ((m = ikev2_msg_copy(env, msg)) == NULL) {
log_debug("%s: failed to copy a message", __func__);
return (-1);
}
m->msg_exchange = exchange;
if (flags & IKEV2_FLAG_RESPONSE) {
TAILQ_INSERT_TAIL(&sa->sa_responses, m, msg_entry);
timer_set(env, &m->msg_timer, ikev2_msg_response_timeout, m);
timer_add(env, &m->msg_timer, IKED_RESPONSE_TIMEOUT);
} else {
TAILQ_INSERT_TAIL(&sa->sa_requests, m, msg_entry);
timer_set(env, &m->msg_timer, ikev2_msg_retransmit_timeout, m);
timer_add(env, &m->msg_timer, IKED_RETRANSMIT_TIMEOUT);
}
return (0);
}
int recverr(int fd, int ttl)
{
int res;
struct probehdr rcvbuf;
char cbuf[512];
struct iovec iov;
struct msghdr msg;
struct cmsghdr *cmsg;
struct sock_extended_err *e;
struct sockaddr_in addr;
struct timeval tv;
struct timeval *rettv;
int slot;
int rethops;
int sndhops;
int progress = -1;
int broken_router;
char hnamebuf[NI_MAXHOST] = "";
restart:
memset(&rcvbuf, -1, sizeof(rcvbuf));
iov.iov_base = &rcvbuf;
iov.iov_len = sizeof(rcvbuf);
msg.msg_name = (__u8*)&addr;
msg.msg_namelen = sizeof(addr);
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_flags = 0;
msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf);
gettimeofday(&tv, NULL);
res = recvmsg(fd, &msg, MSG_ERRQUEUE);
if (res < 0) {
if (errno == EAGAIN)
return progress;
goto restart;
}
progress = mtu;
rethops = -1;
sndhops = -1;
e = NULL;
rettv = NULL;
slot = ntohs(addr.sin_port) - base_port;
if (slot>=0 && slot < 63 && his[slot].hops) {
sndhops = his[slot].hops;
rettv = &his[slot].sendtime;
his[slot].hops = 0;
}
broken_router = 0;
if (res == sizeof(rcvbuf)) {
if (rcvbuf.ttl == 0 || rcvbuf.tv.tv_sec == 0) {
broken_router = 1;
} else {
sndhops = rcvbuf.ttl;
rettv = &rcvbuf.tv;
}
}
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
if (cmsg->cmsg_level == SOL_IP) {
if (cmsg->cmsg_type == IP_RECVERR) {
e = (struct sock_extended_err *) CMSG_DATA(cmsg);
} else if (cmsg->cmsg_type == IP_TTL) {
memcpy(&rethops, CMSG_DATA(cmsg), sizeof(rethops));
} else {
printf("cmsg:%d\n ", cmsg->cmsg_type);
}
}
}
if (e == NULL) {
printf("no info\n");
return 0;
}
if (e->ee_origin == SO_EE_ORIGIN_LOCAL) {
printf("%2d?: %*s ", ttl, -(HOST_COLUMN_SIZE - 1), "[LOCALHOST]");
} else if (e->ee_origin == SO_EE_ORIGIN_ICMP) {
char abuf[128];
struct sockaddr_in *sin = (struct sockaddr_in*)(e+1);
inet_ntop(AF_INET, &sin->sin_addr, abuf, sizeof(abuf));
if (sndhops>0)
printf("%2d: ", sndhops);
else
printf("%2d?: ", ttl);
if (!no_resolve || show_both) {
fflush(stdout);
getnameinfo((struct sockaddr *) sin, sizeof *sin, hnamebuf, sizeof hnamebuf, NULL, 0, getnameinfo_flags);
}
if (no_resolve)
print_host(abuf, hnamebuf, show_both);
else
print_host(hnamebuf, abuf, show_both);
}
if (rettv) {
int diff = (tv.tv_sec-rettv->tv_sec)*1000000+(tv.tv_usec-rettv->tv_usec);
printf("%3d.%03dms ", diff/1000, diff%1000);
if (broken_router)
printf("(This broken router returned corrupted payload) ");
}
if (rethops<=64)
rethops = 65-rethops;
else if (rethops<=128)
rethops = 129-rethops;
else
rethops = 256-rethops;
switch (e->ee_errno) {
case ETIMEDOUT:
printf("\n");
break;
case EMSGSIZE:
printf("pmtu %d\n", e->ee_info);
mtu = e->ee_info;
progress = mtu;
break;
case ECONNREFUSED:
printf("reached\n");
hops_to = sndhops<0 ? ttl : sndhops;
hops_from = rethops;
return 0;
case EPROTO:
printf("!P\n");
return 0;
case EHOSTUNREACH:
if (e->ee_origin == SO_EE_ORIGIN_ICMP &&
e->ee_type == 11 &&
e->ee_code == 0) {
if (rethops>=0) {
if (sndhops>=0 && rethops != sndhops)
printf("asymm %2d ", rethops);
else if (sndhops<0 && rethops != ttl)
printf("asymm %2d ", rethops);
}
printf("\n");
break;
}
printf("!H\n");
return 0;
case ENETUNREACH:
printf("!N\n");
return 0;
case EACCES:
printf("!A\n");
return 0;
default:
printf("\n");
errno = e->ee_errno;
perror("NET ERROR");
return 0;
}
goto restart;
}
void
print_state(struct pfsync_state *s, int opts)
{
struct pfsync_state_peer *src, *dst;
struct pfsync_state_key *sk, *nk;
int min, sec, sidx, didx;
if (s->direction == PF_OUT) {
src = &s->src;
dst = &s->dst;
sk = &s->key[PF_SK_STACK];
nk = &s->key[PF_SK_WIRE];
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
sk->port[0] = nk->port[0];
} else {
src = &s->dst;
dst = &s->src;
sk = &s->key[PF_SK_WIRE];
nk = &s->key[PF_SK_STACK];
if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
sk->port[1] = nk->port[1];
}
printf("%s ", s->ifname);
printf("%s ", ipproto_string(s->proto));
if (nk->af != sk->af)
sidx = 1, didx = 0;
else
sidx = 0, didx = 1;
print_host(&nk->addr[didx], nk->port[didx], nk->af, nk->rdomain, NULL, opts);
if (nk->af != sk->af || PF_ANEQ(&nk->addr[1], &sk->addr[1], nk->af) ||
nk->port[1] != sk->port[1]) {
printf(" (");
print_host(&sk->addr[1], sk->port[1], sk->af, sk->rdomain,
NULL, opts);
printf(")");
}
if (s->direction == PF_OUT)
printf(" -> ");
else
printf(" <- ");
print_host(&nk->addr[sidx], nk->port[sidx], nk->af, nk->rdomain, NULL,
opts);
if (nk->af != sk->af || PF_ANEQ(&nk->addr[0], &sk->addr[0], nk->af) ||
nk->port[0] != sk->port[0]) {
printf(" (");
print_host(&sk->addr[0], sk->port[0], sk->af, sk->rdomain, NULL,
opts);
printf(")");
}
printf(" ");
if (s->proto == IPPROTO_TCP) {
if (src->state <= TCPS_TIME_WAIT &&
dst->state <= TCPS_TIME_WAIT)
printf("\n %s:%s", tcpstates[src->state],
tcpstates[dst->state]);
else if (src->state == PF_TCPS_PROXY_SRC ||
dst->state == PF_TCPS_PROXY_SRC)
printf("\n PROXY:SRC");
else if (src->state == PF_TCPS_PROXY_DST ||
dst->state == PF_TCPS_PROXY_DST)
printf("\n PROXY:DST");
else
printf("\n <BAD STATE LEVELS %u:%u>",
src->state, dst->state);
if (opts & PF_OPT_VERBOSE) {
printf("\n ");
print_seq(src);
if (src->wscale && dst->wscale)
printf(" wscale %u",
src->wscale & PF_WSCALE_MASK);
printf(" ");
print_seq(dst);
if (src->wscale && dst->wscale)
printf(" wscale %u",
dst->wscale & PF_WSCALE_MASK);
}
} else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES &&
dst->state < PFUDPS_NSTATES) {
const char *states[] = PFUDPS_NAMES;
printf(" %s:%s", states[src->state], states[dst->state]);
} else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES &&
dst->state < PFOTHERS_NSTATES) {
/* XXX ICMP doesn't really have state levels */
const char *states[] = PFOTHERS_NAMES;
printf(" %s:%s", states[src->state], states[dst->state]);
} else {
printf(" %u:%u", src->state, dst->state);
}
if (opts & PF_OPT_VERBOSE) {
u_int64_t packets[2];
u_int64_t bytes[2];
u_int32_t creation = ntohl(s->creation);
u_int32_t expire = ntohl(s->expire);
sec = creation % 60;
creation /= 60;
min = creation % 60;
creation /= 60;
printf("\n age %.2u:%.2u:%.2u", creation, min, sec);
sec = expire % 60;
expire /= 60;
min = expire % 60;
expire /= 60;
printf(", expires in %.2u:%.2u:%.2u", expire, min, sec);
bcopy(s->packets[0], &packets[0], sizeof(u_int64_t));
bcopy(s->packets[1], &packets[1], sizeof(u_int64_t));
bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t));
bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t));
printf(", %llu:%llu pkts, %llu:%llu bytes",
betoh64(packets[0]),
betoh64(packets[1]),
betoh64(bytes[0]),
betoh64(bytes[1]));
if (s->anchor != -1)
printf(", anchor %u", ntohl(s->anchor));
if (s->rule != -1)
printf(", rule %u", ntohl(s->rule));
}
if (opts & PF_OPT_VERBOSE2) {
u_int64_t id;
bcopy(&s->id, &id, sizeof(u_int64_t));
printf("\n id: %016llx creatorid: %08x",
betoh64(id), ntohl(s->creatorid));
}
}
static void
print_obj(enum journal_operation ope, void *obj)
{
switch (ope) {
case GFM_JOURNAL_BEGIN:
case GFM_JOURNAL_END:
break;
case GFM_JOURNAL_HOST_ADD:
print_host(obj);
break;
case GFM_JOURNAL_HOST_MODIFY: {
struct db_host_modify_arg *m = obj;
print_host(&m->hi);
if (opt_verbose) {
print_modflags(m->modflags, host_modflag_info);
if (m->add_count > 0)
print_stringlist("add_aliases",
m->add_aliases);
if (m->del_count > 0)
print_stringlist("del_aliases",
m->del_aliases);
}
break;
}
case GFM_JOURNAL_USER_ADD:
print_user(obj);
break;
case GFM_JOURNAL_USER_MODIFY: {
struct db_user_modify_arg *m = obj;
print_user(&m->ui);
if (opt_verbose)
print_modflags(m->modflags, user_modflag_info);
break;
}
case GFM_JOURNAL_GROUP_ADD:
print_group(obj);
break;
case GFM_JOURNAL_GROUP_MODIFY: {
struct db_group_modify_arg *m = obj;
print_group(&m->gi);
if (opt_verbose) {
print_modflags(m->modflags, NULL);
if (m->add_count > 0)
print_stringlist("add_users",
m->add_users);
if (m->del_count > 0)
print_stringlist("del_users",
m->del_users);
}
break;
}
case GFM_JOURNAL_HOST_REMOVE:
case GFM_JOURNAL_USER_REMOVE:
case GFM_JOURNAL_GROUP_REMOVE:
case GFM_JOURNAL_MDHOST_REMOVE:
printf("name=%s", (const char *)obj);
break;
case GFM_JOURNAL_INODE_ADD:
case GFM_JOURNAL_INODE_MODIFY:
print_stat(obj);
break;
case GFM_JOURNAL_INODE_GEN_MODIFY:
case GFM_JOURNAL_INODE_NLINK_MODIFY:
case GFM_JOURNAL_INODE_SIZE_MODIFY: {
struct db_inode_uint64_modify_arg *m = obj;
printf("ino=%" GFARM_PRId64, m->inum);
if (opt_verbose)
printf(";uint64=%" GFARM_PRId64 "", m->uint64);
break;
}
case GFM_JOURNAL_INODE_MODE_MODIFY: {
struct db_inode_uint32_modify_arg *m = obj;
printf("ino=%" GFARM_PRId64, m->inum);
if (opt_verbose)
printf(";uint32=%d", m->uint32);
break;
}
case GFM_JOURNAL_INODE_USER_MODIFY:
case GFM_JOURNAL_INODE_GROUP_MODIFY: {
struct db_inode_string_modify_arg *m = obj;
printf("ino=%" GFARM_PRId64, m->inum);
if (opt_verbose)
printf(";string=%s", m->string);
break;
}
case GFM_JOURNAL_INODE_ATIME_MODIFY:
case GFM_JOURNAL_INODE_MTIME_MODIFY:
case GFM_JOURNAL_INODE_CTIME_MODIFY: {
struct db_inode_timespec_modify_arg *m = obj;
printf("ino=%" GFARM_PRId64, m->inum);
if (opt_verbose)
print_timespec("time", &m->time);
break;
}
case GFM_JOURNAL_INODE_CKSUM_ADD:
case GFM_JOURNAL_INODE_CKSUM_MODIFY: {
struct db_inode_cksum_arg *m = obj;
printf("ino=%" GFARM_PRId64, m->inum);
if (opt_verbose)
printf(";type=%s;len=%lu", m->type,
(unsigned long)m->len);
break;
}
case GFM_JOURNAL_INODE_CKSUM_REMOVE:
case GFM_JOURNAL_SYMLINK_REMOVE: {
struct db_inode_inum_arg *m = obj;
printf("ino=%" GFARM_PRId64, m->inum);
break;
}
case GFM_JOURNAL_FILECOPY_ADD:
case GFM_JOURNAL_FILECOPY_REMOVE: {
struct db_filecopy_arg *m = obj;
printf("ino=%" GFARM_PRId64, m->inum);
if (opt_verbose)
printf(";hostname=%s", m->hostname);
break;
}
case GFM_JOURNAL_DEADFILECOPY_ADD:
case GFM_JOURNAL_DEADFILECOPY_REMOVE: {
struct db_deadfilecopy_arg *m = obj;
printf("ino=%" GFARM_PRId64, m->inum);
if (opt_verbose)
printf(";igen=%" GFARM_PRId64 ";hostname=%s",
m->igen, m->hostname);
break;
}
case GFM_JOURNAL_DIRENTRY_ADD:
case GFM_JOURNAL_DIRENTRY_REMOVE: {
struct db_direntry_arg *m = obj;
printf("ino=%" GFARM_PRId64, m->dir_inum);
if (opt_verbose)
printf(";entry_ino=%" GFARM_PRId64
";entry_name=%s;entry_len=%d",
m->entry_inum, m->entry_name, m->entry_len);
break;
}
case GFM_JOURNAL_SYMLINK_ADD: {
struct db_symlink_arg *m = obj;
printf("ino=%" GFARM_PRId64, m->inum);
if (opt_verbose)
printf(";source_path=%s", m->source_path);
break;
}
case GFM_JOURNAL_XATTR_ADD:
case GFM_JOURNAL_XATTR_MODIFY:
case GFM_JOURNAL_XATTR_REMOVE:
case GFM_JOURNAL_XATTR_REMOVEALL: {
struct db_xattr_arg *m = obj;
printf("ino=%" GFARM_PRId64, m->inum);
if (opt_verbose) {
printf(";xml_mode=%d;attrname=%s;size=%lu",
m->xmlMode, m->attrname, (unsigned long)m->size);
print_bin_value("value", m->value, m->size);
}
break;
}
case GFM_JOURNAL_QUOTA_ADD:
case GFM_JOURNAL_QUOTA_MODIFY: {
struct db_quota_arg *m = obj;
printf("name=%s;is_group=%d", m->name, m->is_group);
if (opt_verbose)
print_quota(&m->quota);
break;
}
case GFM_JOURNAL_QUOTA_REMOVE: {
struct db_quota_remove_arg *m = obj;
printf("name=%s;is_group=%d", m->name, m->is_group);
break;
}
case GFM_JOURNAL_MDHOST_ADD:
print_mdhost(obj);
break;
case GFM_JOURNAL_MDHOST_MODIFY: {
struct db_mdhost_modify_arg *m = obj;
print_mdhost(&m->ms);
break;
}
case GFM_JOURNAL_FSNGROUP_MODIFY: {
struct db_fsngroup_modify_arg *m = obj;
print_fsngroup_modify(m->hostname, m->fsngroupname);
break;
}
default:
break;
}
}
int recverr(int fd, int ttl)
{
int res;
struct probehdr rcvbuf;
char cbuf[512];
struct iovec iov;
struct msghdr msg;
struct cmsghdr *cmsg;
struct sock_extended_err *e;
struct sockaddr_storage addr;
struct timeval tv;
struct timeval *rettv;
int slot = 0;
int rethops;
int sndhops;
int progress = -1;
int broken_router;
restart:
memset(&rcvbuf, -1, sizeof(rcvbuf));
iov.iov_base = &rcvbuf;
iov.iov_len = sizeof(rcvbuf);
msg.msg_name = (caddr_t)&addr;
msg.msg_namelen = sizeof(addr);
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_flags = 0;
msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf);
gettimeofday(&tv, NULL);
res = recvmsg(fd, &msg, MSG_ERRQUEUE);
if (res < 0) {
if (errno == EAGAIN)
return progress;
goto restart;
}
progress = mtu;
rethops = -1;
sndhops = -1;
e = NULL;
rettv = NULL;
slot = -base_port;
switch (family) {
case AF_INET6:
slot += ntohs(((struct sockaddr_in6 *)&addr)->sin6_port);
break;
case AF_INET:
slot += ntohs(((struct sockaddr_in *)&addr)->sin_port);
break;
}
if (slot >= 0 && slot < 63 && his[slot].hops) {
sndhops = his[slot].hops;
rettv = &his[slot].sendtime;
his[slot].hops = 0;
}
broken_router = 0;
if (res == sizeof(rcvbuf)) {
if (rcvbuf.ttl == 0 || rcvbuf.tv.tv_sec == 0)
broken_router = 1;
else {
sndhops = rcvbuf.ttl;
rettv = &rcvbuf.tv;
}
}
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
switch (cmsg->cmsg_level) {
case SOL_IPV6:
switch(cmsg->cmsg_type) {
case IPV6_RECVERR:
e = (struct sock_extended_err *)CMSG_DATA(cmsg);
break;
case IPV6_HOPLIMIT:
#ifdef IPV6_2292HOPLIMIT
case IPV6_2292HOPLIMIT:
#endif
memcpy(&rethops, CMSG_DATA(cmsg), sizeof(rethops));
break;
default:
printf("cmsg6:%d\n ", cmsg->cmsg_type);
}
break;
case SOL_IP:
switch(cmsg->cmsg_type) {
case IP_RECVERR:
e = (struct sock_extended_err *)CMSG_DATA(cmsg);
break;
case IP_TTL:
rethops = *(__u8*)CMSG_DATA(cmsg);
break;
default:
printf("cmsg4:%d\n ", cmsg->cmsg_type);
}
}
}
if (e == NULL) {
printf("no info\n");
return 0;
}
if (e->ee_origin == SO_EE_ORIGIN_LOCAL)
printf("%2d?: %-32s ", ttl, "[LOCALHOST]");
else if (e->ee_origin == SO_EE_ORIGIN_ICMP6 ||
e->ee_origin == SO_EE_ORIGIN_ICMP) {
char abuf[NI_MAXHOST], hbuf[NI_MAXHOST];
struct sockaddr *sa = (struct sockaddr *)(e + 1);
socklen_t salen;
if (sndhops>0)
printf("%2d: ", sndhops);
else
printf("%2d?: ", ttl);
switch (sa->sa_family) {
case AF_INET6:
salen = sizeof(struct sockaddr_in6);
break;
case AF_INET:
salen = sizeof(struct sockaddr_in);
break;
default:
salen = 0;
}
if (no_resolve || show_both) {
if (getnameinfo(sa, salen,
abuf, sizeof(abuf), NULL, 0,
NI_NUMERICHOST))
strcpy(abuf, "???");
} else
abuf[0] = 0;
if (!no_resolve || show_both) {
fflush(stdout);
if (getnameinfo(sa, salen,
hbuf, sizeof(hbuf), NULL, 0,
0
#ifdef USE_IDN
| NI_IDN
#endif
))
strcpy(hbuf, "???");
} else
hbuf[0] = 0;
if (no_resolve)
print_host(abuf, hbuf, show_both);
else
print_host(hbuf, abuf, show_both);
}
if (rettv) {
int diff = (tv.tv_sec-rettv->tv_sec)*1000000+(tv.tv_usec-rettv->tv_usec);
printf("%3d.%03dms ", diff/1000, diff%1000);
if (broken_router)
printf("(This broken router returned corrupted payload) ");
}
if (rethops<=64)
rethops = 65-rethops;
else if (rethops<=128)
rethops = 129-rethops;
else
rethops = 256-rethops;
switch (e->ee_errno) {
case ETIMEDOUT:
printf("\n");
break;
case EMSGSIZE:
printf("pmtu %d\n", e->ee_info);
mtu = e->ee_info;
progress = mtu;
break;
case ECONNREFUSED:
printf("reached\n");
hops_to = sndhops<0 ? ttl : sndhops;
hops_from = rethops;
return 0;
case EPROTO:
printf("!P\n");
return 0;
case EHOSTUNREACH:
if ((e->ee_origin == SO_EE_ORIGIN_ICMP &&
e->ee_type == 11 &&
e->ee_code == 0) ||
(e->ee_origin == SO_EE_ORIGIN_ICMP6 &&
e->ee_type == 3 &&
e->ee_code == 0)) {
if (rethops>=0) {
if (sndhops>=0 && rethops != sndhops)
printf("asymm %2d ", rethops);
else if (sndhops<0 && rethops != ttl)
printf("asymm %2d ", rethops);
}
printf("\n");
break;
}
printf("!H\n");
return 0;
case ENETUNREACH:
printf("!N\n");
return 0;
case EACCES:
printf("!A\n");
return 0;
default:
printf("\n");
errno = e->ee_errno;
perror("NET ERROR");
return 0;
}
goto restart;
}
int main(int argc, char **argv)
{
char *dev;
int oldMonitor, newMonitor;
u_char packet[4096];
int pktlen;
wiviz_cfg cfg;
int i;
int defaultHopSeq[] = { 1, 3, 6, 8, 11 };
int s, one;
memset(&cfg, 0, sizeof(cfg));
#ifdef HAVE_RT2880
wl_dev = "ra0";
#elif HAVE_MADWIFI
wl_dev = nvram_safe_get("wifi_display");
#else
char tmp[32];
sprintf(tmp, "%s_ifname", nvram_safe_get("wifi_display"));
wl_dev = nvram_safe_get(tmp);
#endif
if (argc > 1)
if (!strcmp(argv[1], "terminate")) {
#ifdef HAVE_MADWIFI
// return to original channel
#ifdef HAVE_ATH9K
if (!is_ath9k(wl_dev))
#endif
{
sysprintf("iwconfig %s channel %sM", get_monitor(), nvram_nget("%s_channel", nvram_safe_get("wifi_display")));
sleep(1);
sysprintf("ifconfig %s down", get_monitor());
if (is_ar5008(nvram_safe_get("wifi_display"))) {
sysprintf("80211n_wlanconfig %s destroy", get_monitor());
} else {
sysprintf("wlanconfig %s destroy", get_monitor());
}
}
#elif HAVE_RT2880
nvram_set("wl0_mode", nvram_safe_get("wl0_oldmode"));
sysprintf("startservice configurewifi");
if (nvram_match("wl0_mode", "sta") || nvram_match("wl0_mode", "apsta")) {
sysprintf("startstop wan");
}
#else
oldMonitor = 0;
wl_ioctl(wl_dev, WLC_SET_MONITOR, &oldMonitor, 4);
#endif
return 0;
}
global_cfg = &cfg;
signal(SIGUSR1, &signal_handler);
signal(SIGUSR2, &signal_handler);
printf("Wi-Viz 2 infogathering daemon by Nathan True\n");
printf("http://wiviz.natetrue.com\n");
memset(&cfg, 0, sizeof(wiviz_cfg));
cfg.numHosts = 0;
cfg.lastKeepAlive = time(NULL);
cfg.channelHopping = 0;
cfg.channelDwellTime = 1000;
cfg.channelHopSeqLen = 5;
memcpy(cfg.channelHopSeq, defaultHopSeq, sizeof(defaultHopSeq));
#if !defined(HAVE_MADWIFI) && !defined(HAVE_RT2880)
wl_ioctl(wl_dev, WLC_GET_MAGIC, &i, 4);
if (i != WLC_IOCTL_MAGIC) {
printf("Wireless magic not correct, not querying wl for info %X!=%X\n", i, WLC_IOCTL_MAGIC);
cfg.readFromWl = 0;
} else {
cfg.readFromWl = 1;
wl_ioctl(wl_dev, WLC_GET_MONITOR, &oldMonitor, 4);
newMonitor = 1;
wl_ioctl(wl_dev, WLC_SET_MONITOR, &newMonitor, 4);
}
#elif HAVE_RT2880
nvram_set("wl0_oldmode", nvram_safe_get("wl0_mode"));
nvram_set("wl0_mode", "sta");
if (!nvram_match("wl0_oldmode", "sta"))
sysprintf("startservice configurewifi");
sysprintf("iwconfig ra0 mode monitor");
cfg.readFromWl = 1;
#else
#ifdef HAVE_ATH9K
if (!is_ath9k(nvram_safe_get("wifi_display")))
#endif
{
if (is_ar5008(nvram_safe_get("wifi_display"))) {
sysprintf("80211n_wlanconfig %s create wlandev %s wlanmode monitor", get_monitor(), getWifi(nvram_safe_get("wifi_display")));
} else {
sysprintf("wlanconfig %s create wlandev %s wlanmode monitor", get_monitor(), getWifi(nvram_safe_get("wifi_display")));
}
sysprintf("ifconfig %s up", get_monitor());
}
cfg.readFromWl = 1;
#endif
reloadConfig();
#if defined(HAVE_MADWIFI) || defined(HAVE_RT2880)
s = openMonitorSocket(get_monitor()); // for testing we use ath0
#else
if (nvram_match("wifi_display", "wl1"))
s = openMonitorSocket("prism1");
else
s = openMonitorSocket("prism0");
#endif
if (s == -1)
return;
one = 1;
ioctl(s, FIONBIO, (char *)&one);
if (cfg.readFromWl) {
readWL(&cfg);
}
#ifdef WIVIZ_GPS
gps_init(&cfg);
#endif
while (!stop) {
#ifdef WIVIZ_GPS
gps_tick();
#else
if (time(NULL) - cfg.lastKeepAlive > 30)
stop = 1;
#endif
pktlen = recv(s, packet, 4096, 0);
if (pktlen <= 0)
continue;
dealWithPacket(&cfg, pktlen, packet);
}
signal_handler(SIGUSR1);
if (cfg.channelHopperPID)
kill(cfg.channelHopperPID, SIGKILL);
#ifndef WIVIZ_GPS
for (i = 0; i < MAX_HOSTS; i++) {
print_host(stderr, cfg.hosts + i);
if (cfg.hosts[i].occupied)
printf("\n");
if (cfg.hosts[i].apInfo)
free(cfg.hosts[i].apInfo);
if (cfg.hosts[i].staInfo)
free(cfg.hosts[i].staInfo);
}
#endif
close(s);
return 0;
}
void
print_state(struct pf_state *s, int opts)
{
struct pf_state_peer *src, *dst;
struct protoent *p;
u_int8_t hrs, min, sec;
if (s->direction == PF_OUT) {
src = &s->src;
dst = &s->dst;
} else {
src = &s->dst;
dst = &s->src;
}
if ((p = getprotobynumber(s->proto)) != NULL)
printf("%s ", p->p_name);
else
printf("%u ", s->proto);
if (PF_ANEQ(&s->lan.addr, &s->gwy.addr, s->af) ||
(s->lan.port != s->gwy.port)) {
print_host(&s->lan, s->af);
if (s->direction == PF_OUT)
printf(" -> ");
else
printf(" <- ");
}
print_host(&s->gwy, s->af);
if (s->direction == PF_OUT)
printf(" -> ");
else
printf(" <- ");
print_host(&s->ext, s->af);
printf(" ");
if (s->proto == IPPROTO_TCP) {
if (src->state <= TCPS_TIME_WAIT &&
dst->state <= TCPS_TIME_WAIT) {
printf(" %s:%s\n", tcpstates[src->state],
tcpstates[dst->state]);
} else {
printf(" <BAD STATE LEVELS>\n");
}
if (opts & PF_OPT_VERBOSE) {
printf(" ");
print_seq(src);
printf(" ");
print_seq(dst);
printf("\n");
}
} else {
printf(" %u:%u\n", src->state, dst->state);
}
if (opts & PF_OPT_VERBOSE) {
sec = s->creation % 60;
s->creation /= 60;
min = s->creation % 60;
s->creation /= 60;
hrs = s->creation;
printf(" age %.2u:%.2u:%.2u", hrs, min, sec);
sec = s->expire % 60;
s->expire /= 60;
min = s->expire % 60;
s->expire /= 60;
hrs = s->expire;
printf(", expires in %.2u:%.2u:%.2u", hrs, min, sec);
printf(", %u pkts, %u bytes\n", s->packets, s->bytes);
}
}
