main()
{
int i;
char *buf;
for (i = 0; i < nitems(requests); i++) {
printf("* requests:[%s]\n", requests[i]);
if ((buf = setpolicy(requests[i])) == NULL)
continue;
printf("\tsetlen:%d\n", PFKEY_EXTLEN(buf));
printf("\tPF_INET:\n");
test(buf, PF_INET);
printf("\tPF_INET6:\n");
test(buf, PF_INET6);
free(buf);
}
}
int
main(int argc, char **argv)
{
int opt, status, sock, count;
char *conf_filename;
ipv6das_cmd_t ipv6das_cmd = IPV6DAS_PRINTPOLICY;
ip6_asp_t *policy_table;
myname = *argv;
(void) setlocale(LC_ALL, "");
#if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
#define TEXT_DOMAIN "SYS_TEST"
#endif
(void) textdomain(TEXT_DOMAIN);
while ((opt = getopt(argc, argv, "df:")) != EOF)
switch (opt) {
case 'd':
ipv6das_cmd = IPV6DAS_SETDEFAULT;
break;
case 'f':
conf_filename = optarg;
ipv6das_cmd = IPV6DAS_SETPOLICY;
break;
default:
usage();
return (EXIT_FAILURE);
}
if (argc > optind) {
/* shouldn't be any extra args */
usage();
return (EXIT_FAILURE);
}
/* Open a socket that we can use to send ioctls down to IP. */
if ((sock = socket(PF_INET6, SOCK_DGRAM, 0)) == -1) {
perror("socket");
return (EXIT_FAILURE);
}
switch (ipv6das_cmd) {
case IPV6DAS_SETPOLICY:
if ((count = parseconf(conf_filename, &policy_table)) <= 0)
return (EXIT_FAILURE);
status = setpolicy(sock, policy_table, count);
free(policy_table);
break;
case IPV6DAS_SETDEFAULT:
status = setpolicy(sock, NULL, 0);
break;
case IPV6DAS_PRINTPOLICY:
default:
status = printpolicy(sock);
break;
}
(void) close(sock);
return (status);
}
/*
* The out of control system call
* This is audit kitchen sink aka auditadm, aka auditon
*/
int
auditctl(
int cmd,
caddr_t data,
int length)
{
int result;
switch (cmd) {
case A_GETAMASK:
case A_GETCOND:
case A_GETCAR:
case A_GETCLASS:
case A_GETCWD:
case A_GETKAUDIT:
case A_GETKMASK:
case A_GETPINFO:
case A_GETPINFO_ADDR:
case A_GETPOLICY:
case A_GETQCTRL:
case A_GETSTAT:
if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0)
return (EPERM);
break;
default:
if (secpolicy_audit_config(CRED()) != 0)
return (EPERM);
break;
}
switch (cmd) {
case A_GETPOLICY:
result = getpolicy(data);
break;
case A_SETPOLICY:
result = setpolicy(data);
break;
case A_GETAMASK:
result = getamask(data);
break;
case A_SETAMASK:
result = setamask(data);
break;
case A_GETKMASK:
result = getkmask(data);
break;
case A_SETKMASK:
result = setkmask(data);
break;
case A_GETKAUDIT:
result = getkaudit(data, length);
break;
case A_SETKAUDIT:
result = setkaudit(data, length);
break;
case A_GETQCTRL:
result = getqctrl(data);
break;
case A_SETQCTRL:
result = setqctrl(data);
break;
case A_GETCWD:
result = getcwd(data, length);
break;
case A_GETCAR:
result = getcar(data, length);
break;
case A_GETSTAT:
result = getstat(data);
break;
case A_SETSTAT:
result = setstat(data);
break;
case A_SETUMASK:
result = setumask(data);
break;
case A_SETSMASK:
result = setsmask(data);
break;
case A_GETCOND:
result = getcond(data);
break;
case A_SETCOND:
result = setcond(data);
break;
case A_GETCLASS:
result = getclass(data);
break;
case A_SETCLASS:
result = setclass(data);
break;
case A_GETPINFO:
result = getpinfo(data);
break;
case A_GETPINFO_ADDR:
result = getpinfo_addr(data, length);
break;
case A_SETPMASK:
result = setpmask(data);
break;
default:
result = EINVAL;
break;
}
return (result);
}
int main(int ac, char **av)
{
int c, i, nnodes=0;
long node=-1;
char *end;
char shortopts[array_len(opts)*2 + 1];
struct bitmask *mask = NULL;
get_short_opts(opts,shortopts);
while ((c = getopt_long(ac, av, shortopts, opts, NULL)) != -1) {
switch (c) {
case 's': /* --show */
show();
exit(0);
case 'H': /* --hardware */
nopolicy();
hardware();
exit(0);
case 'i': /* --interleave */
checknuma();
mask = numactl_parse_nodestring(optarg);
if (!mask) {
printf ("<%s> is invalid\n", optarg);
usage();
}
errno = 0;
setpolicy(MPOL_INTERLEAVE);
if (shmfd >= 0)
numa_interleave_memory(shmptr, shmlen, mask);
else
numa_set_interleave_mask(mask);
checkerror("setting interleave mask");
break;
case 'N': /* --cpunodebind */
case 'c': /* --cpubind */
dontshm("-c/--cpubind/--cpunodebind");
checknuma();
mask = numactl_parse_nodestring(optarg);
if (!mask) {
printf ("<%s> is invalid\n", optarg);
usage();
}
errno = 0;
check_cpubind(do_shm);
did_cpubind = 1;
numa_run_on_node_mask(mask);
checkerror("sched_setaffinity");
break;
case 'C': /* --physcpubind */
{
struct bitmask *cpubuf;
dontshm("-C/--physcpubind");
cpubuf = numa_parse_cpustring(optarg);
if (!cpubuf) {
printf ("<%s> is invalid\n", optarg);
usage();
}
errno = 0;
check_cpubind(do_shm);
did_cpubind = 1;
numa_sched_setaffinity(0, cpubuf);
checkerror("sched_setaffinity");
free(cpubuf);
break;
}
case 'm': /* --membind */
checknuma();
setpolicy(MPOL_BIND);
mask = numactl_parse_nodestring(optarg);
if (!mask) {
printf ("<%s> is invalid\n", optarg);
usage();
}
errno = 0;
numa_set_bind_policy(1);
if (shmfd >= 0) {
numa_tonodemask_memory(shmptr, shmlen, mask);
} else {
numa_set_membind(mask);
}
numa_set_bind_policy(0);
checkerror("setting membind");
break;
case 'p': /* --preferred */
checknuma();
setpolicy(MPOL_PREFERRED);
mask = numactl_parse_nodestring(optarg);
if (!mask) {
printf ("<%s> is invalid\n", optarg);
usage();
}
for (i=0; i<mask->size; i++) {
if (numa_bitmask_isbitset(mask, i)) {
node = i;
nnodes++;
}
}
if (nnodes != 1)
usage();
numa_bitmask_free(mask);
errno = 0;
numa_set_bind_policy(0);
if (shmfd >= 0)
numa_tonode_memory(shmptr, shmlen, node);
else
numa_set_preferred(node);
checkerror("setting preferred node");
break;
case 'l': /* --local */
checknuma();
setpolicy(MPOL_DEFAULT);
errno = 0;
if (shmfd >= 0)
numa_setlocal_memory(shmptr, shmlen);
else
numa_set_localalloc();
checkerror("local allocation");
break;
case 'S': /* --shm */
check_cpubind(did_cpubind);
nopolicy();
attach_sysvshm(optarg, "--shm");
shmattached = 1;
break;
case 'f': /* --file */
check_cpubind(did_cpubind);
nopolicy();
attach_shared(optarg, "--file");
shmattached = 1;
break;
case 'L': /* --length */
noshm("--length");
shmlen = memsize(optarg);
break;
case 'M': /* --shmmode */
noshm("--shmmode");
shmmode = strtoul(optarg, &end, 8);
if (end == optarg || *end)
usage();
break;
case 'd': /* --dump */
if (shmfd < 0)
complain(
"Cannot do --dump without shared memory.\n");
dump_shm();
do_dump = 1;
break;
case 'D': /* --dump-nodes */
if (shmfd < 0)
complain(
"Cannot do --dump-nodes without shared memory.\n");
dump_shm_nodes();
do_dump = 1;
break;
case 't': /* --strict */
did_strict = 1;
numa_set_strict(1);
break;
case 'I': /* --shmid */
shmid = strtoul(optarg, &end, 0);
if (end == optarg || *end)
usage();
break;
case 'u': /* --huge */
noshm("--huge");
shmflags |= SHM_HUGETLB;
break;
case 'o': /* --offset */
noshm("--offset");
shmoffset = memsize(optarg);
break;
case 'T': /* --touch */
needshm("--touch");
check_shmbeyond("--touch");
numa_police_memory(shmptr, shmlen);
break;
case 'V': /* --verify */
needshm("--verify");
if (set_policy < 0)
complain("Need a policy first to verify");
check_shmbeyond("--verify");
numa_police_memory(shmptr, shmlen);
if (!mask)
complain("Need a mask to verify");
else
verify_shm(set_policy, mask);
break;
default:
usage();
}
}
av += optind;
ac -= optind;
if (shmfd >= 0) {
if (*av)
usage();
exit(exitcode);
}
if (did_strict)
fprintf(stderr,
"numactl: warning. Strict flag for process ignored.\n");
if (do_dump)
usage_msg("cannot do --dump|--dump-shm for process");
if (shmoption)
usage_msg("shm related option %s for process", shmoption);
if (*av == NULL)
usage();
execvp(*av, av);
complain("execution of `%s': %s\n", av[0], strerror(errno));
return 0; /* not reached */
}