← Back to branch summary

~ubuntu-branches/ubuntu/trusty/libdumbnet/trusty

« back to all changes in this revision

Viewing changes to test/dnet/fw.c

  • Committer: Bazaar Package Importer
  • Author(s): Simon Law
  • Date: 2003-11-13 01:44:56 UTC
  • Revision ID: james.westby@ubuntu.com-20031113014456-6bbmmk2g5clgz71s
Tags: upstream-1.7
ImportĀ upstreamĀ versionĀ 1.7

Show diffs side-by-side

added added

removed removed

Lines of Context:
test/dnet/fw.c
 
1
/*
 
2
 * fw.c
 
3
 *
 
4
 * Copyright (c) 2001 Dug Song <dugsong@monkey.org>
 
5
 *
 
6
 * $Id: fw.c,v 1.1 2002/02/08 07:26:58 dugsong Exp $
 
7
 */
 
8
 
 
9
#include "config.h"
 
10
 
 
11
#include <sys/types.h>
 
12
 
 
13
#include <err.h>
 
14
#include <errno.h>
 
15
#include <stdio.h>
 
16
#include <stdlib.h>
 
17
#include <string.h>
 
18
 
 
19
#include "dnet.h"
 
20
#include "mod.h"
 
21
 
 
22
static void
 
23
usage(void)
 
24
{
 
25
        fprintf(stderr, "Usage: dnet fw show\n"
 
26
                        "       dnet fw add|delete allow|block in|out "
 
27
            "<device>|any <proto> <src>[:<sport>[-<max>]] "
 
28
            "<dst>[:<dport>[-<max>]] [<type>[/<code>]]\n");
 
29
        exit(1);
 
30
}
 
31
 
 
32
static int
 
33
print_rule(const struct fw_rule *fr, void *arg)
 
34
{
 
35
        struct protoent *pr;
 
36
        char proto[16], sport[16], dport[16], typecode[16];
 
37
 
 
38
        if ((pr = getprotobynumber(fr->fw_proto)) == NULL)
 
39
                snprintf(proto, sizeof(proto), "%d", fr->fw_proto);
 
40
        else
 
41
                strlcpy(proto, pr->p_name, sizeof(proto));
 
42
 
 
43
        sport[0] = dport[0] = typecode[0] = '\0';
 
44
        
 
45
        switch (fr->fw_proto) {
 
46
        case IP_PROTO_ICMP:
 
47
                if (fr->fw_sport[1] && fr->fw_dport[1]) 
 
48
                        snprintf(typecode, sizeof(typecode), " %d/%d",
 
49
                            fr->fw_sport[0], fr->fw_dport[0]);
 
50
                else if (fr->fw_sport[1])
 
51
                        snprintf(typecode, sizeof(typecode), " %d",
 
52
                            fr->fw_sport[0]);
 
53
                break;
 
54
        case IP_PROTO_TCP:
 
55
        case IP_PROTO_UDP:
 
56
                if (fr->fw_sport[0] == fr->fw_sport[1]) {
 
57
                        if (fr->fw_sport[0])
 
58
                                snprintf(sport, sizeof(sport), ":%d",
 
59
                                    fr->fw_sport[0]);
 
60
                } else
 
61
                        snprintf(sport, sizeof(sport), ":%d-%d",
 
62
                            fr->fw_sport[0], fr->fw_sport[1]);
 
63
                
 
64
                if (fr->fw_dport[0] == fr->fw_dport[1]) {
 
65
                        if (fr->fw_dport[0])
 
66
                                snprintf(dport, sizeof(dport), ":%d",
 
67
                                    fr->fw_dport[0]);
 
68
                } else
 
69
                        snprintf(dport, sizeof(dport), ":%d-%d",
 
70
                            fr->fw_dport[0], fr->fw_dport[1]);
 
71
                break;
 
72
        }
 
73
        printf("%s %s %s %s %s%s %s%s%s\n",
 
74
            fr->fw_op == FW_OP_ALLOW ? "allow" : "block",
 
75
            fr->fw_dir == FW_DIR_IN ? "in" : "out",
 
76
            *fr->fw_device ? fr->fw_device : "any", proto,
 
77
            addr_ntoa(&fr->fw_src), sport, addr_ntoa(&fr->fw_dst),
 
78
            dport, typecode);
 
79
 
 
80
        return (0);
 
81
}
 
82
 
 
83
static int
 
84
arg_to_fr(int argc, char *argv[], struct fw_rule *fr)
 
85
{
 
86
        struct protoent *pr;
 
87
        char *p;
 
88
 
 
89
        if (argc < 6) {
 
90
                errno = EINVAL;
 
91
                return (-1);
 
92
        }
 
93
        memset(fr, 0, sizeof(*fr));
 
94
 
 
95
        fr->fw_op = strcmp(argv[0], "allow") ? FW_OP_BLOCK : FW_OP_ALLOW;
 
96
        
 
97
        fr->fw_dir = strcmp(argv[1], "in") ? FW_DIR_OUT : FW_DIR_IN;
 
98
 
 
99
        if (strcmp(argv[2], "any") != 0)
 
100
                strlcpy(fr->fw_device, argv[2], sizeof(fr->fw_device));
 
101
        
 
102
        if ((pr = getprotobyname(argv[3])) != NULL)
 
103
                fr->fw_proto = pr->p_proto;
 
104
        else
 
105
                fr->fw_proto = atoi(argv[3]);
 
106
 
 
107
        p = strtok(argv[4], ":");
 
108
        
 
109
        if (addr_aton(p, &fr->fw_src) < 0)
 
110
                return (-1);
 
111
 
 
112
        if ((p = strtok(NULL, ":")) != NULL) {
 
113
                fr->fw_sport[0] = (uint16_t)strtol(p, &p, 10);
 
114
                if (*p == '-')
 
115
                        fr->fw_sport[1] = (uint16_t)strtol(p + 1, NULL, 10);
 
116
                else
 
117
                        fr->fw_sport[1] = fr->fw_sport[0];
 
118
        }
 
119
        p = strtok(argv[5], ":");
 
120
        
 
121
        if (addr_aton(p, &fr->fw_dst) < 0)
 
122
                return (-1);
 
123
 
 
124
        if ((p = strtok(NULL, ":")) != NULL) {
 
125
                fr->fw_dport[0] = (uint16_t)strtol(p, &p, 10);
 
126
                if (*p == '-')
 
127
                        fr->fw_dport[1] = (uint16_t)strtol(p + 1, NULL, 10);
 
128
                else
 
129
                        fr->fw_dport[1] = fr->fw_dport[0];
 
130
        }
 
131
        if (argc > 6) {
 
132
                if (fr->fw_proto != IP_PROTO_ICMP &&
 
133
                    fr->fw_proto != IP_PROTO_IGMP) {
 
134
                        errno = EINVAL;
 
135
                        return (-1);
 
136
                }
 
137
                fr->fw_sport[0] = (uint16_t)strtol(argv[6], &p, 10);
 
138
                fr->fw_sport[1] = 0xff;
 
139
                if (*p == '/') {
 
140
                        fr->fw_dport[0] = (uint16_t)strtol(p + 1, NULL, 10);
 
141
                        fr->fw_dport[1] = 0xff;
 
142
                }
 
143
        }
 
144
        return (0);
 
145
}
 
146
 
 
147
int
 
148
fw_main(int argc, char *argv[])
 
149
{
 
150
        struct fw_rule fr;
 
151
        fw_t *fw;
 
152
        
 
153
        if (argc < 2 || *(argv[1]) == '-')
 
154
                usage();
 
155
 
 
156
        if ((fw = fw_open()) == NULL)
 
157
                err(1, "fw_open");
 
158
        
 
159
        if (argc == 2 && strcmp(argv[1], "show") == 0) {
 
160
                if (fw_loop(fw, print_rule, NULL) < 0)
 
161
                        err(1, "fw_loop");
 
162
        } else if (argc > 2 && strcmp(argv[1], "add") == 0) {
 
163
                if (arg_to_fr(argc - 2, argv + 2, &fr) < 0)
 
164
                        err(1, "arg_to_fr");
 
165
                printf("+ ");
 
166
                print_rule(&fr, NULL);
 
167
                if (fw_add(fw, &fr) < 0)
 
168
                        err(1, "fw_delete");
 
169
        } else if (argc > 2 && strcmp(argv[1], "delete") == 0) {
 
170
                if (arg_to_fr(argc - 2, argv + 2, &fr) < 0)
 
171
                        err(1, "arg_to_fr");
 
172
                printf("- ");
 
173
                print_rule(&fr, NULL);
 
174
                if (fw_delete(fw, &fr) < 0)
 
175
                        err(1, "fw_delete");
 
176
        } else
 
177
                usage();
 
178
        
 
179
        fw_close(fw);
 
180
 
 
181
        exit(0);
 
182
}
 
183
 
 
184
struct mod mod_fw = {
 
185
        "fw",
 
186
        MOD_TYPE_KERN,
 
187
        fw_main
 
188
};