]> git.saurik.com Git - apple/network_cmds.git/blame - dnctl/dnctl.c
projects / apple / network_cmds.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
network_cmds-596.tar.gz
[apple/network_cmds.git] / dnctl / dnctl.c
CommitLineData
7af5ce03 1/*
89c4ed63 2 * Copyright (c) 2002-2015 Apple Inc. All rights reserved.
7af5ce03
A		 3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29/*
30 * Copyright (c) 2002-2003 Luigi Rizzo
31 * Copyright (c) 1996 Alex Nash, Paul Traina, Poul-Henning Kamp
32 * Copyright (c) 1994 Ugen J.S.Antsilevich
33 *
34 * Idea and grammar partially left from:
35 * Copyright (c) 1993 Daniel Boulet
36 *
37 * Redistribution and use in source forms, with and without modification,
38 * are permitted provided that this entire comment appears intact.
39 *
40 * Redistribution in binary form may occur without any restrictions.
41 * Obviously, it would be nice if you gave credit where credit is due
42 * but requiring it would be too onerous.
43 *
44 * This software is provided ``AS IS'' without any warranties of any kind.
45 */
46
47/*
48 * Ripped off ipfw2.c
49 */
50
51#include <sys/param.h>
52#include <sys/socket.h>
53#include <sys/sysctl.h>
54
55#include <ctype.h>
56#include <err.h>
57#include <errno.h>
58#include <netdb.h>
59#include <signal.h>
60#include <stdio.h>
61#include <stdlib.h>
62#include <stdarg.h>
63#include <string.h>
64#include <unistd.h>
65#include <sysexits.h>
66
67#include <net/if.h>
68#include <netinet/in.h>
69#include <netinet/ip.h>
70#include <netinet/ip_dummynet.h>
71#include <arpa/inet.h>
72
9dc66a05
A		 73/*
74 * Limit delay to avoid computation overflow
75 */
76#define MAX_DELAY (INT_MAX / 1000)
77
7af5ce03
A		 78
79int
80do_quiet, /* Be quiet in add and flush */
81do_pipe, /* this cmd refers to a pipe */
82do_sort, /* field to sort results (0 = no) */
83test_only, /* only check syntax */
84verbose;
85
86#define IP_MASK_ALL 0xffffffff
87
88/*
89 * _s_x is a structure that stores a string <-> token pairs, used in
90 * various places in the parser. Entries are stored in arrays,
91 * with an entry with s=NULL as terminator.
92 * The search routines are match_token() and match_value().
93 * Often, an element with x=0 contains an error string.
94 *
95 */
96struct _s_x {
97 char const *s;
98 int x;
99};
100
101enum tokens {
102 TOK_NULL=0,
103
104 TOK_ACCEPT,
105 TOK_COUNT,
106 TOK_PIPE,
107 TOK_QUEUE,
108
109 TOK_PLR,
110 TOK_NOERROR,
111 TOK_BUCKETS,
112 TOK_DSTIP,
113 TOK_SRCIP,
114 TOK_DSTPORT,
115 TOK_SRCPORT,
116 TOK_ALL,
117 TOK_MASK,
118 TOK_BW,
119 TOK_DELAY,
120 TOK_RED,
121 TOK_GRED,
122 TOK_DROPTAIL,
123 TOK_PROTO,
124 TOK_WEIGHT,
125
126 TOK_DSTIP6,
127 TOK_SRCIP6,
128};
129
130struct _s_x dummynet_params[] = {
131 { "plr", TOK_PLR },
132 { "noerror", TOK_NOERROR },
133 { "buckets", TOK_BUCKETS },
134 { "dst-ip", TOK_DSTIP },
135 { "src-ip", TOK_SRCIP },
136 { "dst-port", TOK_DSTPORT },
137 { "src-port", TOK_SRCPORT },
138 { "proto", TOK_PROTO },
139 { "weight", TOK_WEIGHT },
140 { "all", TOK_ALL },
141 { "mask", TOK_MASK },
142 { "droptail", TOK_DROPTAIL },
143 { "red", TOK_RED },
144 { "gred", TOK_GRED },
145 { "bw", TOK_BW },
146 { "bandwidth", TOK_BW },
147 { "delay", TOK_DELAY },
148 { "pipe", TOK_PIPE },
149 { "queue", TOK_QUEUE },
150 { "dst-ipv6", TOK_DSTIP6},
151 { "dst-ip6", TOK_DSTIP6},
152 { "src-ipv6", TOK_SRCIP6},
153 { "src-ip6", TOK_SRCIP6},
154 { "dummynet-params", TOK_NULL },
155 { NULL, 0 } /* terminator */
156};
157
158static void show_usage(void);
159
160
161void n2mask(struct in6_addr *, int );
162unsigned long long align_uint64(const uint64_t *);
163
164/* n2mask sets n bits of the mask */
165void
166n2mask(struct in6_addr *mask, int n)
167{
168 static int minimask[9] =
169 { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
170 u_char *p;
171
172 memset(mask, 0, sizeof(struct in6_addr));
173 p = (u_char *) mask;
174 for (; n > 0; p++, n -= 8) {
175 if (n >= 8)
176 *p = 0xff;
177 else
178 *p = minimask[n];
179 }
180 return;
181}
182
183/*
184 * The following is used to generate a printable argument for
185 * 64-bit numbers, irrespective of platform alignment and bit size.
186 * Because all the printf in this program use %llu as a format,
187 * we just return an unsigned long long, which is larger than
188 * we need in certain cases, but saves the hassle of using
189 * PRIu64 as a format specifier.
190 * We don't care about inlining, this is not performance critical code.
191 */
192unsigned long long
193align_uint64(const uint64_t *pll)
194{
195 uint64_t ret;
196
197 bcopy (pll, &ret, sizeof(ret));
198 return ret;
199}
200
201/*
202 * conditionally runs the command.
203 */
204static int
205do_cmd(int optname, void *optval, socklen_t *optlen)
206{
207 static int s = -1; /* the socket */
208 int i;
209
210 if (test_only)
211 return 0;
212
213 if (s == -1)
214 s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
215 if (s < 0)
216 err(EX_UNAVAILABLE, "socket");
217
218 if (optname == IP_DUMMYNET_GET)
219 i = getsockopt(s, IPPROTO_IP, optname, optval, optlen);
220 else
221 i = setsockopt(s, IPPROTO_IP, optname, optval, optlen ? *optlen : 0);
222 return i;
223}
224
225/**
226 * match_token takes a table and a string, returns the value associated
227 * with the string (-1 in case of failure).
228 */
229static int
230match_token(struct _s_x *table, char *string)
231{
232 struct _s_x *pt;
233 size_t i = strlen(string);
234
235 for (pt = table ; i && pt->s != NULL ; pt++)
236 if (strlen(pt->s) == i && !bcmp(string, pt->s, i))
237 return pt->x;
238 return -1;
239};
240
241static int
242sort_q(const void *pa, const void *pb)
243{
244 int rev = (do_sort < 0);
245 int field = rev ? -do_sort : do_sort;
246 long long res = 0;
247 const struct dn_flow_queue *a = pa;
248 const struct dn_flow_queue *b = pb;
249
250 switch (field) {
251 case 1: /* pkts */
252 res = a->len - b->len;
253 break;
254 case 2: /* bytes */
255 res = a->len_bytes - b->len_bytes;
256 break;
257
258 case 3: /* tot pkts */
259 res = a->tot_pkts - b->tot_pkts;
260 break;
261
262 case 4: /* tot bytes */
263 res = a->tot_bytes - b->tot_bytes;
264 break;
265 }
266 if (res < 0)
267 res = -1;
268 if (res > 0)
269 res = 1;
270 return (int)(rev ? res : -res);
271}
272
273static void
274list_queues(struct dn_flow_set *fs, struct dn_flow_queue *q)
275{
276 int l;
89c4ed63 277 int index_printed = 0, indexes = 0;
7af5ce03
A		 278 char buff[255];
279 struct protoent *pe;
280
281 printf(" mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
282 fs->flow_mask.proto,
283 fs->flow_mask.src_ip, fs->flow_mask.src_port,
284 fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
285 if (fs->rq_elements == 0)
286 return;
287
288 printf("BKT Prot ___Source IP/port____ "
289 "____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp\n");
290 if (do_sort != 0)
291 heapsort(q, fs->rq_elements, sizeof(struct dn_flow_queue), sort_q);
292
293 /* Print IPv4 flows */
294 for (l = 0; l < fs->rq_elements; l++) {
295 struct in_addr ina;
296
297 /* XXX: Should check for IPv4 flows */
298 if (IS_IP6_FLOW_ID(&(q[l].id)))
299 continue;
300
301 if (!index_printed) {
302 index_printed = 1;
303 if (indexes > 0) /* currently a no-op */
304 printf("\n");
305 indexes++;
306 printf(" "
307 "mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
308 fs->flow_mask.proto,
309 fs->flow_mask.src_ip, fs->flow_mask.src_port,
310 fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
311
312 printf("BKT Prot ___Source IP/port____ "
313 "____Dest. IP/port____ "
314 "Tot_pkt/bytes Pkt/Byte Drp\n");
315 }
316
317 printf("%3d ", q[l].hash_slot);
318 pe = getprotobynumber(q[l].id.proto);
319 if (pe)
320 printf("%-4s ", pe->p_name);
321 else
322 printf("%4u ", q[l].id.proto);
323 ina.s_addr = htonl(q[l].id.src_ip);
324 printf("%15s/%-5d ",
325 inet_ntoa(ina), q[l].id.src_port);
326 ina.s_addr = htonl(q[l].id.dst_ip);
327 printf("%15s/%-5d ",
328 inet_ntoa(ina), q[l].id.dst_port);
329 printf("%4llu %8llu %2u %4u %3u\n",
330 align_uint64(&q[l].tot_pkts),
331 align_uint64(&q[l].tot_bytes),
332 q[l].len, q[l].len_bytes, q[l].drops);
333 if (verbose)
334 printf(" S %20llu F %20llu\n",
335 align_uint64(&q[l].S), align_uint64(&q[l].F));
336 }
337
338 /* Print IPv6 flows */
339 index_printed = 0;
340 for (l = 0; l < fs->rq_elements; l++) {
341 if (!IS_IP6_FLOW_ID(&(q[l].id)))
342 continue;
343
344 if (!index_printed) {
345 index_printed = 1;
346 if (indexes > 0)
347 printf("\n");
348 indexes++;
349 printf("\n mask: proto: 0x%02x, flow_id: 0x%08x, ",
350 fs->flow_mask.proto, fs->flow_mask.flow_id6);
351 inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6),
352 buff, sizeof(buff));
353 printf("%s/0x%04x -> ", buff, fs->flow_mask.src_port);
354 inet_ntop( AF_INET6, &(fs->flow_mask.dst_ip6),
355 buff, sizeof(buff) );
356 printf("%s/0x%04x\n", buff, fs->flow_mask.dst_port);
357
358 printf("BKT ___Prot___ _flow-id_ "
359 "______________Source IPv6/port_______________ "
360 "_______________Dest. IPv6/port_______________ "
361 "Tot_pkt/bytes Pkt/Byte Drp\n");
362 }
363 printf("%3d ", q[l].hash_slot);
364 pe = getprotobynumber(q[l].id.proto);
365 if (pe != NULL)
366 printf("%9s ", pe->p_name);
367 else
368 printf("%9u ", q[l].id.proto);
369 printf("%7d %39s/%-5d ", q[l].id.flow_id6,
370 inet_ntop(AF_INET6, &(q[l].id.src_ip6), buff, sizeof(buff)),
371 q[l].id.src_port);
372 printf(" %39s/%-5d ",
373 inet_ntop(AF_INET6, &(q[l].id.dst_ip6), buff, sizeof(buff)),
374 q[l].id.dst_port);
375 printf(" %4llu %8llu %2u %4u %3u\n",
376 align_uint64(&q[l].tot_pkts),
377 align_uint64(&q[l].tot_bytes),
378 q[l].len, q[l].len_bytes, q[l].drops);
379 if (verbose)
380 printf(" S %20llu F %20llu\n",
381 align_uint64(&q[l].S),
382 align_uint64(&q[l].F));
383 }
384}
385
386static void
387print_flowset_parms(struct dn_flow_set *fs, char *prefix)
388{
389 int l;
390 char qs[30];
391 char plr[30];
392 char red[90]; /* Display RED parameters */
393
394 l = fs->qsize;
395 if (fs->flags_fs & DN_QSIZE_IS_BYTES) {
396 if (l >= 8192)
397 snprintf(qs, sizeof(qs), "%d KB", l / 1024);
398 else
399 snprintf(qs, sizeof(qs), "%d B", l);
400 } else
401 snprintf(qs, sizeof(qs), "%3d sl.", l);
402 if (fs->plr)
403 snprintf(plr, sizeof(plr), "plr %f", 1.0 * fs->plr / (double)(0x7fffffff));
404 else
405 plr[0] = '\0';
406 if (fs->flags_fs & DN_IS_RED) /* RED parameters */
407 snprintf(red, sizeof(red),
408 "\n\t %cRED w_q %f min_th %d max_th %d max_p %f",
409 (fs->flags_fs & DN_IS_GENTLE_RED) ? 'G' : ' ',
410 1.0 * fs->w_q / (double)(1 << SCALE_RED),
411 SCALE_VAL(fs->min_th),
412 SCALE_VAL(fs->max_th),
413 1.0 * fs->max_p / (double)(1 << SCALE_RED));
414 else
415 snprintf(red, sizeof(red), "droptail");
416
417 printf("%s %s%s %d queues (%d buckets) %s\n",
418 prefix, qs, plr, fs->rq_elements, fs->rq_size, red);
419}
420
421static void
422list_pipes(void *data, size_t nbytes, int ac, char *av[])
423{
424 unsigned int rulenum;
425 void *next = data;
426 struct dn_pipe *p = (struct dn_pipe *) data;
427 struct dn_flow_set *fs;
428 struct dn_flow_queue *q;
429 size_t l;
430
431 if (ac > 0)
432 rulenum = (unsigned int)strtoul(*av++, NULL, 10);
433 else
434 rulenum = 0;
435 for (; nbytes >= sizeof(struct dn_pipe); p = (struct dn_pipe *)next) {
436 double b = p->bandwidth;
437 char buf[30];
438 char prefix[80];
439
440 if (p->next.sle_next != (struct dn_pipe *)DN_IS_PIPE)
441 break; /* done with pipes, now queues */
442
443 /*
444 * compute length, as pipe have variable size
445 */
446 l = sizeof(struct dn_pipe) + p->fs.rq_elements * sizeof(struct dn_flow_queue);
447 next = (char *)p + l;
448 nbytes -= l;
449
450 if (rulenum != 0 && rulenum != p->pipe_nr)
451 continue;
452
453 /*
454 * Print rate (or clocking interface)
455 */
456 if (p->if_name[0] != '\0')
457 snprintf(buf, sizeof(buf), "%s", p->if_name);
458 else if (b == 0)
459 snprintf(buf, sizeof(buf), "unlimited");
460 else if (b >= 1000000)
461 snprintf(buf, sizeof(buf), "%7.3f Mbit/s", b/1000000);
462 else if (b >= 1000)
463 snprintf(buf, sizeof(buf), "%7.3f Kbit/s", b/1000);
464 else
465 snprintf(buf, sizeof(buf), "%7.3f bit/s ", b);
466
467 snprintf(prefix, sizeof(prefix), "%05d: %s %4d ms ",
468 p->pipe_nr, buf, p->delay);
469 print_flowset_parms(&(p->fs), prefix);
470 if (verbose)
471 printf(" V %20qd\n", p->V >> MY_M);
472
473 q = (struct dn_flow_queue *)(p+1);
474 list_queues(&(p->fs), q);
475 }
476 for (fs = next; nbytes >= sizeof *fs; fs = next) {
477 char prefix[80];
478
479 if (fs->next.sle_next != (struct dn_flow_set *)DN_IS_QUEUE)
480 break;
481 l = sizeof(struct dn_flow_set) + fs->rq_elements * sizeof(struct dn_flow_queue);
482 next = (char *)fs + l;
483 nbytes -= l;
484 q = (struct dn_flow_queue *)(fs+1);
485 snprintf(prefix, sizeof(prefix), "q%05d: weight %d pipe %d ",
486 fs->fs_nr, fs->weight, fs->parent_nr);
487 print_flowset_parms(fs, prefix);
488 list_queues(fs, q);
489 }
490}
491
492static void
493list(int ac, char *av[], int show_counters)
494{
495 void *data = NULL;
496 socklen_t nbytes;
497 int exitval = EX_OK;
498
499 int nalloc = 1024; /* start somewhere... */
500
501 if (test_only) {
502 fprintf(stderr, "Testing only, list disabled\n");
503 return;
504 }
505
506 ac--;
507 av++;
508
509 /* get rules or pipes from kernel, resizing array as necessary */
510 nbytes = nalloc;
511
512 while (nbytes >= nalloc) {
513 nalloc = nalloc * 2 + 200;
514 nbytes = nalloc;
515 if ((data = realloc(data, nbytes)) == NULL)
516 err(EX_OSERR, "realloc");
517
518 if (do_cmd(IP_DUMMYNET_GET, data, &nbytes) < 0) {
519 if (errno == ENOBUFS) {
520 nbytes = 0;
521 break;
522 }
523 err(EX_OSERR, "getsockopt(IP_DUMMYNET_GET)");
524
525 }
526 }
527
528 list_pipes(data, nbytes, ac, av);
529
530 free(data);
531
532 if (exitval != EX_OK)
533 exit(exitval);
534}
535
536static void
537show_usage(void)
538{
539 fprintf(stderr, "usage: dnctl [options]\n"
540 "do \"dnctl -h\" or see dnctl manpage for details\n"
541 );
542 exit(EX_USAGE);
543}
544
545static void
546help(void)
547{
548 fprintf(stderr,
549 "dnclt [-acdeftTnNpqS] <command> where <command> is one of:\n"
550 "{pipe|queue} N config PIPE-BODY\n"
551 "[pipe|queue] {zero|delete|show} [N{,N}]\n"
552 );
553 exit(0);
554}
555
556static void
557delete(int ac, char *av[])
558{
559 struct dn_pipe p;
560 int i;
561 int exitval = EX_OK;
562 socklen_t len;
563
564 memset(&p, 0, sizeof(struct dn_pipe));
565
566 av++; ac--;
567
568 while (ac && isdigit(**av)) {
569 i = atoi(*av); av++; ac--;
570
571 if (do_pipe == 1)
572 p.pipe_nr = i;
573 else
574 p.fs.fs_nr = i;
575 len = sizeof(struct dn_pipe);
576 i = do_cmd(IP_DUMMYNET_DEL, &p, &len);
577 if (i) {
578 exitval = 1;
579 warn("rule %u: setsockopt(IP_DUMMYNET_DEL)",
580 do_pipe == 1 ? p.pipe_nr : p.fs.fs_nr);
581 }
582 }
583 if (exitval != EX_OK)
584 exit(exitval);
585}
586
587/*
588 * the following macro returns an error message if we run out of
589 * arguments.
590 */
591#define NEED1(msg) {if (!ac) errx(EX_USAGE, msg);}
9dc66a05 592#define NEED2(msg, arg) {if (!ac) errx(EX_USAGE, msg, arg);}
7af5ce03
A		 593
594static void
595config_pipe(int ac, char **av)
596{
597 struct dn_pipe p;
598 int i;
599 char *end;
600 void *par = NULL;
601 socklen_t len;
602
603 memset(&p, 0, sizeof(struct dn_pipe));
604
605 av++; ac--;
606 /* Pipe number */
607 if (ac && isdigit(**av)) {
608 i = atoi(*av); av++; ac--;
609 if (do_pipe == 1)
610 p.pipe_nr = i;
611 else
612 p.fs.fs_nr = i;
613 }
614 while (ac > 0) {
615 double d;
616 int tok = match_token(dummynet_params, *av);
617 ac--; av++;
618
619 switch(tok) {
620 case TOK_NOERROR:
621 p.fs.flags_fs |= DN_NOERROR;
622 break;
623
624 case TOK_PLR:
625 NEED1("plr needs argument 0..1\n");
626 d = strtod(av[0], NULL);
627 if (d > 1)
628 d = 1;
629 else if (d < 0)
630 d = 0;
631 p.fs.plr = (int)(d*0x7fffffff);
632 ac--; av++;
633 break;
634
635 case TOK_QUEUE:
636 NEED1("queue needs queue size\n");
637 end = NULL;
638 p.fs.qsize = (int)strtoul(av[0], &end, 0);
639 if (*end == 'K' || *end == 'k') {
640 p.fs.flags_fs |= DN_QSIZE_IS_BYTES;
641 p.fs.qsize *= 1024;
642 } else if (*end == 'B' || !strncmp(end, "by", 2)) {
643 p.fs.flags_fs |= DN_QSIZE_IS_BYTES;
644 }
645 ac--; av++;
646 break;
647
648 case TOK_BUCKETS:
649 NEED1("buckets needs argument\n");
650 p.fs.rq_size = (int)strtoul(av[0], NULL, 0);
651 ac--; av++;
652 break;
653
654 case TOK_MASK:
655 NEED1("mask needs mask specifier\n");
656 /*
657 * per-flow queue, mask is dst_ip, dst_port,
658 * src_ip, src_port, proto measured in bits
659 */
660 par = NULL;
661
662 p.fs.flow_mask.dst_ip = 0;
663 p.fs.flow_mask.src_ip = 0;
664 p.fs.flow_mask.dst_port = 0;
665 p.fs.flow_mask.src_port = 0;
666 p.fs.flow_mask.proto = 0;
667 end = NULL;
668
669 while (ac >= 1) {
670 uint32_t *p32 = NULL;
671 uint16_t *p16 = NULL;
672 struct in6_addr *pa6 = NULL;
673 uint32_t a;
674
675 tok = match_token(dummynet_params, *av);
676 ac--; av++;
677 switch(tok) {
678 case TOK_ALL:
679 /*
680 * special case, all bits significant
681 */
682 p.fs.flow_mask.dst_ip = ~0;
683 p.fs.flow_mask.src_ip = ~0;
684 p.fs.flow_mask.dst_port = ~0;
685 p.fs.flow_mask.src_port = ~0;
686 p.fs.flow_mask.proto = ~0;
687 n2mask(&(p.fs.flow_mask.dst_ip6), 128);
688 n2mask(&(p.fs.flow_mask.src_ip6), 128);
689 p.fs.flags_fs |= DN_HAVE_FLOW_MASK;
690 goto end_mask;
691
692 case TOK_DSTIP:
693 p32 = &p.fs.flow_mask.dst_ip;
694 break;
695
696 case TOK_SRCIP:
697 p32 = &p.fs.flow_mask.src_ip;
698 break;
699
700 case TOK_DSTIP6:
701 pa6 = &(p.fs.flow_mask.dst_ip6);
702 break;
703
704 case TOK_SRCIP6:
705 pa6 = &(p.fs.flow_mask.src_ip6);
706 break;
707
708 case TOK_DSTPORT:
709 p16 = &p.fs.flow_mask.dst_port;
710 break;
711
712 case TOK_SRCPORT:
713 p16 = &p.fs.flow_mask.src_port;
714 break;
715
716 case TOK_PROTO:
717 break;
718
719 default:
720 ac++; av--; /* backtrack */
721 goto end_mask;
722 }
723 if (ac < 1)
724 errx(EX_USAGE, "mask: value missing");
725 if (*av[0] == '/') {
726 a = (int)strtoul(av[0]+1, &end, 0);
727 if (pa6 == NULL)
728 a = (a == 32) ? ~0 : (1 << a) - 1;
729 } else
730 a = (int)strtoul(av[0], &end, 0);
731 if (p32 != NULL)
732 *p32 = a;
733 else if (p16 != NULL) {
734 if (a > 65535)
735 errx(EX_DATAERR,
736 "mask: must be 16 bit");
737 *p16 = (uint16_t)a;
738 } else if (pa6 != NULL) {
739 if (a > 128)
740 errx(EX_DATAERR,
741 "in6addr invalid mask len");
742 else
743 n2mask(pa6, a);
744 } else {
745 if (a > 255)
746 errx(EX_DATAERR,
747 "mask: must be 8 bit");
748 p.fs.flow_mask.proto = (uint8_t)a;
749 }
750 if (a != 0)
751 p.fs.flags_fs |= DN_HAVE_FLOW_MASK;
752 ac--; av++;
753 } /* end while, config masks */
754end_mask:
755 break;
756
757 case TOK_RED:
758 case TOK_GRED:
759 NEED1("red/gred needs w_q/min_th/max_th/max_p\n");
760 p.fs.flags_fs |= DN_IS_RED;
761 if (tok == TOK_GRED)
762 p.fs.flags_fs |= DN_IS_GENTLE_RED;
763 /*
764 * the format for parameters is w_q/min_th/max_th/max_p
765 */
766 if ((end = strsep(&av[0], "/"))) {
767 double w_q = strtod(end, NULL);
768 if (w_q > 1 || w_q <= 0)
769 errx(EX_DATAERR, "0 < w_q <= 1");
770 p.fs.w_q = (int) (w_q * (1 << SCALE_RED));
771 }
772 if ((end = strsep(&av[0], "/"))) {
773 p.fs.min_th = (int)strtoul(end, &end, 0);
774 if (*end == 'K' || *end == 'k')
775 p.fs.min_th *= 1024;
776 }
777 if ((end = strsep(&av[0], "/"))) {
778 p.fs.max_th = (int)strtoul(end, &end, 0);
779 if (*end == 'K' || *end == 'k')
780 p.fs.max_th *= 1024;
781 }
782 if ((end = strsep(&av[0], "/"))) {
783 double max_p = strtod(end, NULL);
784 if (max_p > 1 || max_p <= 0)
785 errx(EX_DATAERR, "0 < max_p <= 1");
786 p.fs.max_p = (int)(max_p * (1 << SCALE_RED));
787 }
788 ac--; av++;
789 break;
790
791 case TOK_DROPTAIL:
792 p.fs.flags_fs &= ~(DN_IS_RED|DN_IS_GENTLE_RED);
793 break;
794
795 case TOK_BW:
796 NEED1("bw needs bandwidth or interface\n");
797 if (do_pipe != 1)
798 errx(EX_DATAERR, "bandwidth only valid for pipes");
799 /*
800 * set clocking interface or bandwidth value
801 */
802 if (av[0][0] >= 'a' && av[0][0] <= 'z') {
7af5ce03 803 /* interface name */
e0b07f2d 804 strlcpy(p.if_name, av[0], sizeof(p.if_name));
7af5ce03
A		 805 p.bandwidth = 0;
806 } else {
807 p.if_name[0] = '\0';
808 p.bandwidth = (int)strtoul(av[0], &end, 0);
809 if (*end == 'K' || *end == 'k') {
810 end++;
811 p.bandwidth *= 1000;
812 } else if (*end == 'M') {
813 end++;
814 p.bandwidth *= 1000000;
815 }
816 if (*end == 'B' || !strncmp(end, "by", 2))
817 p.bandwidth *= 8;
818 if (p.bandwidth < 0)
819 errx(EX_DATAERR, "bandwidth too large");
820 }
821 ac--; av++;
822 break;
823
824 case TOK_DELAY:
825 if (do_pipe != 1)
826 errx(EX_DATAERR, "delay only valid for pipes");
9dc66a05 827 NEED2("delay needs argument 0..%d\n", MAX_DELAY);
7af5ce03
A		 828 p.delay = (int)strtoul(av[0], NULL, 0);
829 ac--; av++;
830 break;
831
832 case TOK_WEIGHT:
833 if (do_pipe == 1)
834 errx(EX_DATAERR,"weight only valid for queues");
835 NEED1("weight needs argument 0..100\n");
836 p.fs.weight = (int)strtoul(av[0], &end, 0);
837 ac--; av++;
838 break;
839
840 case TOK_PIPE:
841 if (do_pipe == 1)
842 errx(EX_DATAERR,"pipe only valid for queues");
843 NEED1("pipe needs pipe_number\n");
844 p.fs.parent_nr = strtoul(av[0], &end, 0);
845 ac--; av++;
846 break;
847
848 default:
849 errx(EX_DATAERR, "unrecognised option ``%s''", *(--av));
850 }
851 }
852 if (do_pipe == 1) {
853 if (p.pipe_nr == 0)
854 errx(EX_DATAERR, "pipe_nr must be > 0");
9dc66a05
A		 855 if (p.delay > MAX_DELAY)
856 errx(EX_DATAERR, "delay must be < %d ms", MAX_DELAY);
7af5ce03
A		 857 } else { /* do_pipe == 2, queue */
858 if (p.fs.parent_nr == 0)
859 errx(EX_DATAERR, "pipe must be > 0");
860 if (p.fs.weight >100)
861 errx(EX_DATAERR, "weight must be <= 100");
862 }
863 if (p.fs.flags_fs & DN_QSIZE_IS_BYTES) {
864 if (p.fs.qsize > 1024*1024)
865 errx(EX_DATAERR, "queue size must be < 1MB");
866 } else {
867 if (p.fs.qsize > 100)
868 errx(EX_DATAERR, "2 <= queue size <= 100");
869 }
870 if (p.fs.flags_fs & DN_IS_RED) {
871 size_t len;
872 int lookup_depth, avg_pkt_size;
873 double s, idle, weight, w_q;
874 struct clockinfo ck;
875 int t;
876
877 if (p.fs.min_th >= p.fs.max_th)
878 errx(EX_DATAERR, "min_th %d must be < than max_th %d",
879 p.fs.min_th, p.fs.max_th);
880 if (p.fs.max_th == 0)
881 errx(EX_DATAERR, "max_th must be > 0");
882
883 len = sizeof(int);
884 if (sysctlbyname("net.inet.ip.dummynet.red_lookup_depth",
885 &lookup_depth, &len, NULL, 0) == -1)
886
887 errx(1, "sysctlbyname(\"%s\")",
888 "net.inet.ip.dummynet.red_lookup_depth");
889 if (lookup_depth == 0)
890 errx(EX_DATAERR, "net.inet.ip.dummynet.red_lookup_depth"
891 " must be greater than zero");
892
893 len = sizeof(int);
894 if (sysctlbyname("net.inet.ip.dummynet.red_avg_pkt_size",
895 &avg_pkt_size, &len, NULL, 0) == -1)
896
897 errx(1, "sysctlbyname(\"%s\")",
898 "net.inet.ip.dummynet.red_avg_pkt_size");
899 if (avg_pkt_size == 0)
900 errx(EX_DATAERR,
901 "net.inet.ip.dummynet.red_avg_pkt_size must"
902 " be greater than zero");
903
904 len = sizeof(struct clockinfo);
905 if (sysctlbyname("kern.clockrate", &ck, &len, NULL, 0) == -1)
906 errx(1, "sysctlbyname(\"%s\")", "kern.clockrate");
907
908 /*
909 * Ticks needed for sending a medium-sized packet.
910 * Unfortunately, when we are configuring a WF2Q+ queue, we
911 * do not have bandwidth information, because that is stored
912 * in the parent pipe, and also we have multiple queues
913 * competing for it. So we set s=0, which is not very
914 * correct. But on the other hand, why do we want RED with
915 * WF2Q+ ?
916 */
917 if (p.bandwidth==0) /* this is a WF2Q+ queue */
918 s = 0;
919 else
920 s = ck.hz * avg_pkt_size * 8 / p.bandwidth;
921
922 /*
923 * max idle time (in ticks) before avg queue size becomes 0.
924 * NOTA: (3/w_q) is approx the value x so that
925 * (1-w_q)^x < 10^-3.
926 */
927 w_q = ((double)p.fs.w_q) / (1 << SCALE_RED);
928 idle = s * 3. / w_q;
929 p.fs.lookup_step = (int)idle / lookup_depth;
930 if (!p.fs.lookup_step)
931 p.fs.lookup_step = 1;
932 weight = 1 - w_q;
933 for (t = p.fs.lookup_step; t > 0; --t)
934 weight *= weight;
935 p.fs.lookup_weight = (int)(weight * (1 << SCALE_RED));
936 }
937 len = sizeof(struct dn_pipe);
938 i = do_cmd(IP_DUMMYNET_CONFIGURE, &p, &len);
939 if (i)
940 err(1, "setsockopt(%s)", "IP_DUMMYNET_CONFIGURE");
941}
942
943static void
944flush(int force)
945{
946 if (!force && !do_quiet) { /* need to ask user */
947 int c;
948
949 printf("Are you sure? [yn] ");
950 fflush(stdout);
951 do {
952 c = toupper(getc(stdin));
953 while (c != '\n' && getc(stdin) != '\n')
954 if (feof(stdin))
955 return; /* and do not flush */
956 } while (c != 'Y' && c != 'N');
957 printf("\n");
958 if (c == 'N') /* user said no */
959 return;
960 }
961
962 if (do_cmd(IP_DUMMYNET_FLUSH, NULL, 0) < 0)
963 err(EX_UNAVAILABLE, "setsockopt(IP_DUMMYNET_FLUSH)");
964
965 if (!do_quiet)
966 printf("Flushed all pipes.\n");
967}
968
969/*
970 * Free a the (locally allocated) copy of command line arguments.
971 */
972static void
973free_args(int ac, char **av)
974{
975 int i;
976
977 for (i=0; i < ac; i++)
978 free(av[i]);
979 free(av);
980}
981
982/*
983 * Called with the arguments (excluding program name).
984 * Returns 0 if successful, 1 if empty command, errx() in case of errors.
985 */
986static int
987parse_args(int oldac, char **oldav)
988{
989 int ch, ac, save_ac;
990 char **av, **save_av;
991 int do_acct = 0; /* Show packet/byte count */
992 int do_force = 0; /* Don't ask for confirmation */
993
994#define WHITESP " \t\f\v\n\r"
995 if (oldac == 0)
996 return 1;
997 else if (oldac == 1) {
998 /*
999 * If we are called with a single string, try to split it into
1000 * arguments for subsequent parsing.
1001 * But first, remove spaces after a ',', by copying the string
1002 * in-place.
1003 */
1004 char *arg = oldav[0]; /* The string... */
1005 size_t l = strlen(arg);
1006 int copy = 0; /* 1 if we need to copy, 0 otherwise */
1007 int i, j;
1008 for (i = j = 0; i < l; i++) {
1009 if (arg[i] == '#') /* comment marker */
1010 break;
1011 if (copy) {
1012 arg[j++] = arg[i];
1013 copy = !index("," WHITESP, arg[i]);
1014 } else {
1015 copy = !index(WHITESP, arg[i]);
1016 if (copy)
1017 arg[j++] = arg[i];
1018 }
1019 }
1020 if (!copy && j > 0) /* last char was a 'blank', remove it */
1021 j--;
1022 l = j; /* the new argument length */
1023 arg[j++] = '\0';
1024 if (l == 0) /* empty string! */
1025 return 1;
1026
1027 /*
1028 * First, count number of arguments. Because of the previous
1029 * processing, this is just the number of blanks plus 1.
1030 */
1031 for (i = 0, ac = 1; i < l; i++)
1032 if (index(WHITESP, arg[i]) != NULL)
1033 ac++;
1034
1035 av = calloc(ac, sizeof(char *));
1036
1037 /*
1038 * Second, copy arguments from cmd[] to av[]. For each one,
1039 * j is the initial character, i is the one past the end.
1040 */
1041 for (ac = 0, i = j = 0; i < l; i++)
1042 if (index(WHITESP, arg[i]) != NULL || i == l-1) {
1043 if (i == l-1)
1044 i++;
1045 av[ac] = calloc(i-j+1, 1);
1046 bcopy(arg+j, av[ac], i-j);
1047 ac++;
1048 j = i + 1;
1049 }
1050 } else {
1051 /*
1052 * If an argument ends with ',' join with the next one.
1053 * Just add its length to 'l' and continue. When we have a string
1054 * without a ',' ending, we'll have the combined length in 'l'
1055 */
1056 int first, i;
1057 size_t l;
1058
1059 av = calloc(oldac, sizeof(char *));
1060 for (first = i = ac = 0, l = 0; i < oldac; i++) {
1061 char *arg = oldav[i];
1062 size_t k = strlen(arg);
1063
1064 l += k;
1065 if (arg[k-1] != ',' || i == oldac-1) {
1066 size_t buflen = l+1;
1067 /* Time to copy. */
1068 av[ac] = calloc(l+1, 1);
1069 for (l=0; first <= i; first++) {
1070 strlcat(av[ac]+l, oldav[first], buflen-l);
1071 l += strlen(oldav[first]);
1072 }
1073 ac++;
1074 l = 0;
1075 first = i+1;
1076 }
1077 }
1078 }
1079
1080 /* Set the force flag for non-interactive processes */
1081 do_force = !isatty(STDIN_FILENO);
1082
1083 /* Save arguments for final freeing of memory. */
1084 save_ac = ac;
1085 save_av = av;
1086
1087 optind = optreset = 0;
1088 while ((ch = getopt(ac, av, "afhnqsv")) != -1)
1089 switch (ch) {
1090 case 'a':
1091 do_acct = 1;
1092 break;
1093
1094 case 'f':
1095 do_force = 1;
1096 break;
1097
1098 case 'h': /* help */
1099 free_args(save_ac, save_av);
1100 help();
1101 break; /* NOTREACHED */
1102
1103 case 'n':
1104 test_only = 1;
1105 break;
1106
1107 case 'q':
1108 do_quiet = 1;
1109 break;
1110
1111 case 's': /* sort */
1112 do_sort = atoi(optarg);
1113 break;
1114
1115 case 'v': /* verbose */
1116 verbose = 1;
1117 break;
1118
1119 default:
1120 free_args(save_ac, save_av);
1121 return 1;
1122 }
1123
1124 ac -= optind;
1125 av += optind;
1126 NEED1("bad arguments, for usage summary ``dnctl''");
1127
1128 /*
1129 * An undocumented behaviour of dnctl1 was to allow rule numbers first,
1130 * e.g. "100 add allow ..." instead of "add 100 allow ...".
1131 * In case, swap first and second argument to get the normal form.
1132 */
1133 if (ac > 1 && isdigit(*av[0])) {
1134 char *p = av[0];
1135
1136 av[0] = av[1];
1137 av[1] = p;
1138 }
1139
1140 /*
1141 * optional: pipe or queue
1142 */
1143 do_pipe = 0;
1144 if (!strncmp(*av, "pipe", strlen(*av)))
1145 do_pipe = 1;
1146 else if (!strncmp(*av, "queue", strlen(*av)))
1147 do_pipe = 2;
1148 if (do_pipe) {
1149 ac--;
1150 av++;
1151 }
1152 NEED1("missing command");
1153
1154 /*
1155 * For pipes and queues we normally say 'pipe NN config'
1156 * but the code is easier to parse as 'pipe config NN'
1157 * so we swap the two arguments.
1158 */
1159 if (do_pipe > 0 && ac > 1 && isdigit(*av[0])) {
1160 char *p = av[0];
1161
1162 av[0] = av[1];
1163 av[1] = p;
1164 }
1165
1166 if (do_pipe && !strncmp(*av, "config", strlen(*av)))
1167 config_pipe(ac, av);
1168 else if (!strncmp(*av, "delete", strlen(*av)))
1169 delete(ac, av);
1170 else if (!strncmp(*av, "flush", strlen(*av)))
1171 flush(do_force);
1172 else if (!strncmp(*av, "print", strlen(*av)) ||
1173 !strncmp(*av, "list", strlen(*av)))
1174 list(ac, av, do_acct);
1175 else if (!strncmp(*av, "show", strlen(*av)))
1176 list(ac, av, 1 /* show counters */);
1177 else
1178 errx(EX_USAGE, "bad command `%s'", *av);
1179
1180 /* Free memory allocated in the argument parsing. */
1181 free_args(save_ac, save_av);
1182 return 0;
1183}
1184
1185static void
1186dnctl_readfile(int ac, char *av[])
1187{
1188#define MAX_ARGS 32
1189 char buf[BUFSIZ];
1190 char *cmd = NULL, *filename = av[ac-1];
1191 int c, lineno=0;
1192 FILE *f = NULL;
1193 pid_t preproc = 0;
1194
1195 while ((c = getopt(ac, av, "np:q")) != -1) {
1196 switch(c) {
1197 case 'n':
1198 test_only = 1;
1199 break;
1200
1201 case 'p':
1202 cmd = optarg;
1203 /*
1204 * Skip previous args and delete last one, so we
1205 * pass all but the last argument to the preprocessor
1206 * via av[optind-1]
1207 */
1208 av += optind - 1;
1209 ac -= optind - 1;
1210 av[ac-1] = NULL;
1211 fprintf(stderr, "command is %s\n", av[0]);
1212 break;
1213
1214 case 'q':
1215 do_quiet = 1;
1216 break;
1217
1218 default:
1219 errx(EX_USAGE, "bad arguments, for usage"
1220 " summary ``dnctl''");
1221 }
1222
1223 if (cmd != NULL)
1224 break;
1225 }
1226
1227 if (cmd == NULL && ac != optind + 1) {
1228 fprintf(stderr, "ac %d, optind %d\n", ac, optind);
1229 errx(EX_USAGE, "extraneous filename arguments");
1230 }
1231
1232 if ((f = fopen(filename, "r")) == NULL)
1233 err(EX_UNAVAILABLE, "fopen: %s", filename);
1234
1235 if (cmd != NULL) { /* pipe through preprocessor */
1236 int pipedes[2];
1237
1238 if (pipe(pipedes) == -1)
1239 err(EX_OSERR, "cannot create pipe");
1240
1241 preproc = fork();
1242 if (preproc == -1)
1243 err(EX_OSERR, "cannot fork");
1244
1245 if (preproc == 0) {
1246 /*
1247 * Child, will run the preprocessor with the
1248 * file on stdin and the pipe on stdout.
1249 */
1250 if (dup2(fileno(f), 0) == -1
1251 || dup2(pipedes[1], 1) == -1)
1252 err(EX_OSERR, "dup2()");
1253 fclose(f);
1254 close(pipedes[1]);
1255 close(pipedes[0]);
1256 execvp(cmd, av);
1257 err(EX_OSERR, "execvp(%s) failed", cmd);
1258 } else { /* parent, will reopen f as the pipe */
1259 fclose(f);
1260 close(pipedes[1]);
1261 if ((f = fdopen(pipedes[0], "r")) == NULL) {
1262 int savederrno = errno;
1263
1264 (void)kill(preproc, SIGTERM);
1265 errno = savederrno;
1266 err(EX_OSERR, "fdopen()");
1267 }
1268 }
1269 }
1270
1271 while (fgets(buf, BUFSIZ, f)) { /* read commands */
1272 char linename[16];
1273 char *args[1];
1274
1275 lineno++;
1276 snprintf(linename, sizeof(linename), "Line %d", lineno);
1277 setprogname(linename); /* XXX */
1278 args[0] = buf;
1279 parse_args(1, args);
1280 }
1281 fclose(f);
1282 if (cmd != NULL) {
1283 int status;
1284
1285 if (waitpid(preproc, &status, 0) == -1)
1286 errx(EX_OSERR, "waitpid()");
1287 if (WIFEXITED(status) && WEXITSTATUS(status) != EX_OK)
1288 errx(EX_UNAVAILABLE,
1289 "preprocessor exited with status %d",
1290 WEXITSTATUS(status));
1291 else if (WIFSIGNALED(status))
1292 errx(EX_UNAVAILABLE,
1293 "preprocessor exited with signal %d",
1294 WTERMSIG(status));
1295 }
1296}
1297
1298int
1299main(int ac, char *av[])
1300{
1301 /*
1302 * If the last argument is an absolute pathname, interpret it
1303 * as a file to be preprocessed.
1304 */
1305
1306 if (ac > 1 && av[ac - 1][0] == '/' && access(av[ac - 1], R_OK) == 0)
1307 dnctl_readfile(ac, av);
1308 else {
1309 if (parse_args(ac-1, av+1))
1310 show_usage();
1311 }
1312 return EX_OK;
1313}
mirror of network_cmds