]> git.saurik.com Git - apple/network_cmds.git/blob - dnctl/dnctl.c
projects / apple / network_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network_cmds-396.6.tar.gz
[apple/network_cmds.git] / dnctl / dnctl.c
1 /*
2 * Copyright (c) 2002-2011 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /*
30 * Copyright (c) 2002-2003 Luigi Rizzo
31 * Copyright (c) 1996 Alex Nash, Paul Traina, Poul-Henning Kamp
32 * Copyright (c) 1994 Ugen J.S.Antsilevich
33 *
34 * Idea and grammar partially left from:
35 * Copyright (c) 1993 Daniel Boulet
36 *
37 * Redistribution and use in source forms, with and without modification,
38 * are permitted provided that this entire comment appears intact.
39 *
40 * Redistribution in binary form may occur without any restrictions.
41 * Obviously, it would be nice if you gave credit where credit is due
42 * but requiring it would be too onerous.
43 *
44 * This software is provided ``AS IS'' without any warranties of any kind.
45 */
46
47 /*
48 * Ripped off ipfw2.c
49 */
50
51 #include <sys/param.h>
52 #include <sys/socket.h>
53 #include <sys/sysctl.h>
54
55 #include <ctype.h>
56 #include <err.h>
57 #include <errno.h>
58 #include <netdb.h>
59 #include <signal.h>
60 #include <stdio.h>
61 #include <stdlib.h>
62 #include <stdarg.h>
63 #include <string.h>
64 #include <unistd.h>
65 #include <sysexits.h>
66
67 #include <net/if.h>
68 #include <netinet/in.h>
69 #include <netinet/ip.h>
70 #include <netinet/ip_dummynet.h>
71 #include <arpa/inet.h>
72
73
74 int
75 do_quiet, /* Be quiet in add and flush */
76 do_pipe, /* this cmd refers to a pipe */
77 do_sort, /* field to sort results (0 = no) */
78 test_only, /* only check syntax */
79 verbose;
80
81 #define IP_MASK_ALL 0xffffffff
82
83 /*
84 * _s_x is a structure that stores a string <-> token pairs, used in
85 * various places in the parser. Entries are stored in arrays,
86 * with an entry with s=NULL as terminator.
87 * The search routines are match_token() and match_value().
88 * Often, an element with x=0 contains an error string.
89 *
90 */
91 struct _s_x {
92 char const *s;
93 int x;
94 };
95
96 enum tokens {
97 TOK_NULL=0,
98
99 TOK_ACCEPT,
100 TOK_COUNT,
101 TOK_PIPE,
102 TOK_QUEUE,
103
104 TOK_PLR,
105 TOK_NOERROR,
106 TOK_BUCKETS,
107 TOK_DSTIP,
108 TOK_SRCIP,
109 TOK_DSTPORT,
110 TOK_SRCPORT,
111 TOK_ALL,
112 TOK_MASK,
113 TOK_BW,
114 TOK_DELAY,
115 TOK_RED,
116 TOK_GRED,
117 TOK_DROPTAIL,
118 TOK_PROTO,
119 TOK_WEIGHT,
120
121 TOK_DSTIP6,
122 TOK_SRCIP6,
123 };
124
125 struct _s_x dummynet_params[] = {
126 { "plr", TOK_PLR },
127 { "noerror", TOK_NOERROR },
128 { "buckets", TOK_BUCKETS },
129 { "dst-ip", TOK_DSTIP },
130 { "src-ip", TOK_SRCIP },
131 { "dst-port", TOK_DSTPORT },
132 { "src-port", TOK_SRCPORT },
133 { "proto", TOK_PROTO },
134 { "weight", TOK_WEIGHT },
135 { "all", TOK_ALL },
136 { "mask", TOK_MASK },
137 { "droptail", TOK_DROPTAIL },
138 { "red", TOK_RED },
139 { "gred", TOK_GRED },
140 { "bw", TOK_BW },
141 { "bandwidth", TOK_BW },
142 { "delay", TOK_DELAY },
143 { "pipe", TOK_PIPE },
144 { "queue", TOK_QUEUE },
145 { "dst-ipv6", TOK_DSTIP6},
146 { "dst-ip6", TOK_DSTIP6},
147 { "src-ipv6", TOK_SRCIP6},
148 { "src-ip6", TOK_SRCIP6},
149 { "dummynet-params", TOK_NULL },
150 { NULL, 0 } /* terminator */
151 };
152
153 static void show_usage(void);
154
155
156 void n2mask(struct in6_addr *, int );
157 unsigned long long align_uint64(const uint64_t *);
158
159 /* n2mask sets n bits of the mask */
160 void
161 n2mask(struct in6_addr *mask, int n)
162 {
163 static int minimask[9] =
164 { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
165 u_char *p;
166
167 memset(mask, 0, sizeof(struct in6_addr));
168 p = (u_char *) mask;
169 for (; n > 0; p++, n -= 8) {
170 if (n >= 8)
171 *p = 0xff;
172 else
173 *p = minimask[n];
174 }
175 return;
176 }
177
178 /*
179 * The following is used to generate a printable argument for
180 * 64-bit numbers, irrespective of platform alignment and bit size.
181 * Because all the printf in this program use %llu as a format,
182 * we just return an unsigned long long, which is larger than
183 * we need in certain cases, but saves the hassle of using
184 * PRIu64 as a format specifier.
185 * We don't care about inlining, this is not performance critical code.
186 */
187 unsigned long long
188 align_uint64(const uint64_t *pll)
189 {
190 uint64_t ret;
191
192 bcopy (pll, &ret, sizeof(ret));
193 return ret;
194 }
195
196 /*
197 * conditionally runs the command.
198 */
199 static int
200 do_cmd(int optname, void *optval, socklen_t *optlen)
201 {
202 static int s = -1; /* the socket */
203 int i;
204
205 if (test_only)
206 return 0;
207
208 if (s == -1)
209 s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
210 if (s < 0)
211 err(EX_UNAVAILABLE, "socket");
212
213 if (optname == IP_DUMMYNET_GET)
214 i = getsockopt(s, IPPROTO_IP, optname, optval, optlen);
215 else
216 i = setsockopt(s, IPPROTO_IP, optname, optval, optlen ? *optlen : 0);
217 return i;
218 }
219
220 /**
221 * match_token takes a table and a string, returns the value associated
222 * with the string (-1 in case of failure).
223 */
224 static int
225 match_token(struct _s_x *table, char *string)
226 {
227 struct _s_x *pt;
228 size_t i = strlen(string);
229
230 for (pt = table ; i && pt->s != NULL ; pt++)
231 if (strlen(pt->s) == i && !bcmp(string, pt->s, i))
232 return pt->x;
233 return -1;
234 };
235
236 static int
237 sort_q(const void *pa, const void *pb)
238 {
239 int rev = (do_sort < 0);
240 int field = rev ? -do_sort : do_sort;
241 long long res = 0;
242 const struct dn_flow_queue *a = pa;
243 const struct dn_flow_queue *b = pb;
244
245 switch (field) {
246 case 1: /* pkts */
247 res = a->len - b->len;
248 break;
249 case 2: /* bytes */
250 res = a->len_bytes - b->len_bytes;
251 break;
252
253 case 3: /* tot pkts */
254 res = a->tot_pkts - b->tot_pkts;
255 break;
256
257 case 4: /* tot bytes */
258 res = a->tot_bytes - b->tot_bytes;
259 break;
260 }
261 if (res < 0)
262 res = -1;
263 if (res > 0)
264 res = 1;
265 return (int)(rev ? res : -res);
266 }
267
268 static void
269 list_queues(struct dn_flow_set *fs, struct dn_flow_queue *q)
270 {
271 int l;
272 int index_printed, indexes = 0;
273 char buff[255];
274 struct protoent *pe;
275
276 printf(" mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
277 fs->flow_mask.proto,
278 fs->flow_mask.src_ip, fs->flow_mask.src_port,
279 fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
280 if (fs->rq_elements == 0)
281 return;
282
283 printf("BKT Prot ___Source IP/port____ "
284 "____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp\n");
285 if (do_sort != 0)
286 heapsort(q, fs->rq_elements, sizeof(struct dn_flow_queue), sort_q);
287
288 /* Print IPv4 flows */
289 for (l = 0; l < fs->rq_elements; l++) {
290 struct in_addr ina;
291
292 /* XXX: Should check for IPv4 flows */
293 if (IS_IP6_FLOW_ID(&(q[l].id)))
294 continue;
295
296 if (!index_printed) {
297 index_printed = 1;
298 if (indexes > 0) /* currently a no-op */
299 printf("\n");
300 indexes++;
301 printf(" "
302 "mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
303 fs->flow_mask.proto,
304 fs->flow_mask.src_ip, fs->flow_mask.src_port,
305 fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
306
307 printf("BKT Prot ___Source IP/port____ "
308 "____Dest. IP/port____ "
309 "Tot_pkt/bytes Pkt/Byte Drp\n");
310 }
311
312 printf("%3d ", q[l].hash_slot);
313 pe = getprotobynumber(q[l].id.proto);
314 if (pe)
315 printf("%-4s ", pe->p_name);
316 else
317 printf("%4u ", q[l].id.proto);
318 ina.s_addr = htonl(q[l].id.src_ip);
319 printf("%15s/%-5d ",
320 inet_ntoa(ina), q[l].id.src_port);
321 ina.s_addr = htonl(q[l].id.dst_ip);
322 printf("%15s/%-5d ",
323 inet_ntoa(ina), q[l].id.dst_port);
324 printf("%4llu %8llu %2u %4u %3u\n",
325 align_uint64(&q[l].tot_pkts),
326 align_uint64(&q[l].tot_bytes),
327 q[l].len, q[l].len_bytes, q[l].drops);
328 if (verbose)
329 printf(" S %20llu F %20llu\n",
330 align_uint64(&q[l].S), align_uint64(&q[l].F));
331 }
332
333 /* Print IPv6 flows */
334 index_printed = 0;
335 for (l = 0; l < fs->rq_elements; l++) {
336 if (!IS_IP6_FLOW_ID(&(q[l].id)))
337 continue;
338
339 if (!index_printed) {
340 index_printed = 1;
341 if (indexes > 0)
342 printf("\n");
343 indexes++;
344 printf("\n mask: proto: 0x%02x, flow_id: 0x%08x, ",
345 fs->flow_mask.proto, fs->flow_mask.flow_id6);
346 inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6),
347 buff, sizeof(buff));
348 printf("%s/0x%04x -> ", buff, fs->flow_mask.src_port);
349 inet_ntop( AF_INET6, &(fs->flow_mask.dst_ip6),
350 buff, sizeof(buff) );
351 printf("%s/0x%04x\n", buff, fs->flow_mask.dst_port);
352
353 printf("BKT ___Prot___ _flow-id_ "
354 "______________Source IPv6/port_______________ "
355 "_______________Dest. IPv6/port_______________ "
356 "Tot_pkt/bytes Pkt/Byte Drp\n");
357 }
358 printf("%3d ", q[l].hash_slot);
359 pe = getprotobynumber(q[l].id.proto);
360 if (pe != NULL)
361 printf("%9s ", pe->p_name);
362 else
363 printf("%9u ", q[l].id.proto);
364 printf("%7d %39s/%-5d ", q[l].id.flow_id6,
365 inet_ntop(AF_INET6, &(q[l].id.src_ip6), buff, sizeof(buff)),
366 q[l].id.src_port);
367 printf(" %39s/%-5d ",
368 inet_ntop(AF_INET6, &(q[l].id.dst_ip6), buff, sizeof(buff)),
369 q[l].id.dst_port);
370 printf(" %4llu %8llu %2u %4u %3u\n",
371 align_uint64(&q[l].tot_pkts),
372 align_uint64(&q[l].tot_bytes),
373 q[l].len, q[l].len_bytes, q[l].drops);
374 if (verbose)
375 printf(" S %20llu F %20llu\n",
376 align_uint64(&q[l].S),
377 align_uint64(&q[l].F));
378 }
379 }
380
381 static void
382 print_flowset_parms(struct dn_flow_set *fs, char *prefix)
383 {
384 int l;
385 char qs[30];
386 char plr[30];
387 char red[90]; /* Display RED parameters */
388
389 l = fs->qsize;
390 if (fs->flags_fs & DN_QSIZE_IS_BYTES) {
391 if (l >= 8192)
392 snprintf(qs, sizeof(qs), "%d KB", l / 1024);
393 else
394 snprintf(qs, sizeof(qs), "%d B", l);
395 } else
396 snprintf(qs, sizeof(qs), "%3d sl.", l);
397 if (fs->plr)
398 snprintf(plr, sizeof(plr), "plr %f", 1.0 * fs->plr / (double)(0x7fffffff));
399 else
400 plr[0] = '\0';
401 if (fs->flags_fs & DN_IS_RED) /* RED parameters */
402 snprintf(red, sizeof(red),
403 "\n\t %cRED w_q %f min_th %d max_th %d max_p %f",
404 (fs->flags_fs & DN_IS_GENTLE_RED) ? 'G' : ' ',
405 1.0 * fs->w_q / (double)(1 << SCALE_RED),
406 SCALE_VAL(fs->min_th),
407 SCALE_VAL(fs->max_th),
408 1.0 * fs->max_p / (double)(1 << SCALE_RED));
409 else
410 snprintf(red, sizeof(red), "droptail");
411
412 printf("%s %s%s %d queues (%d buckets) %s\n",
413 prefix, qs, plr, fs->rq_elements, fs->rq_size, red);
414 }
415
416 static void
417 list_pipes(void *data, size_t nbytes, int ac, char *av[])
418 {
419 unsigned int rulenum;
420 void *next = data;
421 struct dn_pipe *p = (struct dn_pipe *) data;
422 struct dn_flow_set *fs;
423 struct dn_flow_queue *q;
424 size_t l;
425
426 if (ac > 0)
427 rulenum = (unsigned int)strtoul(*av++, NULL, 10);
428 else
429 rulenum = 0;
430 for (; nbytes >= sizeof(struct dn_pipe); p = (struct dn_pipe *)next) {
431 double b = p->bandwidth;
432 char buf[30];
433 char prefix[80];
434
435 if (p->next.sle_next != (struct dn_pipe *)DN_IS_PIPE)
436 break; /* done with pipes, now queues */
437
438 /*
439 * compute length, as pipe have variable size
440 */
441 l = sizeof(struct dn_pipe) + p->fs.rq_elements * sizeof(struct dn_flow_queue);
442 next = (char *)p + l;
443 nbytes -= l;
444
445 if (rulenum != 0 && rulenum != p->pipe_nr)
446 continue;
447
448 /*
449 * Print rate (or clocking interface)
450 */
451 if (p->if_name[0] != '\0')
452 snprintf(buf, sizeof(buf), "%s", p->if_name);
453 else if (b == 0)
454 snprintf(buf, sizeof(buf), "unlimited");
455 else if (b >= 1000000)
456 snprintf(buf, sizeof(buf), "%7.3f Mbit/s", b/1000000);
457 else if (b >= 1000)
458 snprintf(buf, sizeof(buf), "%7.3f Kbit/s", b/1000);
459 else
460 snprintf(buf, sizeof(buf), "%7.3f bit/s ", b);
461
462 snprintf(prefix, sizeof(prefix), "%05d: %s %4d ms ",
463 p->pipe_nr, buf, p->delay);
464 print_flowset_parms(&(p->fs), prefix);
465 if (verbose)
466 printf(" V %20qd\n", p->V >> MY_M);
467
468 q = (struct dn_flow_queue *)(p+1);
469 list_queues(&(p->fs), q);
470 }
471 for (fs = next; nbytes >= sizeof *fs; fs = next) {
472 char prefix[80];
473
474 if (fs->next.sle_next != (struct dn_flow_set *)DN_IS_QUEUE)
475 break;
476 l = sizeof(struct dn_flow_set) + fs->rq_elements * sizeof(struct dn_flow_queue);
477 next = (char *)fs + l;
478 nbytes -= l;
479 q = (struct dn_flow_queue *)(fs+1);
480 snprintf(prefix, sizeof(prefix), "q%05d: weight %d pipe %d ",
481 fs->fs_nr, fs->weight, fs->parent_nr);
482 print_flowset_parms(fs, prefix);
483 list_queues(fs, q);
484 }
485 }
486
487 static void
488 list(int ac, char *av[], int show_counters)
489 {
490 void *data = NULL;
491 socklen_t nbytes;
492 int exitval = EX_OK;
493
494 int nalloc = 1024; /* start somewhere... */
495
496 if (test_only) {
497 fprintf(stderr, "Testing only, list disabled\n");
498 return;
499 }
500
501 ac--;
502 av++;
503
504 /* get rules or pipes from kernel, resizing array as necessary */
505 nbytes = nalloc;
506
507 while (nbytes >= nalloc) {
508 nalloc = nalloc * 2 + 200;
509 nbytes = nalloc;
510 if ((data = realloc(data, nbytes)) == NULL)
511 err(EX_OSERR, "realloc");
512
513 if (do_cmd(IP_DUMMYNET_GET, data, &nbytes) < 0) {
514 if (errno == ENOBUFS) {
515 nbytes = 0;
516 break;
517 }
518 err(EX_OSERR, "getsockopt(IP_DUMMYNET_GET)");
519
520 }
521 }
522
523 list_pipes(data, nbytes, ac, av);
524
525 free(data);
526
527 if (exitval != EX_OK)
528 exit(exitval);
529 }
530
531 static void
532 show_usage(void)
533 {
534 fprintf(stderr, "usage: dnctl [options]\n"
535 "do \"dnctl -h\" or see dnctl manpage for details\n"
536 );
537 exit(EX_USAGE);
538 }
539
540 static void
541 help(void)
542 {
543 fprintf(stderr,
544 "dnclt [-acdeftTnNpqS] <command> where <command> is one of:\n"
545 "{pipe|queue} N config PIPE-BODY\n"
546 "[pipe|queue] {zero|delete|show} [N{,N}]\n"
547 );
548 exit(0);
549 }
550
551 static void
552 delete(int ac, char *av[])
553 {
554 struct dn_pipe p;
555 int i;
556 int exitval = EX_OK;
557 socklen_t len;
558
559 memset(&p, 0, sizeof(struct dn_pipe));
560
561 av++; ac--;
562
563 while (ac && isdigit(**av)) {
564 i = atoi(*av); av++; ac--;
565
566 if (do_pipe == 1)
567 p.pipe_nr = i;
568 else
569 p.fs.fs_nr = i;
570 len = sizeof(struct dn_pipe);
571 i = do_cmd(IP_DUMMYNET_DEL, &p, &len);
572 if (i) {
573 exitval = 1;
574 warn("rule %u: setsockopt(IP_DUMMYNET_DEL)",
575 do_pipe == 1 ? p.pipe_nr : p.fs.fs_nr);
576 }
577 }
578 if (exitval != EX_OK)
579 exit(exitval);
580 }
581
582 /*
583 * the following macro returns an error message if we run out of
584 * arguments.
585 */
586 #define NEED1(msg) {if (!ac) errx(EX_USAGE, msg);}
587
588 static void
589 config_pipe(int ac, char **av)
590 {
591 struct dn_pipe p;
592 int i;
593 char *end;
594 void *par = NULL;
595 socklen_t len;
596
597 memset(&p, 0, sizeof(struct dn_pipe));
598
599 av++; ac--;
600 /* Pipe number */
601 if (ac && isdigit(**av)) {
602 i = atoi(*av); av++; ac--;
603 if (do_pipe == 1)
604 p.pipe_nr = i;
605 else
606 p.fs.fs_nr = i;
607 }
608 while (ac > 0) {
609 double d;
610 int tok = match_token(dummynet_params, *av);
611 ac--; av++;
612
613 switch(tok) {
614 case TOK_NOERROR:
615 p.fs.flags_fs |= DN_NOERROR;
616 break;
617
618 case TOK_PLR:
619 NEED1("plr needs argument 0..1\n");
620 d = strtod(av[0], NULL);
621 if (d > 1)
622 d = 1;
623 else if (d < 0)
624 d = 0;
625 p.fs.plr = (int)(d*0x7fffffff);
626 ac--; av++;
627 break;
628
629 case TOK_QUEUE:
630 NEED1("queue needs queue size\n");
631 end = NULL;
632 p.fs.qsize = (int)strtoul(av[0], &end, 0);
633 if (*end == 'K' || *end == 'k') {
634 p.fs.flags_fs |= DN_QSIZE_IS_BYTES;
635 p.fs.qsize *= 1024;
636 } else if (*end == 'B' || !strncmp(end, "by", 2)) {
637 p.fs.flags_fs |= DN_QSIZE_IS_BYTES;
638 }
639 ac--; av++;
640 break;
641
642 case TOK_BUCKETS:
643 NEED1("buckets needs argument\n");
644 p.fs.rq_size = (int)strtoul(av[0], NULL, 0);
645 ac--; av++;
646 break;
647
648 case TOK_MASK:
649 NEED1("mask needs mask specifier\n");
650 /*
651 * per-flow queue, mask is dst_ip, dst_port,
652 * src_ip, src_port, proto measured in bits
653 */
654 par = NULL;
655
656 p.fs.flow_mask.dst_ip = 0;
657 p.fs.flow_mask.src_ip = 0;
658 p.fs.flow_mask.dst_port = 0;
659 p.fs.flow_mask.src_port = 0;
660 p.fs.flow_mask.proto = 0;
661 end = NULL;
662
663 while (ac >= 1) {
664 uint32_t *p32 = NULL;
665 uint16_t *p16 = NULL;
666 struct in6_addr *pa6 = NULL;
667 uint32_t a;
668
669 tok = match_token(dummynet_params, *av);
670 ac--; av++;
671 switch(tok) {
672 case TOK_ALL:
673 /*
674 * special case, all bits significant
675 */
676 p.fs.flow_mask.dst_ip = ~0;
677 p.fs.flow_mask.src_ip = ~0;
678 p.fs.flow_mask.dst_port = ~0;
679 p.fs.flow_mask.src_port = ~0;
680 p.fs.flow_mask.proto = ~0;
681 n2mask(&(p.fs.flow_mask.dst_ip6), 128);
682 n2mask(&(p.fs.flow_mask.src_ip6), 128);
683 p.fs.flags_fs |= DN_HAVE_FLOW_MASK;
684 goto end_mask;
685
686 case TOK_DSTIP:
687 p32 = &p.fs.flow_mask.dst_ip;
688 break;
689
690 case TOK_SRCIP:
691 p32 = &p.fs.flow_mask.src_ip;
692 break;
693
694 case TOK_DSTIP6:
695 pa6 = &(p.fs.flow_mask.dst_ip6);
696 break;
697
698 case TOK_SRCIP6:
699 pa6 = &(p.fs.flow_mask.src_ip6);
700 break;
701
702 case TOK_DSTPORT:
703 p16 = &p.fs.flow_mask.dst_port;
704 break;
705
706 case TOK_SRCPORT:
707 p16 = &p.fs.flow_mask.src_port;
708 break;
709
710 case TOK_PROTO:
711 break;
712
713 default:
714 ac++; av--; /* backtrack */
715 goto end_mask;
716 }
717 if (ac < 1)
718 errx(EX_USAGE, "mask: value missing");
719 if (*av[0] == '/') {
720 a = (int)strtoul(av[0]+1, &end, 0);
721 if (pa6 == NULL)
722 a = (a == 32) ? ~0 : (1 << a) - 1;
723 } else
724 a = (int)strtoul(av[0], &end, 0);
725 if (p32 != NULL)
726 *p32 = a;
727 else if (p16 != NULL) {
728 if (a > 65535)
729 errx(EX_DATAERR,
730 "mask: must be 16 bit");
731 *p16 = (uint16_t)a;
732 } else if (pa6 != NULL) {
733 if (a > 128)
734 errx(EX_DATAERR,
735 "in6addr invalid mask len");
736 else
737 n2mask(pa6, a);
738 } else {
739 if (a > 255)
740 errx(EX_DATAERR,
741 "mask: must be 8 bit");
742 p.fs.flow_mask.proto = (uint8_t)a;
743 }
744 if (a != 0)
745 p.fs.flags_fs |= DN_HAVE_FLOW_MASK;
746 ac--; av++;
747 } /* end while, config masks */
748 end_mask:
749 break;
750
751 case TOK_RED:
752 case TOK_GRED:
753 NEED1("red/gred needs w_q/min_th/max_th/max_p\n");
754 p.fs.flags_fs |= DN_IS_RED;
755 if (tok == TOK_GRED)
756 p.fs.flags_fs |= DN_IS_GENTLE_RED;
757 /*
758 * the format for parameters is w_q/min_th/max_th/max_p
759 */
760 if ((end = strsep(&av[0], "/"))) {
761 double w_q = strtod(end, NULL);
762 if (w_q > 1 || w_q <= 0)
763 errx(EX_DATAERR, "0 < w_q <= 1");
764 p.fs.w_q = (int) (w_q * (1 << SCALE_RED));
765 }
766 if ((end = strsep(&av[0], "/"))) {
767 p.fs.min_th = (int)strtoul(end, &end, 0);
768 if (*end == 'K' || *end == 'k')
769 p.fs.min_th *= 1024;
770 }
771 if ((end = strsep(&av[0], "/"))) {
772 p.fs.max_th = (int)strtoul(end, &end, 0);
773 if (*end == 'K' || *end == 'k')
774 p.fs.max_th *= 1024;
775 }
776 if ((end = strsep(&av[0], "/"))) {
777 double max_p = strtod(end, NULL);
778 if (max_p > 1 || max_p <= 0)
779 errx(EX_DATAERR, "0 < max_p <= 1");
780 p.fs.max_p = (int)(max_p * (1 << SCALE_RED));
781 }
782 ac--; av++;
783 break;
784
785 case TOK_DROPTAIL:
786 p.fs.flags_fs &= ~(DN_IS_RED|DN_IS_GENTLE_RED);
787 break;
788
789 case TOK_BW:
790 NEED1("bw needs bandwidth or interface\n");
791 if (do_pipe != 1)
792 errx(EX_DATAERR, "bandwidth only valid for pipes");
793 /*
794 * set clocking interface or bandwidth value
795 */
796 if (av[0][0] >= 'a' && av[0][0] <= 'z') {
797 int l = sizeof(p.if_name)-1;
798 /* interface name */
799 strncpy(p.if_name, av[0], l);
800 p.if_name[l] = '\0';
801 p.bandwidth = 0;
802 } else {
803 p.if_name[0] = '\0';
804 p.bandwidth = (int)strtoul(av[0], &end, 0);
805 if (*end == 'K' || *end == 'k') {
806 end++;
807 p.bandwidth *= 1000;
808 } else if (*end == 'M') {
809 end++;
810 p.bandwidth *= 1000000;
811 }
812 if (*end == 'B' || !strncmp(end, "by", 2))
813 p.bandwidth *= 8;
814 if (p.bandwidth < 0)
815 errx(EX_DATAERR, "bandwidth too large");
816 }
817 ac--; av++;
818 break;
819
820 case TOK_DELAY:
821 if (do_pipe != 1)
822 errx(EX_DATAERR, "delay only valid for pipes");
823 NEED1("delay needs argument 0..10000ms\n");
824 p.delay = (int)strtoul(av[0], NULL, 0);
825 ac--; av++;
826 break;
827
828 case TOK_WEIGHT:
829 if (do_pipe == 1)
830 errx(EX_DATAERR,"weight only valid for queues");
831 NEED1("weight needs argument 0..100\n");
832 p.fs.weight = (int)strtoul(av[0], &end, 0);
833 ac--; av++;
834 break;
835
836 case TOK_PIPE:
837 if (do_pipe == 1)
838 errx(EX_DATAERR,"pipe only valid for queues");
839 NEED1("pipe needs pipe_number\n");
840 p.fs.parent_nr = strtoul(av[0], &end, 0);
841 ac--; av++;
842 break;
843
844 default:
845 errx(EX_DATAERR, "unrecognised option ``%s''", *(--av));
846 }
847 }
848 if (do_pipe == 1) {
849 if (p.pipe_nr == 0)
850 errx(EX_DATAERR, "pipe_nr must be > 0");
851 if (p.delay > 10000)
852 errx(EX_DATAERR, "delay must be < 10000");
853 } else { /* do_pipe == 2, queue */
854 if (p.fs.parent_nr == 0)
855 errx(EX_DATAERR, "pipe must be > 0");
856 if (p.fs.weight >100)
857 errx(EX_DATAERR, "weight must be <= 100");
858 }
859 if (p.fs.flags_fs & DN_QSIZE_IS_BYTES) {
860 if (p.fs.qsize > 1024*1024)
861 errx(EX_DATAERR, "queue size must be < 1MB");
862 } else {
863 if (p.fs.qsize > 100)
864 errx(EX_DATAERR, "2 <= queue size <= 100");
865 }
866 if (p.fs.flags_fs & DN_IS_RED) {
867 size_t len;
868 int lookup_depth, avg_pkt_size;
869 double s, idle, weight, w_q;
870 struct clockinfo ck;
871 int t;
872
873 if (p.fs.min_th >= p.fs.max_th)
874 errx(EX_DATAERR, "min_th %d must be < than max_th %d",
875 p.fs.min_th, p.fs.max_th);
876 if (p.fs.max_th == 0)
877 errx(EX_DATAERR, "max_th must be > 0");
878
879 len = sizeof(int);
880 if (sysctlbyname("net.inet.ip.dummynet.red_lookup_depth",
881 &lookup_depth, &len, NULL, 0) == -1)
882
883 errx(1, "sysctlbyname(\"%s\")",
884 "net.inet.ip.dummynet.red_lookup_depth");
885 if (lookup_depth == 0)
886 errx(EX_DATAERR, "net.inet.ip.dummynet.red_lookup_depth"
887 " must be greater than zero");
888
889 len = sizeof(int);
890 if (sysctlbyname("net.inet.ip.dummynet.red_avg_pkt_size",
891 &avg_pkt_size, &len, NULL, 0) == -1)
892
893 errx(1, "sysctlbyname(\"%s\")",
894 "net.inet.ip.dummynet.red_avg_pkt_size");
895 if (avg_pkt_size == 0)
896 errx(EX_DATAERR,
897 "net.inet.ip.dummynet.red_avg_pkt_size must"
898 " be greater than zero");
899
900 len = sizeof(struct clockinfo);
901 if (sysctlbyname("kern.clockrate", &ck, &len, NULL, 0) == -1)
902 errx(1, "sysctlbyname(\"%s\")", "kern.clockrate");
903
904 /*
905 * Ticks needed for sending a medium-sized packet.
906 * Unfortunately, when we are configuring a WF2Q+ queue, we
907 * do not have bandwidth information, because that is stored
908 * in the parent pipe, and also we have multiple queues
909 * competing for it. So we set s=0, which is not very
910 * correct. But on the other hand, why do we want RED with
911 * WF2Q+ ?
912 */
913 if (p.bandwidth==0) /* this is a WF2Q+ queue */
914 s = 0;
915 else
916 s = ck.hz * avg_pkt_size * 8 / p.bandwidth;
917
918 /*
919 * max idle time (in ticks) before avg queue size becomes 0.
920 * NOTA: (3/w_q) is approx the value x so that
921 * (1-w_q)^x < 10^-3.
922 */
923 w_q = ((double)p.fs.w_q) / (1 << SCALE_RED);
924 idle = s * 3. / w_q;
925 p.fs.lookup_step = (int)idle / lookup_depth;
926 if (!p.fs.lookup_step)
927 p.fs.lookup_step = 1;
928 weight = 1 - w_q;
929 for (t = p.fs.lookup_step; t > 0; --t)
930 weight *= weight;
931 p.fs.lookup_weight = (int)(weight * (1 << SCALE_RED));
932 }
933 len = sizeof(struct dn_pipe);
934 i = do_cmd(IP_DUMMYNET_CONFIGURE, &p, &len);
935 if (i)
936 err(1, "setsockopt(%s)", "IP_DUMMYNET_CONFIGURE");
937 }
938
939 static void
940 flush(int force)
941 {
942 if (!force && !do_quiet) { /* need to ask user */
943 int c;
944
945 printf("Are you sure? [yn] ");
946 fflush(stdout);
947 do {
948 c = toupper(getc(stdin));
949 while (c != '\n' && getc(stdin) != '\n')
950 if (feof(stdin))
951 return; /* and do not flush */
952 } while (c != 'Y' && c != 'N');
953 printf("\n");
954 if (c == 'N') /* user said no */
955 return;
956 }
957
958 if (do_cmd(IP_DUMMYNET_FLUSH, NULL, 0) < 0)
959 err(EX_UNAVAILABLE, "setsockopt(IP_DUMMYNET_FLUSH)");
960
961 if (!do_quiet)
962 printf("Flushed all pipes.\n");
963 }
964
965 /*
966 * Free a the (locally allocated) copy of command line arguments.
967 */
968 static void
969 free_args(int ac, char **av)
970 {
971 int i;
972
973 for (i=0; i < ac; i++)
974 free(av[i]);
975 free(av);
976 }
977
978 /*
979 * Called with the arguments (excluding program name).
980 * Returns 0 if successful, 1 if empty command, errx() in case of errors.
981 */
982 static int
983 parse_args(int oldac, char **oldav)
984 {
985 int ch, ac, save_ac;
986 char **av, **save_av;
987 int do_acct = 0; /* Show packet/byte count */
988 int do_force = 0; /* Don't ask for confirmation */
989
990 #define WHITESP " \t\f\v\n\r"
991 if (oldac == 0)
992 return 1;
993 else if (oldac == 1) {
994 /*
995 * If we are called with a single string, try to split it into
996 * arguments for subsequent parsing.
997 * But first, remove spaces after a ',', by copying the string
998 * in-place.
999 */
1000 char *arg = oldav[0]; /* The string... */
1001 size_t l = strlen(arg);
1002 int copy = 0; /* 1 if we need to copy, 0 otherwise */
1003 int i, j;
1004 for (i = j = 0; i < l; i++) {
1005 if (arg[i] == '#') /* comment marker */
1006 break;
1007 if (copy) {
1008 arg[j++] = arg[i];
1009 copy = !index("," WHITESP, arg[i]);
1010 } else {
1011 copy = !index(WHITESP, arg[i]);
1012 if (copy)
1013 arg[j++] = arg[i];
1014 }
1015 }
1016 if (!copy && j > 0) /* last char was a 'blank', remove it */
1017 j--;
1018 l = j; /* the new argument length */
1019 arg[j++] = '\0';
1020 if (l == 0) /* empty string! */
1021 return 1;
1022
1023 /*
1024 * First, count number of arguments. Because of the previous
1025 * processing, this is just the number of blanks plus 1.
1026 */
1027 for (i = 0, ac = 1; i < l; i++)
1028 if (index(WHITESP, arg[i]) != NULL)
1029 ac++;
1030
1031 av = calloc(ac, sizeof(char *));
1032
1033 /*
1034 * Second, copy arguments from cmd[] to av[]. For each one,
1035 * j is the initial character, i is the one past the end.
1036 */
1037 for (ac = 0, i = j = 0; i < l; i++)
1038 if (index(WHITESP, arg[i]) != NULL || i == l-1) {
1039 if (i == l-1)
1040 i++;
1041 av[ac] = calloc(i-j+1, 1);
1042 bcopy(arg+j, av[ac], i-j);
1043 ac++;
1044 j = i + 1;
1045 }
1046 } else {
1047 /*
1048 * If an argument ends with ',' join with the next one.
1049 * Just add its length to 'l' and continue. When we have a string
1050 * without a ',' ending, we'll have the combined length in 'l'
1051 */
1052 int first, i;
1053 size_t l;
1054
1055 av = calloc(oldac, sizeof(char *));
1056 for (first = i = ac = 0, l = 0; i < oldac; i++) {
1057 char *arg = oldav[i];
1058 size_t k = strlen(arg);
1059
1060 l += k;
1061 if (arg[k-1] != ',' || i == oldac-1) {
1062 size_t buflen = l+1;
1063 /* Time to copy. */
1064 av[ac] = calloc(l+1, 1);
1065 for (l=0; first <= i; first++) {
1066 strlcat(av[ac]+l, oldav[first], buflen-l);
1067 l += strlen(oldav[first]);
1068 }
1069 ac++;
1070 l = 0;
1071 first = i+1;
1072 }
1073 }
1074 }
1075
1076 /* Set the force flag for non-interactive processes */
1077 do_force = !isatty(STDIN_FILENO);
1078
1079 /* Save arguments for final freeing of memory. */
1080 save_ac = ac;
1081 save_av = av;
1082
1083 optind = optreset = 0;
1084 while ((ch = getopt(ac, av, "afhnqsv")) != -1)
1085 switch (ch) {
1086 case 'a':
1087 do_acct = 1;
1088 break;
1089
1090 case 'f':
1091 do_force = 1;
1092 break;
1093
1094 case 'h': /* help */
1095 free_args(save_ac, save_av);
1096 help();
1097 break; /* NOTREACHED */
1098
1099 case 'n':
1100 test_only = 1;
1101 break;
1102
1103 case 'q':
1104 do_quiet = 1;
1105 break;
1106
1107 case 's': /* sort */
1108 do_sort = atoi(optarg);
1109 break;
1110
1111 case 'v': /* verbose */
1112 verbose = 1;
1113 break;
1114
1115 default:
1116 free_args(save_ac, save_av);
1117 return 1;
1118 }
1119
1120 ac -= optind;
1121 av += optind;
1122 NEED1("bad arguments, for usage summary ``dnctl''");
1123
1124 /*
1125 * An undocumented behaviour of dnctl1 was to allow rule numbers first,
1126 * e.g. "100 add allow ..." instead of "add 100 allow ...".
1127 * In case, swap first and second argument to get the normal form.
1128 */
1129 if (ac > 1 && isdigit(*av[0])) {
1130 char *p = av[0];
1131
1132 av[0] = av[1];
1133 av[1] = p;
1134 }
1135
1136 /*
1137 * optional: pipe or queue
1138 */
1139 do_pipe = 0;
1140 if (!strncmp(*av, "pipe", strlen(*av)))
1141 do_pipe = 1;
1142 else if (!strncmp(*av, "queue", strlen(*av)))
1143 do_pipe = 2;
1144 if (do_pipe) {
1145 ac--;
1146 av++;
1147 }
1148 NEED1("missing command");
1149
1150 /*
1151 * For pipes and queues we normally say 'pipe NN config'
1152 * but the code is easier to parse as 'pipe config NN'
1153 * so we swap the two arguments.
1154 */
1155 if (do_pipe > 0 && ac > 1 && isdigit(*av[0])) {
1156 char *p = av[0];
1157
1158 av[0] = av[1];
1159 av[1] = p;
1160 }
1161
1162 if (do_pipe && !strncmp(*av, "config", strlen(*av)))
1163 config_pipe(ac, av);
1164 else if (!strncmp(*av, "delete", strlen(*av)))
1165 delete(ac, av);
1166 else if (!strncmp(*av, "flush", strlen(*av)))
1167 flush(do_force);
1168 else if (!strncmp(*av, "print", strlen(*av)) ||
1169 !strncmp(*av, "list", strlen(*av)))
1170 list(ac, av, do_acct);
1171 else if (!strncmp(*av, "show", strlen(*av)))
1172 list(ac, av, 1 /* show counters */);
1173 else
1174 errx(EX_USAGE, "bad command `%s'", *av);
1175
1176 /* Free memory allocated in the argument parsing. */
1177 free_args(save_ac, save_av);
1178 return 0;
1179 }
1180
1181 static void
1182 dnctl_readfile(int ac, char *av[])
1183 {
1184 #define MAX_ARGS 32
1185 char buf[BUFSIZ];
1186 char *cmd = NULL, *filename = av[ac-1];
1187 int c, lineno=0;
1188 FILE *f = NULL;
1189 pid_t preproc = 0;
1190
1191 while ((c = getopt(ac, av, "np:q")) != -1) {
1192 switch(c) {
1193 case 'n':
1194 test_only = 1;
1195 break;
1196
1197 case 'p':
1198 cmd = optarg;
1199 /*
1200 * Skip previous args and delete last one, so we
1201 * pass all but the last argument to the preprocessor
1202 * via av[optind-1]
1203 */
1204 av += optind - 1;
1205 ac -= optind - 1;
1206 av[ac-1] = NULL;
1207 fprintf(stderr, "command is %s\n", av[0]);
1208 break;
1209
1210 case 'q':
1211 do_quiet = 1;
1212 break;
1213
1214 default:
1215 errx(EX_USAGE, "bad arguments, for usage"
1216 " summary ``dnctl''");
1217 }
1218
1219 if (cmd != NULL)
1220 break;
1221 }
1222
1223 if (cmd == NULL && ac != optind + 1) {
1224 fprintf(stderr, "ac %d, optind %d\n", ac, optind);
1225 errx(EX_USAGE, "extraneous filename arguments");
1226 }
1227
1228 if ((f = fopen(filename, "r")) == NULL)
1229 err(EX_UNAVAILABLE, "fopen: %s", filename);
1230
1231 if (cmd != NULL) { /* pipe through preprocessor */
1232 int pipedes[2];
1233
1234 if (pipe(pipedes) == -1)
1235 err(EX_OSERR, "cannot create pipe");
1236
1237 preproc = fork();
1238 if (preproc == -1)
1239 err(EX_OSERR, "cannot fork");
1240
1241 if (preproc == 0) {
1242 /*
1243 * Child, will run the preprocessor with the
1244 * file on stdin and the pipe on stdout.
1245 */
1246 if (dup2(fileno(f), 0) == -1
1247 || dup2(pipedes[1], 1) == -1)
1248 err(EX_OSERR, "dup2()");
1249 fclose(f);
1250 close(pipedes[1]);
1251 close(pipedes[0]);
1252 execvp(cmd, av);
1253 err(EX_OSERR, "execvp(%s) failed", cmd);
1254 } else { /* parent, will reopen f as the pipe */
1255 fclose(f);
1256 close(pipedes[1]);
1257 if ((f = fdopen(pipedes[0], "r")) == NULL) {
1258 int savederrno = errno;
1259
1260 (void)kill(preproc, SIGTERM);
1261 errno = savederrno;
1262 err(EX_OSERR, "fdopen()");
1263 }
1264 }
1265 }
1266
1267 while (fgets(buf, BUFSIZ, f)) { /* read commands */
1268 char linename[16];
1269 char *args[1];
1270
1271 lineno++;
1272 snprintf(linename, sizeof(linename), "Line %d", lineno);
1273 setprogname(linename); /* XXX */
1274 args[0] = buf;
1275 parse_args(1, args);
1276 }
1277 fclose(f);
1278 if (cmd != NULL) {
1279 int status;
1280
1281 if (waitpid(preproc, &status, 0) == -1)
1282 errx(EX_OSERR, "waitpid()");
1283 if (WIFEXITED(status) && WEXITSTATUS(status) != EX_OK)
1284 errx(EX_UNAVAILABLE,
1285 "preprocessor exited with status %d",
1286 WEXITSTATUS(status));
1287 else if (WIFSIGNALED(status))
1288 errx(EX_UNAVAILABLE,
1289 "preprocessor exited with signal %d",
1290 WTERMSIG(status));
1291 }
1292 }
1293
1294 int
1295 main(int ac, char *av[])
1296 {
1297 /*
1298 * If the last argument is an absolute pathname, interpret it
1299 * as a file to be preprocessed.
1300 */
1301
1302 if (ac > 1 && av[ac - 1][0] == '/' && access(av[ac - 1], R_OK) == 0)
1303 dnctl_readfile(ac, av);
1304 else {
1305 if (parse_args(ac-1, av+1))
1306 show_usage();
1307 }
1308 return EX_OK;
1309 }
mirror of network_cmds