]> git.saurik.com Git - apple/network_cmds.git/blob - dnctl/dnctl.c
projects / apple / network_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network_cmds-433.tar.gz
[apple/network_cmds.git] / dnctl / dnctl.c
1 /*
2 * Copyright (c) 2002-2012 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /*
30 * Copyright (c) 2002-2003 Luigi Rizzo
31 * Copyright (c) 1996 Alex Nash, Paul Traina, Poul-Henning Kamp
32 * Copyright (c) 1994 Ugen J.S.Antsilevich
33 *
34 * Idea and grammar partially left from:
35 * Copyright (c) 1993 Daniel Boulet
36 *
37 * Redistribution and use in source forms, with and without modification,
38 * are permitted provided that this entire comment appears intact.
39 *
40 * Redistribution in binary form may occur without any restrictions.
41 * Obviously, it would be nice if you gave credit where credit is due
42 * but requiring it would be too onerous.
43 *
44 * This software is provided ``AS IS'' without any warranties of any kind.
45 */
46
47 /*
48 * Ripped off ipfw2.c
49 */
50
51 #include <sys/param.h>
52 #include <sys/socket.h>
53 #include <sys/sysctl.h>
54
55 #include <ctype.h>
56 #include <err.h>
57 #include <errno.h>
58 #include <netdb.h>
59 #include <signal.h>
60 #include <stdio.h>
61 #include <stdlib.h>
62 #include <stdarg.h>
63 #include <string.h>
64 #include <unistd.h>
65 #include <sysexits.h>
66
67 #include <net/if.h>
68 #include <netinet/in.h>
69 #include <netinet/ip.h>
70 #include <netinet/ip_dummynet.h>
71 #include <arpa/inet.h>
72
73 /*
74 * Limit delay to avoid computation overflow
75 */
76 #define MAX_DELAY (INT_MAX / 1000)
77
78
79 int
80 do_quiet, /* Be quiet in add and flush */
81 do_pipe, /* this cmd refers to a pipe */
82 do_sort, /* field to sort results (0 = no) */
83 test_only, /* only check syntax */
84 verbose;
85
86 #define IP_MASK_ALL 0xffffffff
87
88 /*
89 * _s_x is a structure that stores a string <-> token pairs, used in
90 * various places in the parser. Entries are stored in arrays,
91 * with an entry with s=NULL as terminator.
92 * The search routines are match_token() and match_value().
93 * Often, an element with x=0 contains an error string.
94 *
95 */
96 struct _s_x {
97 char const *s;
98 int x;
99 };
100
101 enum tokens {
102 TOK_NULL=0,
103
104 TOK_ACCEPT,
105 TOK_COUNT,
106 TOK_PIPE,
107 TOK_QUEUE,
108
109 TOK_PLR,
110 TOK_NOERROR,
111 TOK_BUCKETS,
112 TOK_DSTIP,
113 TOK_SRCIP,
114 TOK_DSTPORT,
115 TOK_SRCPORT,
116 TOK_ALL,
117 TOK_MASK,
118 TOK_BW,
119 TOK_DELAY,
120 TOK_RED,
121 TOK_GRED,
122 TOK_DROPTAIL,
123 TOK_PROTO,
124 TOK_WEIGHT,
125
126 TOK_DSTIP6,
127 TOK_SRCIP6,
128 };
129
130 struct _s_x dummynet_params[] = {
131 { "plr", TOK_PLR },
132 { "noerror", TOK_NOERROR },
133 { "buckets", TOK_BUCKETS },
134 { "dst-ip", TOK_DSTIP },
135 { "src-ip", TOK_SRCIP },
136 { "dst-port", TOK_DSTPORT },
137 { "src-port", TOK_SRCPORT },
138 { "proto", TOK_PROTO },
139 { "weight", TOK_WEIGHT },
140 { "all", TOK_ALL },
141 { "mask", TOK_MASK },
142 { "droptail", TOK_DROPTAIL },
143 { "red", TOK_RED },
144 { "gred", TOK_GRED },
145 { "bw", TOK_BW },
146 { "bandwidth", TOK_BW },
147 { "delay", TOK_DELAY },
148 { "pipe", TOK_PIPE },
149 { "queue", TOK_QUEUE },
150 { "dst-ipv6", TOK_DSTIP6},
151 { "dst-ip6", TOK_DSTIP6},
152 { "src-ipv6", TOK_SRCIP6},
153 { "src-ip6", TOK_SRCIP6},
154 { "dummynet-params", TOK_NULL },
155 { NULL, 0 } /* terminator */
156 };
157
158 static void show_usage(void);
159
160
161 void n2mask(struct in6_addr *, int );
162 unsigned long long align_uint64(const uint64_t *);
163
164 /* n2mask sets n bits of the mask */
165 void
166 n2mask(struct in6_addr *mask, int n)
167 {
168 static int minimask[9] =
169 { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
170 u_char *p;
171
172 memset(mask, 0, sizeof(struct in6_addr));
173 p = (u_char *) mask;
174 for (; n > 0; p++, n -= 8) {
175 if (n >= 8)
176 *p = 0xff;
177 else
178 *p = minimask[n];
179 }
180 return;
181 }
182
183 /*
184 * The following is used to generate a printable argument for
185 * 64-bit numbers, irrespective of platform alignment and bit size.
186 * Because all the printf in this program use %llu as a format,
187 * we just return an unsigned long long, which is larger than
188 * we need in certain cases, but saves the hassle of using
189 * PRIu64 as a format specifier.
190 * We don't care about inlining, this is not performance critical code.
191 */
192 unsigned long long
193 align_uint64(const uint64_t *pll)
194 {
195 uint64_t ret;
196
197 bcopy (pll, &ret, sizeof(ret));
198 return ret;
199 }
200
201 /*
202 * conditionally runs the command.
203 */
204 static int
205 do_cmd(int optname, void *optval, socklen_t *optlen)
206 {
207 static int s = -1; /* the socket */
208 int i;
209
210 if (test_only)
211 return 0;
212
213 if (s == -1)
214 s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
215 if (s < 0)
216 err(EX_UNAVAILABLE, "socket");
217
218 if (optname == IP_DUMMYNET_GET)
219 i = getsockopt(s, IPPROTO_IP, optname, optval, optlen);
220 else
221 i = setsockopt(s, IPPROTO_IP, optname, optval, optlen ? *optlen : 0);
222 return i;
223 }
224
225 /**
226 * match_token takes a table and a string, returns the value associated
227 * with the string (-1 in case of failure).
228 */
229 static int
230 match_token(struct _s_x *table, char *string)
231 {
232 struct _s_x *pt;
233 size_t i = strlen(string);
234
235 for (pt = table ; i && pt->s != NULL ; pt++)
236 if (strlen(pt->s) == i && !bcmp(string, pt->s, i))
237 return pt->x;
238 return -1;
239 };
240
241 static int
242 sort_q(const void *pa, const void *pb)
243 {
244 int rev = (do_sort < 0);
245 int field = rev ? -do_sort : do_sort;
246 long long res = 0;
247 const struct dn_flow_queue *a = pa;
248 const struct dn_flow_queue *b = pb;
249
250 switch (field) {
251 case 1: /* pkts */
252 res = a->len - b->len;
253 break;
254 case 2: /* bytes */
255 res = a->len_bytes - b->len_bytes;
256 break;
257
258 case 3: /* tot pkts */
259 res = a->tot_pkts - b->tot_pkts;
260 break;
261
262 case 4: /* tot bytes */
263 res = a->tot_bytes - b->tot_bytes;
264 break;
265 }
266 if (res < 0)
267 res = -1;
268 if (res > 0)
269 res = 1;
270 return (int)(rev ? res : -res);
271 }
272
273 static void
274 list_queues(struct dn_flow_set *fs, struct dn_flow_queue *q)
275 {
276 int l;
277 int index_printed, indexes = 0;
278 char buff[255];
279 struct protoent *pe;
280
281 printf(" mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
282 fs->flow_mask.proto,
283 fs->flow_mask.src_ip, fs->flow_mask.src_port,
284 fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
285 if (fs->rq_elements == 0)
286 return;
287
288 printf("BKT Prot ___Source IP/port____ "
289 "____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp\n");
290 if (do_sort != 0)
291 heapsort(q, fs->rq_elements, sizeof(struct dn_flow_queue), sort_q);
292
293 /* Print IPv4 flows */
294 for (l = 0; l < fs->rq_elements; l++) {
295 struct in_addr ina;
296
297 /* XXX: Should check for IPv4 flows */
298 if (IS_IP6_FLOW_ID(&(q[l].id)))
299 continue;
300
301 if (!index_printed) {
302 index_printed = 1;
303 if (indexes > 0) /* currently a no-op */
304 printf("\n");
305 indexes++;
306 printf(" "
307 "mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
308 fs->flow_mask.proto,
309 fs->flow_mask.src_ip, fs->flow_mask.src_port,
310 fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
311
312 printf("BKT Prot ___Source IP/port____ "
313 "____Dest. IP/port____ "
314 "Tot_pkt/bytes Pkt/Byte Drp\n");
315 }
316
317 printf("%3d ", q[l].hash_slot);
318 pe = getprotobynumber(q[l].id.proto);
319 if (pe)
320 printf("%-4s ", pe->p_name);
321 else
322 printf("%4u ", q[l].id.proto);
323 ina.s_addr = htonl(q[l].id.src_ip);
324 printf("%15s/%-5d ",
325 inet_ntoa(ina), q[l].id.src_port);
326 ina.s_addr = htonl(q[l].id.dst_ip);
327 printf("%15s/%-5d ",
328 inet_ntoa(ina), q[l].id.dst_port);
329 printf("%4llu %8llu %2u %4u %3u\n",
330 align_uint64(&q[l].tot_pkts),
331 align_uint64(&q[l].tot_bytes),
332 q[l].len, q[l].len_bytes, q[l].drops);
333 if (verbose)
334 printf(" S %20llu F %20llu\n",
335 align_uint64(&q[l].S), align_uint64(&q[l].F));
336 }
337
338 /* Print IPv6 flows */
339 index_printed = 0;
340 for (l = 0; l < fs->rq_elements; l++) {
341 if (!IS_IP6_FLOW_ID(&(q[l].id)))
342 continue;
343
344 if (!index_printed) {
345 index_printed = 1;
346 if (indexes > 0)
347 printf("\n");
348 indexes++;
349 printf("\n mask: proto: 0x%02x, flow_id: 0x%08x, ",
350 fs->flow_mask.proto, fs->flow_mask.flow_id6);
351 inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6),
352 buff, sizeof(buff));
353 printf("%s/0x%04x -> ", buff, fs->flow_mask.src_port);
354 inet_ntop( AF_INET6, &(fs->flow_mask.dst_ip6),
355 buff, sizeof(buff) );
356 printf("%s/0x%04x\n", buff, fs->flow_mask.dst_port);
357
358 printf("BKT ___Prot___ _flow-id_ "
359 "______________Source IPv6/port_______________ "
360 "_______________Dest. IPv6/port_______________ "
361 "Tot_pkt/bytes Pkt/Byte Drp\n");
362 }
363 printf("%3d ", q[l].hash_slot);
364 pe = getprotobynumber(q[l].id.proto);
365 if (pe != NULL)
366 printf("%9s ", pe->p_name);
367 else
368 printf("%9u ", q[l].id.proto);
369 printf("%7d %39s/%-5d ", q[l].id.flow_id6,
370 inet_ntop(AF_INET6, &(q[l].id.src_ip6), buff, sizeof(buff)),
371 q[l].id.src_port);
372 printf(" %39s/%-5d ",
373 inet_ntop(AF_INET6, &(q[l].id.dst_ip6), buff, sizeof(buff)),
374 q[l].id.dst_port);
375 printf(" %4llu %8llu %2u %4u %3u\n",
376 align_uint64(&q[l].tot_pkts),
377 align_uint64(&q[l].tot_bytes),
378 q[l].len, q[l].len_bytes, q[l].drops);
379 if (verbose)
380 printf(" S %20llu F %20llu\n",
381 align_uint64(&q[l].S),
382 align_uint64(&q[l].F));
383 }
384 }
385
386 static void
387 print_flowset_parms(struct dn_flow_set *fs, char *prefix)
388 {
389 int l;
390 char qs[30];
391 char plr[30];
392 char red[90]; /* Display RED parameters */
393
394 l = fs->qsize;
395 if (fs->flags_fs & DN_QSIZE_IS_BYTES) {
396 if (l >= 8192)
397 snprintf(qs, sizeof(qs), "%d KB", l / 1024);
398 else
399 snprintf(qs, sizeof(qs), "%d B", l);
400 } else
401 snprintf(qs, sizeof(qs), "%3d sl.", l);
402 if (fs->plr)
403 snprintf(plr, sizeof(plr), "plr %f", 1.0 * fs->plr / (double)(0x7fffffff));
404 else
405 plr[0] = '\0';
406 if (fs->flags_fs & DN_IS_RED) /* RED parameters */
407 snprintf(red, sizeof(red),
408 "\n\t %cRED w_q %f min_th %d max_th %d max_p %f",
409 (fs->flags_fs & DN_IS_GENTLE_RED) ? 'G' : ' ',
410 1.0 * fs->w_q / (double)(1 << SCALE_RED),
411 SCALE_VAL(fs->min_th),
412 SCALE_VAL(fs->max_th),
413 1.0 * fs->max_p / (double)(1 << SCALE_RED));
414 else
415 snprintf(red, sizeof(red), "droptail");
416
417 printf("%s %s%s %d queues (%d buckets) %s\n",
418 prefix, qs, plr, fs->rq_elements, fs->rq_size, red);
419 }
420
421 static void
422 list_pipes(void *data, size_t nbytes, int ac, char *av[])
423 {
424 unsigned int rulenum;
425 void *next = data;
426 struct dn_pipe *p = (struct dn_pipe *) data;
427 struct dn_flow_set *fs;
428 struct dn_flow_queue *q;
429 size_t l;
430
431 if (ac > 0)
432 rulenum = (unsigned int)strtoul(*av++, NULL, 10);
433 else
434 rulenum = 0;
435 for (; nbytes >= sizeof(struct dn_pipe); p = (struct dn_pipe *)next) {
436 double b = p->bandwidth;
437 char buf[30];
438 char prefix[80];
439
440 if (p->next.sle_next != (struct dn_pipe *)DN_IS_PIPE)
441 break; /* done with pipes, now queues */
442
443 /*
444 * compute length, as pipe have variable size
445 */
446 l = sizeof(struct dn_pipe) + p->fs.rq_elements * sizeof(struct dn_flow_queue);
447 next = (char *)p + l;
448 nbytes -= l;
449
450 if (rulenum != 0 && rulenum != p->pipe_nr)
451 continue;
452
453 /*
454 * Print rate (or clocking interface)
455 */
456 if (p->if_name[0] != '\0')
457 snprintf(buf, sizeof(buf), "%s", p->if_name);
458 else if (b == 0)
459 snprintf(buf, sizeof(buf), "unlimited");
460 else if (b >= 1000000)
461 snprintf(buf, sizeof(buf), "%7.3f Mbit/s", b/1000000);
462 else if (b >= 1000)
463 snprintf(buf, sizeof(buf), "%7.3f Kbit/s", b/1000);
464 else
465 snprintf(buf, sizeof(buf), "%7.3f bit/s ", b);
466
467 snprintf(prefix, sizeof(prefix), "%05d: %s %4d ms ",
468 p->pipe_nr, buf, p->delay);
469 print_flowset_parms(&(p->fs), prefix);
470 if (verbose)
471 printf(" V %20qd\n", p->V >> MY_M);
472
473 q = (struct dn_flow_queue *)(p+1);
474 list_queues(&(p->fs), q);
475 }
476 for (fs = next; nbytes >= sizeof *fs; fs = next) {
477 char prefix[80];
478
479 if (fs->next.sle_next != (struct dn_flow_set *)DN_IS_QUEUE)
480 break;
481 l = sizeof(struct dn_flow_set) + fs->rq_elements * sizeof(struct dn_flow_queue);
482 next = (char *)fs + l;
483 nbytes -= l;
484 q = (struct dn_flow_queue *)(fs+1);
485 snprintf(prefix, sizeof(prefix), "q%05d: weight %d pipe %d ",
486 fs->fs_nr, fs->weight, fs->parent_nr);
487 print_flowset_parms(fs, prefix);
488 list_queues(fs, q);
489 }
490 }
491
492 static void
493 list(int ac, char *av[], int show_counters)
494 {
495 void *data = NULL;
496 socklen_t nbytes;
497 int exitval = EX_OK;
498
499 int nalloc = 1024; /* start somewhere... */
500
501 if (test_only) {
502 fprintf(stderr, "Testing only, list disabled\n");
503 return;
504 }
505
506 ac--;
507 av++;
508
509 /* get rules or pipes from kernel, resizing array as necessary */
510 nbytes = nalloc;
511
512 while (nbytes >= nalloc) {
513 nalloc = nalloc * 2 + 200;
514 nbytes = nalloc;
515 if ((data = realloc(data, nbytes)) == NULL)
516 err(EX_OSERR, "realloc");
517
518 if (do_cmd(IP_DUMMYNET_GET, data, &nbytes) < 0) {
519 if (errno == ENOBUFS) {
520 nbytes = 0;
521 break;
522 }
523 err(EX_OSERR, "getsockopt(IP_DUMMYNET_GET)");
524
525 }
526 }
527
528 list_pipes(data, nbytes, ac, av);
529
530 free(data);
531
532 if (exitval != EX_OK)
533 exit(exitval);
534 }
535
536 static void
537 show_usage(void)
538 {
539 fprintf(stderr, "usage: dnctl [options]\n"
540 "do \"dnctl -h\" or see dnctl manpage for details\n"
541 );
542 exit(EX_USAGE);
543 }
544
545 static void
546 help(void)
547 {
548 fprintf(stderr,
549 "dnclt [-acdeftTnNpqS] <command> where <command> is one of:\n"
550 "{pipe|queue} N config PIPE-BODY\n"
551 "[pipe|queue] {zero|delete|show} [N{,N}]\n"
552 );
553 exit(0);
554 }
555
556 static void
557 delete(int ac, char *av[])
558 {
559 struct dn_pipe p;
560 int i;
561 int exitval = EX_OK;
562 socklen_t len;
563
564 memset(&p, 0, sizeof(struct dn_pipe));
565
566 av++; ac--;
567
568 while (ac && isdigit(**av)) {
569 i = atoi(*av); av++; ac--;
570
571 if (do_pipe == 1)
572 p.pipe_nr = i;
573 else
574 p.fs.fs_nr = i;
575 len = sizeof(struct dn_pipe);
576 i = do_cmd(IP_DUMMYNET_DEL, &p, &len);
577 if (i) {
578 exitval = 1;
579 warn("rule %u: setsockopt(IP_DUMMYNET_DEL)",
580 do_pipe == 1 ? p.pipe_nr : p.fs.fs_nr);
581 }
582 }
583 if (exitval != EX_OK)
584 exit(exitval);
585 }
586
587 /*
588 * the following macro returns an error message if we run out of
589 * arguments.
590 */
591 #define NEED1(msg) {if (!ac) errx(EX_USAGE, msg);}
592 #define NEED2(msg, arg) {if (!ac) errx(EX_USAGE, msg, arg);}
593
594 static void
595 config_pipe(int ac, char **av)
596 {
597 struct dn_pipe p;
598 int i;
599 char *end;
600 void *par = NULL;
601 socklen_t len;
602
603 memset(&p, 0, sizeof(struct dn_pipe));
604
605 av++; ac--;
606 /* Pipe number */
607 if (ac && isdigit(**av)) {
608 i = atoi(*av); av++; ac--;
609 if (do_pipe == 1)
610 p.pipe_nr = i;
611 else
612 p.fs.fs_nr = i;
613 }
614 while (ac > 0) {
615 double d;
616 int tok = match_token(dummynet_params, *av);
617 ac--; av++;
618
619 switch(tok) {
620 case TOK_NOERROR:
621 p.fs.flags_fs |= DN_NOERROR;
622 break;
623
624 case TOK_PLR:
625 NEED1("plr needs argument 0..1\n");
626 d = strtod(av[0], NULL);
627 if (d > 1)
628 d = 1;
629 else if (d < 0)
630 d = 0;
631 p.fs.plr = (int)(d*0x7fffffff);
632 ac--; av++;
633 break;
634
635 case TOK_QUEUE:
636 NEED1("queue needs queue size\n");
637 end = NULL;
638 p.fs.qsize = (int)strtoul(av[0], &end, 0);
639 if (*end == 'K' || *end == 'k') {
640 p.fs.flags_fs |= DN_QSIZE_IS_BYTES;
641 p.fs.qsize *= 1024;
642 } else if (*end == 'B' || !strncmp(end, "by", 2)) {
643 p.fs.flags_fs |= DN_QSIZE_IS_BYTES;
644 }
645 ac--; av++;
646 break;
647
648 case TOK_BUCKETS:
649 NEED1("buckets needs argument\n");
650 p.fs.rq_size = (int)strtoul(av[0], NULL, 0);
651 ac--; av++;
652 break;
653
654 case TOK_MASK:
655 NEED1("mask needs mask specifier\n");
656 /*
657 * per-flow queue, mask is dst_ip, dst_port,
658 * src_ip, src_port, proto measured in bits
659 */
660 par = NULL;
661
662 p.fs.flow_mask.dst_ip = 0;
663 p.fs.flow_mask.src_ip = 0;
664 p.fs.flow_mask.dst_port = 0;
665 p.fs.flow_mask.src_port = 0;
666 p.fs.flow_mask.proto = 0;
667 end = NULL;
668
669 while (ac >= 1) {
670 uint32_t *p32 = NULL;
671 uint16_t *p16 = NULL;
672 struct in6_addr *pa6 = NULL;
673 uint32_t a;
674
675 tok = match_token(dummynet_params, *av);
676 ac--; av++;
677 switch(tok) {
678 case TOK_ALL:
679 /*
680 * special case, all bits significant
681 */
682 p.fs.flow_mask.dst_ip = ~0;
683 p.fs.flow_mask.src_ip = ~0;
684 p.fs.flow_mask.dst_port = ~0;
685 p.fs.flow_mask.src_port = ~0;
686 p.fs.flow_mask.proto = ~0;
687 n2mask(&(p.fs.flow_mask.dst_ip6), 128);
688 n2mask(&(p.fs.flow_mask.src_ip6), 128);
689 p.fs.flags_fs |= DN_HAVE_FLOW_MASK;
690 goto end_mask;
691
692 case TOK_DSTIP:
693 p32 = &p.fs.flow_mask.dst_ip;
694 break;
695
696 case TOK_SRCIP:
697 p32 = &p.fs.flow_mask.src_ip;
698 break;
699
700 case TOK_DSTIP6:
701 pa6 = &(p.fs.flow_mask.dst_ip6);
702 break;
703
704 case TOK_SRCIP6:
705 pa6 = &(p.fs.flow_mask.src_ip6);
706 break;
707
708 case TOK_DSTPORT:
709 p16 = &p.fs.flow_mask.dst_port;
710 break;
711
712 case TOK_SRCPORT:
713 p16 = &p.fs.flow_mask.src_port;
714 break;
715
716 case TOK_PROTO:
717 break;
718
719 default:
720 ac++; av--; /* backtrack */
721 goto end_mask;
722 }
723 if (ac < 1)
724 errx(EX_USAGE, "mask: value missing");
725 if (*av[0] == '/') {
726 a = (int)strtoul(av[0]+1, &end, 0);
727 if (pa6 == NULL)
728 a = (a == 32) ? ~0 : (1 << a) - 1;
729 } else
730 a = (int)strtoul(av[0], &end, 0);
731 if (p32 != NULL)
732 *p32 = a;
733 else if (p16 != NULL) {
734 if (a > 65535)
735 errx(EX_DATAERR,
736 "mask: must be 16 bit");
737 *p16 = (uint16_t)a;
738 } else if (pa6 != NULL) {
739 if (a > 128)
740 errx(EX_DATAERR,
741 "in6addr invalid mask len");
742 else
743 n2mask(pa6, a);
744 } else {
745 if (a > 255)
746 errx(EX_DATAERR,
747 "mask: must be 8 bit");
748 p.fs.flow_mask.proto = (uint8_t)a;
749 }
750 if (a != 0)
751 p.fs.flags_fs |= DN_HAVE_FLOW_MASK;
752 ac--; av++;
753 } /* end while, config masks */
754 end_mask:
755 break;
756
757 case TOK_RED:
758 case TOK_GRED:
759 NEED1("red/gred needs w_q/min_th/max_th/max_p\n");
760 p.fs.flags_fs |= DN_IS_RED;
761 if (tok == TOK_GRED)
762 p.fs.flags_fs |= DN_IS_GENTLE_RED;
763 /*
764 * the format for parameters is w_q/min_th/max_th/max_p
765 */
766 if ((end = strsep(&av[0], "/"))) {
767 double w_q = strtod(end, NULL);
768 if (w_q > 1 || w_q <= 0)
769 errx(EX_DATAERR, "0 < w_q <= 1");
770 p.fs.w_q = (int) (w_q * (1 << SCALE_RED));
771 }
772 if ((end = strsep(&av[0], "/"))) {
773 p.fs.min_th = (int)strtoul(end, &end, 0);
774 if (*end == 'K' || *end == 'k')
775 p.fs.min_th *= 1024;
776 }
777 if ((end = strsep(&av[0], "/"))) {
778 p.fs.max_th = (int)strtoul(end, &end, 0);
779 if (*end == 'K' || *end == 'k')
780 p.fs.max_th *= 1024;
781 }
782 if ((end = strsep(&av[0], "/"))) {
783 double max_p = strtod(end, NULL);
784 if (max_p > 1 || max_p <= 0)
785 errx(EX_DATAERR, "0 < max_p <= 1");
786 p.fs.max_p = (int)(max_p * (1 << SCALE_RED));
787 }
788 ac--; av++;
789 break;
790
791 case TOK_DROPTAIL:
792 p.fs.flags_fs &= ~(DN_IS_RED|DN_IS_GENTLE_RED);
793 break;
794
795 case TOK_BW:
796 NEED1("bw needs bandwidth or interface\n");
797 if (do_pipe != 1)
798 errx(EX_DATAERR, "bandwidth only valid for pipes");
799 /*
800 * set clocking interface or bandwidth value
801 */
802 if (av[0][0] >= 'a' && av[0][0] <= 'z') {
803 int l = sizeof(p.if_name)-1;
804 /* interface name */
805 strncpy(p.if_name, av[0], l);
806 p.if_name[l] = '\0';
807 p.bandwidth = 0;
808 } else {
809 p.if_name[0] = '\0';
810 p.bandwidth = (int)strtoul(av[0], &end, 0);
811 if (*end == 'K' || *end == 'k') {
812 end++;
813 p.bandwidth *= 1000;
814 } else if (*end == 'M') {
815 end++;
816 p.bandwidth *= 1000000;
817 }
818 if (*end == 'B' || !strncmp(end, "by", 2))
819 p.bandwidth *= 8;
820 if (p.bandwidth < 0)
821 errx(EX_DATAERR, "bandwidth too large");
822 }
823 ac--; av++;
824 break;
825
826 case TOK_DELAY:
827 if (do_pipe != 1)
828 errx(EX_DATAERR, "delay only valid for pipes");
829 NEED2("delay needs argument 0..%d\n", MAX_DELAY);
830 p.delay = (int)strtoul(av[0], NULL, 0);
831 ac--; av++;
832 break;
833
834 case TOK_WEIGHT:
835 if (do_pipe == 1)
836 errx(EX_DATAERR,"weight only valid for queues");
837 NEED1("weight needs argument 0..100\n");
838 p.fs.weight = (int)strtoul(av[0], &end, 0);
839 ac--; av++;
840 break;
841
842 case TOK_PIPE:
843 if (do_pipe == 1)
844 errx(EX_DATAERR,"pipe only valid for queues");
845 NEED1("pipe needs pipe_number\n");
846 p.fs.parent_nr = strtoul(av[0], &end, 0);
847 ac--; av++;
848 break;
849
850 default:
851 errx(EX_DATAERR, "unrecognised option ``%s''", *(--av));
852 }
853 }
854 if (do_pipe == 1) {
855 if (p.pipe_nr == 0)
856 errx(EX_DATAERR, "pipe_nr must be > 0");
857 if (p.delay > MAX_DELAY)
858 errx(EX_DATAERR, "delay must be < %d ms", MAX_DELAY);
859 } else { /* do_pipe == 2, queue */
860 if (p.fs.parent_nr == 0)
861 errx(EX_DATAERR, "pipe must be > 0");
862 if (p.fs.weight >100)
863 errx(EX_DATAERR, "weight must be <= 100");
864 }
865 if (p.fs.flags_fs & DN_QSIZE_IS_BYTES) {
866 if (p.fs.qsize > 1024*1024)
867 errx(EX_DATAERR, "queue size must be < 1MB");
868 } else {
869 if (p.fs.qsize > 100)
870 errx(EX_DATAERR, "2 <= queue size <= 100");
871 }
872 if (p.fs.flags_fs & DN_IS_RED) {
873 size_t len;
874 int lookup_depth, avg_pkt_size;
875 double s, idle, weight, w_q;
876 struct clockinfo ck;
877 int t;
878
879 if (p.fs.min_th >= p.fs.max_th)
880 errx(EX_DATAERR, "min_th %d must be < than max_th %d",
881 p.fs.min_th, p.fs.max_th);
882 if (p.fs.max_th == 0)
883 errx(EX_DATAERR, "max_th must be > 0");
884
885 len = sizeof(int);
886 if (sysctlbyname("net.inet.ip.dummynet.red_lookup_depth",
887 &lookup_depth, &len, NULL, 0) == -1)
888
889 errx(1, "sysctlbyname(\"%s\")",
890 "net.inet.ip.dummynet.red_lookup_depth");
891 if (lookup_depth == 0)
892 errx(EX_DATAERR, "net.inet.ip.dummynet.red_lookup_depth"
893 " must be greater than zero");
894
895 len = sizeof(int);
896 if (sysctlbyname("net.inet.ip.dummynet.red_avg_pkt_size",
897 &avg_pkt_size, &len, NULL, 0) == -1)
898
899 errx(1, "sysctlbyname(\"%s\")",
900 "net.inet.ip.dummynet.red_avg_pkt_size");
901 if (avg_pkt_size == 0)
902 errx(EX_DATAERR,
903 "net.inet.ip.dummynet.red_avg_pkt_size must"
904 " be greater than zero");
905
906 len = sizeof(struct clockinfo);
907 if (sysctlbyname("kern.clockrate", &ck, &len, NULL, 0) == -1)
908 errx(1, "sysctlbyname(\"%s\")", "kern.clockrate");
909
910 /*
911 * Ticks needed for sending a medium-sized packet.
912 * Unfortunately, when we are configuring a WF2Q+ queue, we
913 * do not have bandwidth information, because that is stored
914 * in the parent pipe, and also we have multiple queues
915 * competing for it. So we set s=0, which is not very
916 * correct. But on the other hand, why do we want RED with
917 * WF2Q+ ?
918 */
919 if (p.bandwidth==0) /* this is a WF2Q+ queue */
920 s = 0;
921 else
922 s = ck.hz * avg_pkt_size * 8 / p.bandwidth;
923
924 /*
925 * max idle time (in ticks) before avg queue size becomes 0.
926 * NOTA: (3/w_q) is approx the value x so that
927 * (1-w_q)^x < 10^-3.
928 */
929 w_q = ((double)p.fs.w_q) / (1 << SCALE_RED);
930 idle = s * 3. / w_q;
931 p.fs.lookup_step = (int)idle / lookup_depth;
932 if (!p.fs.lookup_step)
933 p.fs.lookup_step = 1;
934 weight = 1 - w_q;
935 for (t = p.fs.lookup_step; t > 0; --t)
936 weight *= weight;
937 p.fs.lookup_weight = (int)(weight * (1 << SCALE_RED));
938 }
939 len = sizeof(struct dn_pipe);
940 i = do_cmd(IP_DUMMYNET_CONFIGURE, &p, &len);
941 if (i)
942 err(1, "setsockopt(%s)", "IP_DUMMYNET_CONFIGURE");
943 }
944
945 static void
946 flush(int force)
947 {
948 if (!force && !do_quiet) { /* need to ask user */
949 int c;
950
951 printf("Are you sure? [yn] ");
952 fflush(stdout);
953 do {
954 c = toupper(getc(stdin));
955 while (c != '\n' && getc(stdin) != '\n')
956 if (feof(stdin))
957 return; /* and do not flush */
958 } while (c != 'Y' && c != 'N');
959 printf("\n");
960 if (c == 'N') /* user said no */
961 return;
962 }
963
964 if (do_cmd(IP_DUMMYNET_FLUSH, NULL, 0) < 0)
965 err(EX_UNAVAILABLE, "setsockopt(IP_DUMMYNET_FLUSH)");
966
967 if (!do_quiet)
968 printf("Flushed all pipes.\n");
969 }
970
971 /*
972 * Free a the (locally allocated) copy of command line arguments.
973 */
974 static void
975 free_args(int ac, char **av)
976 {
977 int i;
978
979 for (i=0; i < ac; i++)
980 free(av[i]);
981 free(av);
982 }
983
984 /*
985 * Called with the arguments (excluding program name).
986 * Returns 0 if successful, 1 if empty command, errx() in case of errors.
987 */
988 static int
989 parse_args(int oldac, char **oldav)
990 {
991 int ch, ac, save_ac;
992 char **av, **save_av;
993 int do_acct = 0; /* Show packet/byte count */
994 int do_force = 0; /* Don't ask for confirmation */
995
996 #define WHITESP " \t\f\v\n\r"
997 if (oldac == 0)
998 return 1;
999 else if (oldac == 1) {
1000 /*
1001 * If we are called with a single string, try to split it into
1002 * arguments for subsequent parsing.
1003 * But first, remove spaces after a ',', by copying the string
1004 * in-place.
1005 */
1006 char *arg = oldav[0]; /* The string... */
1007 size_t l = strlen(arg);
1008 int copy = 0; /* 1 if we need to copy, 0 otherwise */
1009 int i, j;
1010 for (i = j = 0; i < l; i++) {
1011 if (arg[i] == '#') /* comment marker */
1012 break;
1013 if (copy) {
1014 arg[j++] = arg[i];
1015 copy = !index("," WHITESP, arg[i]);
1016 } else {
1017 copy = !index(WHITESP, arg[i]);
1018 if (copy)
1019 arg[j++] = arg[i];
1020 }
1021 }
1022 if (!copy && j > 0) /* last char was a 'blank', remove it */
1023 j--;
1024 l = j; /* the new argument length */
1025 arg[j++] = '\0';
1026 if (l == 0) /* empty string! */
1027 return 1;
1028
1029 /*
1030 * First, count number of arguments. Because of the previous
1031 * processing, this is just the number of blanks plus 1.
1032 */
1033 for (i = 0, ac = 1; i < l; i++)
1034 if (index(WHITESP, arg[i]) != NULL)
1035 ac++;
1036
1037 av = calloc(ac, sizeof(char *));
1038
1039 /*
1040 * Second, copy arguments from cmd[] to av[]. For each one,
1041 * j is the initial character, i is the one past the end.
1042 */
1043 for (ac = 0, i = j = 0; i < l; i++)
1044 if (index(WHITESP, arg[i]) != NULL || i == l-1) {
1045 if (i == l-1)
1046 i++;
1047 av[ac] = calloc(i-j+1, 1);
1048 bcopy(arg+j, av[ac], i-j);
1049 ac++;
1050 j = i + 1;
1051 }
1052 } else {
1053 /*
1054 * If an argument ends with ',' join with the next one.
1055 * Just add its length to 'l' and continue. When we have a string
1056 * without a ',' ending, we'll have the combined length in 'l'
1057 */
1058 int first, i;
1059 size_t l;
1060
1061 av = calloc(oldac, sizeof(char *));
1062 for (first = i = ac = 0, l = 0; i < oldac; i++) {
1063 char *arg = oldav[i];
1064 size_t k = strlen(arg);
1065
1066 l += k;
1067 if (arg[k-1] != ',' || i == oldac-1) {
1068 size_t buflen = l+1;
1069 /* Time to copy. */
1070 av[ac] = calloc(l+1, 1);
1071 for (l=0; first <= i; first++) {
1072 strlcat(av[ac]+l, oldav[first], buflen-l);
1073 l += strlen(oldav[first]);
1074 }
1075 ac++;
1076 l = 0;
1077 first = i+1;
1078 }
1079 }
1080 }
1081
1082 /* Set the force flag for non-interactive processes */
1083 do_force = !isatty(STDIN_FILENO);
1084
1085 /* Save arguments for final freeing of memory. */
1086 save_ac = ac;
1087 save_av = av;
1088
1089 optind = optreset = 0;
1090 while ((ch = getopt(ac, av, "afhnqsv")) != -1)
1091 switch (ch) {
1092 case 'a':
1093 do_acct = 1;
1094 break;
1095
1096 case 'f':
1097 do_force = 1;
1098 break;
1099
1100 case 'h': /* help */
1101 free_args(save_ac, save_av);
1102 help();
1103 break; /* NOTREACHED */
1104
1105 case 'n':
1106 test_only = 1;
1107 break;
1108
1109 case 'q':
1110 do_quiet = 1;
1111 break;
1112
1113 case 's': /* sort */
1114 do_sort = atoi(optarg);
1115 break;
1116
1117 case 'v': /* verbose */
1118 verbose = 1;
1119 break;
1120
1121 default:
1122 free_args(save_ac, save_av);
1123 return 1;
1124 }
1125
1126 ac -= optind;
1127 av += optind;
1128 NEED1("bad arguments, for usage summary ``dnctl''");
1129
1130 /*
1131 * An undocumented behaviour of dnctl1 was to allow rule numbers first,
1132 * e.g. "100 add allow ..." instead of "add 100 allow ...".
1133 * In case, swap first and second argument to get the normal form.
1134 */
1135 if (ac > 1 && isdigit(*av[0])) {
1136 char *p = av[0];
1137
1138 av[0] = av[1];
1139 av[1] = p;
1140 }
1141
1142 /*
1143 * optional: pipe or queue
1144 */
1145 do_pipe = 0;
1146 if (!strncmp(*av, "pipe", strlen(*av)))
1147 do_pipe = 1;
1148 else if (!strncmp(*av, "queue", strlen(*av)))
1149 do_pipe = 2;
1150 if (do_pipe) {
1151 ac--;
1152 av++;
1153 }
1154 NEED1("missing command");
1155
1156 /*
1157 * For pipes and queues we normally say 'pipe NN config'
1158 * but the code is easier to parse as 'pipe config NN'
1159 * so we swap the two arguments.
1160 */
1161 if (do_pipe > 0 && ac > 1 && isdigit(*av[0])) {
1162 char *p = av[0];
1163
1164 av[0] = av[1];
1165 av[1] = p;
1166 }
1167
1168 if (do_pipe && !strncmp(*av, "config", strlen(*av)))
1169 config_pipe(ac, av);
1170 else if (!strncmp(*av, "delete", strlen(*av)))
1171 delete(ac, av);
1172 else if (!strncmp(*av, "flush", strlen(*av)))
1173 flush(do_force);
1174 else if (!strncmp(*av, "print", strlen(*av)) ||
1175 !strncmp(*av, "list", strlen(*av)))
1176 list(ac, av, do_acct);
1177 else if (!strncmp(*av, "show", strlen(*av)))
1178 list(ac, av, 1 /* show counters */);
1179 else
1180 errx(EX_USAGE, "bad command `%s'", *av);
1181
1182 /* Free memory allocated in the argument parsing. */
1183 free_args(save_ac, save_av);
1184 return 0;
1185 }
1186
1187 static void
1188 dnctl_readfile(int ac, char *av[])
1189 {
1190 #define MAX_ARGS 32
1191 char buf[BUFSIZ];
1192 char *cmd = NULL, *filename = av[ac-1];
1193 int c, lineno=0;
1194 FILE *f = NULL;
1195 pid_t preproc = 0;
1196
1197 while ((c = getopt(ac, av, "np:q")) != -1) {
1198 switch(c) {
1199 case 'n':
1200 test_only = 1;
1201 break;
1202
1203 case 'p':
1204 cmd = optarg;
1205 /*
1206 * Skip previous args and delete last one, so we
1207 * pass all but the last argument to the preprocessor
1208 * via av[optind-1]
1209 */
1210 av += optind - 1;
1211 ac -= optind - 1;
1212 av[ac-1] = NULL;
1213 fprintf(stderr, "command is %s\n", av[0]);
1214 break;
1215
1216 case 'q':
1217 do_quiet = 1;
1218 break;
1219
1220 default:
1221 errx(EX_USAGE, "bad arguments, for usage"
1222 " summary ``dnctl''");
1223 }
1224
1225 if (cmd != NULL)
1226 break;
1227 }
1228
1229 if (cmd == NULL && ac != optind + 1) {
1230 fprintf(stderr, "ac %d, optind %d\n", ac, optind);
1231 errx(EX_USAGE, "extraneous filename arguments");
1232 }
1233
1234 if ((f = fopen(filename, "r")) == NULL)
1235 err(EX_UNAVAILABLE, "fopen: %s", filename);
1236
1237 if (cmd != NULL) { /* pipe through preprocessor */
1238 int pipedes[2];
1239
1240 if (pipe(pipedes) == -1)
1241 err(EX_OSERR, "cannot create pipe");
1242
1243 preproc = fork();
1244 if (preproc == -1)
1245 err(EX_OSERR, "cannot fork");
1246
1247 if (preproc == 0) {
1248 /*
1249 * Child, will run the preprocessor with the
1250 * file on stdin and the pipe on stdout.
1251 */
1252 if (dup2(fileno(f), 0) == -1
1253 || dup2(pipedes[1], 1) == -1)
1254 err(EX_OSERR, "dup2()");
1255 fclose(f);
1256 close(pipedes[1]);
1257 close(pipedes[0]);
1258 execvp(cmd, av);
1259 err(EX_OSERR, "execvp(%s) failed", cmd);
1260 } else { /* parent, will reopen f as the pipe */
1261 fclose(f);
1262 close(pipedes[1]);
1263 if ((f = fdopen(pipedes[0], "r")) == NULL) {
1264 int savederrno = errno;
1265
1266 (void)kill(preproc, SIGTERM);
1267 errno = savederrno;
1268 err(EX_OSERR, "fdopen()");
1269 }
1270 }
1271 }
1272
1273 while (fgets(buf, BUFSIZ, f)) { /* read commands */
1274 char linename[16];
1275 char *args[1];
1276
1277 lineno++;
1278 snprintf(linename, sizeof(linename), "Line %d", lineno);
1279 setprogname(linename); /* XXX */
1280 args[0] = buf;
1281 parse_args(1, args);
1282 }
1283 fclose(f);
1284 if (cmd != NULL) {
1285 int status;
1286
1287 if (waitpid(preproc, &status, 0) == -1)
1288 errx(EX_OSERR, "waitpid()");
1289 if (WIFEXITED(status) && WEXITSTATUS(status) != EX_OK)
1290 errx(EX_UNAVAILABLE,
1291 "preprocessor exited with status %d",
1292 WEXITSTATUS(status));
1293 else if (WIFSIGNALED(status))
1294 errx(EX_UNAVAILABLE,
1295 "preprocessor exited with signal %d",
1296 WTERMSIG(status));
1297 }
1298 }
1299
1300 int
1301 main(int ac, char *av[])
1302 {
1303 /*
1304 * If the last argument is an absolute pathname, interpret it
1305 * as a file to be preprocessed.
1306 */
1307
1308 if (ac > 1 && av[ac - 1][0] == '/' && access(av[ac - 1], R_OK) == 0)
1309 dnctl_readfile(ac, av);
1310 else {
1311 if (parse_args(ac-1, av+1))
1312 show_usage();
1313 }
1314 return EX_OK;
1315 }
mirror of network_cmds