#include <sys/types.h>
#include <sys/socket.h>
#include <sys/queue.h>
#include <sys/param.h>
#include <sys/ioctl.h>
#ifdef JAIL
#include <sys/jail.h>
#endif
#include <sys/sysctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet6/in6_var.h>
#include <stdlib.h>
#include <netdb.h>
#ifdef JAIL
#include <jail.h>
#endif
#include <stdio.h>
#include <unistd.h>
#include <limits.h>
#include <string.h>
#include <err.h>
#ifdef JAIL
static char *jailname;
#endif
static char *configfile;
struct policyqueue {
TAILQ_ENTRY(policyqueue) pc_entry;
struct in6_addrpolicy pc_policy;
};
TAILQ_HEAD(policyhead, policyqueue);
static struct policyhead policyhead = TAILQ_HEAD_INITIALIZER(policyhead);
static void usage(void) __dead2;
static void attach_jail(void);
static void get_policy(void);
static void dump_policy(void);
static int mask2plen(struct sockaddr_in6 *);
static int parse_prefix(const char *, struct in6_addrpolicy *);
static void make_policy_fromfile(char *);
static void plen2mask(struct sockaddr_in6 *, int);
static void set_policy(void);
static void add_policy(char *, char *, char *);
static void delete_policy(char *);
static void flush_policy(void);
int
main(int argc, char *argv[])
{
int ch;
while ((ch = getopt(argc, argv, "j:")) != -1) {
switch (ch) {
case 'j':
#ifdef JAIL
if ((jailname = optarg) == NULL)
usage();
#else
errx(1, "not built with jail support");
#endif
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc == 0 || (argc == 1 && strcasecmp(argv[0], "show") == 0)) {
attach_jail();
get_policy();
dump_policy();
} else if (strcasecmp(argv[0], "add") == 0) {
if (argc != 4)
usage();
attach_jail();
add_policy(argv[1], argv[2], argv[3]);
} else if (strcasecmp(argv[0], "delete") == 0) {
if (argc != 2)
usage();
attach_jail();
delete_policy(argv[1]);
} else if (strcasecmp(argv[0], "flush") == 0) {
if (argc != 1)
usage();
attach_jail();
get_policy();
flush_policy();
} else if (strcasecmp(argv[0], "install") == 0) {
if (argc != 2)
usage();
configfile = argv[1];
make_policy_fromfile(configfile);
attach_jail();
set_policy();
} else
usage();
exit(0);
}
static void
attach_jail(void)
{
#ifdef JAIL
int jid;
if (jailname == NULL)
return;
jid = jail_getid(jailname);
if (jid == -1)
errx(1, "jail not found");
if (jail_attach(jid) != 0)
errx(1, "cannot attach to jail");
#endif
}
static void
get_policy(void)
{
int mib[] = { CTL_NET, PF_INET6, IPPROTO_IPV6, IPV6CTL_ADDRCTLPOLICY };
size_t l;
struct in6_addrpolicy *buf;
struct in6_addrpolicy *pol, *ep;
if (sysctl(mib, nitems(mib), NULL, &l, NULL, 0) < 0) {
err(1, "sysctl(IPV6CTL_ADDRCTLPOLICY)");
}
if (l == 0) {
printf("no source-address-selection policy is installed\n");
return;
}
if ((buf = malloc(l)) == NULL) {
errx(1, "malloc failed");
}
if (sysctl(mib, nitems(mib), buf, &l, NULL, 0) < 0) {
err(1, "sysctl(IPV6CTL_ADDRCTLPOLICY)");
}
ep = buf + l/sizeof(*buf);
for (pol = buf; pol + 1 <= ep; pol++) {
struct policyqueue *new;
if ((new = malloc(sizeof(*new))) == NULL)
errx(1, "malloc failed\n");
new->pc_policy = *pol;
TAILQ_INSERT_TAIL(&policyhead, new, pc_entry);
}
free(buf);
}
static void
dump_policy(void)
{
size_t addrlen;
char addrbuf[NI_MAXHOST];
struct in6_addrpolicy *pol;
struct policyqueue *ent;
int plen, first = 1;
for (ent = TAILQ_FIRST(&policyhead); ent;
ent = TAILQ_NEXT(ent, pc_entry)) {
pol = &ent->pc_policy;
if (first) {
printf("%-30s %5s %5s %8s\n",
"Prefix", "Prec", "Label", "Use");
first = 0;
}
if ((getnameinfo((struct sockaddr *)&pol->addr,
sizeof(pol->addr), addrbuf, sizeof(addrbuf),
NULL, 0, NI_NUMERICHOST))) {
warnx("getnameinfo for prefix address failed");
continue;
}
if ((plen = mask2plen(&pol->addrmask)) < 0) {
warnx("invalid address mask");
continue;
}
addrlen = strlen(addrbuf);
if (addrlen + sizeof("/128") < sizeof(addrbuf)) {
snprintf(&addrbuf[addrlen],
sizeof(addrbuf) - addrlen - 1,
"/%d", plen);
printf("%-30s", addrbuf);
} else
printf("%s/%d", addrbuf, plen);
printf(" %5d %5d %8llu\n", pol->preced, pol->label,
(unsigned long long)pol->use);
}
}
#define SKIP_WHITE(p, emptyok) \
do { \
while((*(p) == ' ' || *(p) == '\t')) \
(p)++; \
if ((*(p) == '\0' || (*(p) == '\n')) && !(emptyok)) \
goto bad; \
} while (0);
#define SKIP_WORD(p) \
do { \
while(*(p) != ' ' && *(p) != '\t') \
(p)++; \
if (*(p) == '\0' || *(p) == '\n') \
goto bad; \
} while (0);
static void
make_policy_fromfile(char *conf)
{
char line[_POSIX2_LINE_MAX], *cp;
char *addrstr;
FILE *fp;
int count = 0;
struct in6_addrpolicy pol0;
struct policyqueue *new;
if ((fp = fopen(conf, "r")) == NULL)
err(1, "fopen: %s", conf);
while(fgets(line, sizeof(line), fp)) {
count++;
cp = line;
memset(&pol0, 0, sizeof(pol0));
SKIP_WHITE(cp, 1);
if (*cp == '\n')
continue;
if (*cp == '#')
continue;
addrstr = cp;
if (parse_prefix((const char *)addrstr, &pol0))
goto bad;
SKIP_WORD(cp);
SKIP_WHITE(cp, 0);
pol0.preced = atoi(cp);
SKIP_WORD(cp);
SKIP_WHITE(cp, 0);
pol0.label = atoi(cp);
if ((new = malloc(sizeof(*new))) == NULL)
errx(1, "malloc failed\n");
memset(new, 0, sizeof(*new));
new->pc_policy = pol0;
TAILQ_INSERT_TAIL(&policyhead, new, pc_entry);
}
fclose(fp);
return;
bad:
errx(1, "parse failed at line %d", count);
}
static int
parse_prefix(const char *prefix0, struct in6_addrpolicy *pol)
{
int e = 0, plen;
char *prefix, *plenstr;
struct addrinfo hints, *res;
if ((prefix = strdup(prefix0)) == NULL)
errx(1, "strdup failed");
if ((plenstr = strchr(prefix, '/')) == NULL) {
e = -1;
goto end;
}
*plenstr = '\0';
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_NUMERICHOST;
hints.ai_family = AF_INET6;
if ((e = getaddrinfo(prefix, NULL, &hints, &res)) != 0) {
warnx("getaddrinfo failed for %s: %s", prefix,
gai_strerror(e));
goto end;
}
memcpy(&pol->addr, res->ai_addr, res->ai_addrlen);
freeaddrinfo(res);
plen = atoi(plenstr + 1);
if (plen < 0 || plen > 128) {
warnx("invalid prefix length: %d", plen);
e = -1;
goto end;
}
plen2mask(&pol->addrmask, plen);
end:
free(prefix);
return(e);
}
static void
plen2mask(struct sockaddr_in6 *mask, int plen)
{
u_char *cp = (unsigned char *)&mask->sin6_addr;
memset(mask, 0, sizeof(*mask));
mask->sin6_family = AF_INET6;
mask->sin6_len = sizeof(*mask);
for(; plen >= 8; plen -= 8)
*cp++ = 0xff;
if (plen > 0)
*cp = (0xff << (8 - plen));
}
static void
set_policy(void)
{
struct policyqueue *ent;
int s;
if ((s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP)) < 0)
err(1, "socket(UDP)");
for (ent = TAILQ_FIRST(&policyhead); ent;
ent = TAILQ_NEXT(ent, pc_entry)) {
if (ioctl(s, SIOCAADDRCTL_POLICY, &ent->pc_policy))
warn("ioctl(SIOCAADDRCTL_POLICY)");
}
close(s);
}
static int
mask2plen(struct sockaddr_in6 *mask)
{
int masklen, final = 0;
u_char *p, *lim;
masklen = 0;
lim = (u_char *)(mask + 1);
for (p = (u_char *)(&mask->sin6_addr); p < lim; p++) {
if (final && *p) {
goto bad;
}
switch (*p & 0xff) {
case 0xff:
masklen += 8;
break;
case 0xfe:
masklen += 7;
final++;
break;
case 0xfc:
masklen += 6;
final++;
break;
case 0xf8:
masklen += 5;
final++;
break;
case 0xf0:
masklen += 4;
final++;
break;
case 0xe0:
masklen += 3;
final++;
break;
case 0xc0:
masklen += 2;
final++;
break;
case 0x80:
masklen += 1;
final++;
break;
case 0x00:
final++;
break;
default:
goto bad;
break;
}
}
return(masklen);
bad:
return(-1);
}
static void
add_policy(char *prefix, char *prec, char *label)
{
struct in6_addrpolicy p;
int s;
memset(&p, 0, sizeof(p));
if (parse_prefix((const char *)prefix, &p))
errx(1, "bad prefix: %s", prefix);
p.preced = atoi(prec);
p.label = atoi(label);
if ((s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP)) < 0)
err(1, "socket(UDP)");
if (ioctl(s, SIOCAADDRCTL_POLICY, &p))
err(1, "ioctl(SIOCAADDRCTL_POLICY)");
close(s);
}
static void
delete_policy(char *prefix)
{
struct in6_addrpolicy p;
int s;
memset(&p, 0, sizeof(p));
if (parse_prefix((const char *)prefix, &p))
errx(1, "bad prefix: %s", prefix);
if ((s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP)) < 0)
err(1, "socket(UDP)");
if (ioctl(s, SIOCDADDRCTL_POLICY, &p))
err(1, "ioctl(SIOCDADDRCTL_POLICY)");
close(s);
}
static void
flush_policy(void)
{
struct policyqueue *ent;
int s;
if ((s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP)) < 0)
err(1, "socket(UDP)");
for (ent = TAILQ_FIRST(&policyhead); ent;
ent = TAILQ_NEXT(ent, pc_entry)) {
if (ioctl(s, SIOCDADDRCTL_POLICY, &ent->pc_policy))
warn("ioctl(SIOCDADDRCTL_POLICY)");
}
close(s);
}
static void
usage(void)
{
fprintf(stderr, "usage: ip6addrctl [-j jail] [show]\n");
fprintf(stderr, " ip6addrctl [-j jail] add "
"<prefix> <precedence> <label>\n");
fprintf(stderr, " ip6addrctl [-j jail] delete <prefix>\n");
fprintf(stderr, " ip6addrctl [-j jail] flush\n");
fprintf(stderr, " ip6addrctl [-j jail] install <configfile>\n");
exit(1);
}
