1 /* $OpenBSD: tcpdrop.c,v 1.21 2023/02/06 18:14:10 millert Exp $ */
2
3 /*
4 * Copyright (c) 2004 Markus Friedl <markus@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 #include <sys/socket.h>
20 #include <sys/sysctl.h>
21 #include <sys/queue.h>
22 #include <sys/timeout.h>
23
24 #include <netinet/in.h>
25 #include <netinet/tcp.h>
26 #include <netinet/tcp_timer.h>
27 #include <netinet/tcp_var.h>
28
29 #include <err.h>
30 #include <netdb.h>
31 #include <stdio.h>
32 #include <string.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 #include <resolv.h>
36
37 __dead void usage(void);
38
39 __dead void
usage(void)40 usage(void)
41 {
42 extern char *__progname;
43
44 fprintf(stderr,
45 "usage: %s local-addr local-port remote-addr remote-port\n",
46 __progname);
47 exit(1);
48 }
49
50 /*
51 * Drop a tcp connection.
52 */
53 int
main(int argc,char ** argv)54 main(int argc, char **argv)
55 {
56 int mib[] = { CTL_NET, PF_INET, IPPROTO_TCP, TCPCTL_DROP };
57 struct addrinfo hints, *ail, *aif, *laddr, *faddr;
58 char fhbuf[NI_MAXHOST], fsbuf[NI_MAXSERV];
59 char lhbuf[NI_MAXHOST], lsbuf[NI_MAXSERV];
60 char *laddr1, *addr1, *port1, *faddr2, *addr2, *port2;
61 struct tcp_ident_mapping tir;
62 int gaierr, rval = 0;
63
64 if (unveil(_PATH_HOSTS, "r") == -1)
65 err(1, "unveil %s", _PATH_HOSTS);
66 if (unveil(_PATH_RESCONF, "r") == -1)
67 err(1, "unveil %s", _PATH_RESCONF);
68 if (unveil(NULL, NULL) == -1)
69 err(1, "unveil");
70
71 memset(&hints, 0, sizeof(hints));
72 hints.ai_family = AF_UNSPEC;
73 hints.ai_socktype = SOCK_STREAM;
74
75 if (argc == 3) {
76 char *dot;
77
78 laddr1 = addr1 = strdup(argv[1]);
79 if (!addr1)
80 err(1, "strdup");
81 port1 = strrchr(addr1, ':');
82 dot = strrchr(addr1, '.');
83 if (dot > port1)
84 port1 = dot;
85 if (port1)
86 *port1++ = '\0';
87 else
88 usage();
89
90 faddr2 = addr2 = strdup(argv[2]);
91 if (!addr2)
92 err(1, "strdup");
93 port2 = strrchr(addr2, ':');
94 dot = strrchr(addr2, '.');
95 if (dot > port2)
96 port2 = dot;
97 if (port2)
98 *port2++ = '\0';
99 else
100 usage();
101 } else if (argc == 5) {
102 laddr1 = addr1 = argv[1];
103 port1 = argv[2];
104 faddr2 = addr2 = argv[3];
105 port2 = argv[4];
106 } else
107 usage();
108
109 if (addr1[0] == '[' && addr1[strlen(addr1) - 1] == ']') {
110 laddr1 = strdup(addr1);
111 if (!laddr1)
112 err(1, "strdup");
113 laddr1[strlen(laddr1) - 1] = '\0';
114 laddr1++;
115 }
116 if (addr2[0] == '[' && addr2[strlen(addr2) - 1] == ']') {
117 faddr2 = strdup(addr2);
118 if (!faddr2)
119 err(1, "strdup");
120 faddr2[strlen(faddr2) - 1] = '\0';
121 faddr2++;
122 }
123
124 if ((gaierr = getaddrinfo(laddr1, port1, &hints, &laddr)) != 0)
125 errx(1, "%s port %s: %s", addr1, port1,
126 gai_strerror(gaierr));
127
128 if ((gaierr = getaddrinfo(faddr2, port2, &hints, &faddr)) != 0)
129 errx(1, "%s port %s: %s", addr2, port2,
130 gai_strerror(gaierr));
131
132 rval = 1;
133 for (ail = laddr; ail; ail = ail->ai_next) {
134 for (aif = faddr; aif; aif = aif->ai_next) {
135 if (ail->ai_family != aif->ai_family)
136 continue;
137 rval = 0;
138 memset(&tir, 0, sizeof(tir));
139 memcpy(&tir.faddr, aif->ai_addr, aif->ai_addrlen);
140 memcpy(&tir.laddr, ail->ai_addr, ail->ai_addrlen);
141
142 if ((gaierr = getnameinfo(aif->ai_addr, aif->ai_addrlen,
143 fhbuf, sizeof(fhbuf), fsbuf, sizeof(fsbuf),
144 NI_NUMERICHOST | NI_NUMERICSERV)) != 0)
145 errx(1, "getnameinfo: %s", gai_strerror(gaierr));
146 if ((gaierr = getnameinfo(ail->ai_addr, ail->ai_addrlen,
147 lhbuf, sizeof(lhbuf), lsbuf, sizeof(lsbuf),
148 NI_NUMERICHOST | NI_NUMERICSERV)) != 0)
149 errx(1, "getnameinfo: %s", gai_strerror(gaierr));
150
151 if (sysctl(mib, sizeof (mib) / sizeof (int), NULL,
152 NULL, &tir, sizeof(tir)) == -1) {
153 rval = 1;
154 warn("%s %s %s %s", lhbuf, lsbuf, fhbuf, fsbuf);
155 } else {
156 if (aif->ai_family == PF_INET6)
157 printf("[%s]:%s [%s]:%s dropped\n",
158 lhbuf, lsbuf, fhbuf, fsbuf);
159 else
160 printf("%s:%s %s:%s dropped\n",
161 lhbuf, lsbuf, fhbuf, fsbuf);
162 }
163 }
164 }
165 freeaddrinfo(laddr);
166 freeaddrinfo(faddr);
167 exit(rval);
168 }
169