1 /* 2 * Copyright (c) 2014 - 2018 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Bill Yuan <bycn82@dragonflybsd.org> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #include <sys/param.h> 36 #include <sys/mbuf.h> 37 #include <sys/socket.h> 38 #include <sys/sockio.h> 39 #include <sys/sysctl.h> 40 #include <sys/time.h> 41 #include <sys/wait.h> 42 43 #include <arpa/inet.h> 44 #include <ctype.h> 45 #include <dlfcn.h> 46 #include <err.h> 47 #include <errno.h> 48 #include <grp.h> 49 #include <limits.h> 50 #include <netdb.h> 51 #include <pwd.h> 52 #include <sysexits.h> 53 #include <signal.h> 54 #include <stdio.h> 55 #include <stdlib.h> 56 #include <stdarg.h> 57 #include <string.h> 58 #include <timeconv.h> 59 #include <unistd.h> 60 61 #include <netinet/in.h> 62 #include <netinet/in_systm.h> 63 #include <netinet/ip.h> 64 #include <netinet/ip_icmp.h> 65 #include <netinet/tcp.h> 66 #include <net/if.h> 67 #include <net/if_dl.h> 68 #include <net/route.h> 69 #include <net/ethernet.h> 70 71 #include <net/ipfw3/ip_fw3.h> 72 #include <net/ipfw3_basic/ip_fw3_table.h> 73 #include <net/ipfw3_basic/ip_fw3_sync.h> 74 #include <net/ipfw3_basic/ip_fw3_basic.h> 75 #include <net/ipfw3_nat/ip_fw3_nat.h> 76 #include <net/dummynet3/ip_dummynet3.h> 77 78 #include "ipfw3.h" 79 #include "ipfw3basic.h" 80 81 82 void 83 parse_accept(ipfw_insn **cmd, int *ac, char **av[]) 84 { 85 (*cmd)->opcode = O_BASIC_ACCEPT; 86 (*cmd)->module = MODULE_BASIC_ID; 87 (*cmd)->len = (*cmd)->len|LEN_OF_IPFWINSN; 88 NEXT_ARG1; 89 if (!strncmp(**av, "log", strlen(**av))) { 90 (*cmd)->arg3 = 1; 91 NEXT_ARG1; 92 if (isdigit(***av)) { 93 (*cmd)->arg1 = strtoul(**av, NULL, 10); 94 NEXT_ARG1; 95 } 96 } 97 } 98 99 void 100 parse_deny(ipfw_insn **cmd, int *ac, char **av[]) 101 { 102 (*cmd)->opcode = O_BASIC_DENY; 103 (*cmd)->module = MODULE_BASIC_ID; 104 (*cmd)->len = (*cmd)->len|LEN_OF_IPFWINSN; 105 NEXT_ARG1; 106 if (!strncmp(**av, "log", strlen(**av))) { 107 (*cmd)->arg3 = 1; 108 NEXT_ARG1; 109 if (isdigit(***av)) { 110 (*cmd)->arg1 = strtoul(**av, NULL, 10); 111 NEXT_ARG1; 112 } 113 } 114 } 115 116 void 117 show_accept(ipfw_insn *cmd, int show_or) 118 { 119 printf(" allow"); 120 if (cmd->arg3) { 121 printf(" log %d", cmd->arg1); 122 } 123 } 124 125 void 126 show_deny(ipfw_insn *cmd, int show_or) 127 { 128 printf(" deny"); 129 if (cmd->arg3) { 130 printf(" log %d", cmd->arg1); 131 } 132 } 133 134 void 135 prepare_default_funcs(void) 136 { 137 /* register allow */ 138 register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_ACCEPT, "allow", ACTION); 139 register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_ACCEPT, "accept", ACTION); 140 register_ipfw_func(MODULE_BASIC_ID, O_BASIC_ACCEPT, 141 (parser_func)parse_accept, (shower_func)show_accept); 142 /* register deny */ 143 register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_DENY, "deny", ACTION); 144 register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_DENY, "reject", ACTION); 145 register_ipfw_func(MODULE_BASIC_ID, O_BASIC_DENY, 146 (parser_func)parse_deny, (shower_func)show_deny); 147 } 148 149