/* $OpenBSD: route.c,v 1.78 2007/12/19 08:49:23 claudio Exp $ */ /* $NetBSD: route.c,v 1.15 1996/05/07 02:55:06 thorpej Exp $ */ /* * Copyright (c) 1983, 1988, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include <sys/param.h> #include <sys/protosw.h> #include <sys/socket.h> #include <sys/mbuf.h> #include <net/if.h> #include <net/if_dl.h> #include <net/if_types.h> #define _KERNEL #include <net/route.h> #undef _KERNEL #include <netinet/in.h> #include <arpa/inet.h> #include <sys/sysctl.h> #include <err.h> #include <limits.h> #include <netdb.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #ifndef INET #define INET #endif #include <netinet/ip_ipsp.h> #include "netstat.h" #define kget(p, d) (kread((u_long)(p), &(d), sizeof (d))) /* alignment constraint for routing socket */ #define ROUNDUP(a) \ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len)) struct radix_node_head ***rt_head; struct radix_node_head ***rnt; /* provides enough space */ struct radix_node_head *rt_tables[AF_MAX+1]; /* provides enough space */ u_int8_t af2rtafidx[AF_MAX+1]; static union { struct sockaddr u_sa; u_int32_t u_data[64]; int u_dummy; /* force word-alignment */ } pt_u; int do_rtent = 0; struct rtentry rtentry; struct radix_node rnode; struct radix_mask rmask; static struct sockaddr *kgetsa(struct sockaddr *); static void p_tree(struct radix_node *); static void p_rtnode(void); static void p_rtflags(u_char); static void p_krtentry(struct rtentry *); static void encap_print(struct rtentry *); /* * Print routing tables. */ void routepr(u_long rtree, u_long mtree, u_long af2idx, u_long rtbl_id_max) { struct radix_node_head *rnh, head; int i, idxmax = 0; u_int rtidxmax; printf("Routing tables\n"); if (rtree == 0 || af2idx == 0) { printf("rt_tables: symbol not in namelist\n"); return; } kget(rtree, rt_head); kget(rtbl_id_max, rtidxmax); kget(af2idx, af2rtafidx); for (i = 0; i <= AF_MAX; i++) { if (af2rtafidx[i] > idxmax) idxmax = af2rtafidx[i]; } if ((rnt = calloc(rtidxmax + 1, sizeof(struct radix_node_head **))) == NULL) err(1, NULL); kread((u_long)rt_head, rnt, (rtidxmax + 1) * sizeof(struct radix_node_head **)); kread((u_long)rnt[0], rt_tables, (idxmax + 1) * sizeof(rnh)); for (i = 0; i <= AF_MAX; i++) { if (i == AF_UNSPEC) { if (Aflag && (af == AF_UNSPEC || af == 0xff)) { kget(mtree, rnh); kget(rnh, head); printf("Netmasks:\n"); p_tree(head.rnh_treetop); } continue; } if (af2rtafidx[i] == 0) /* no table for this AF */ continue; if ((rnh = rt_tables[af2rtafidx[i]]) == 0) continue; kget(rnh, head); if (af == AF_UNSPEC || af == i) { pr_family(i); do_rtent = 1; pr_rthdr(i, Aflag); p_tree(head.rnh_treetop); } } } static struct sockaddr * kgetsa(struct sockaddr *dst) { kget(dst, pt_u.u_sa); if (pt_u.u_sa.sa_len > sizeof (pt_u.u_sa)) kread((u_long)dst, pt_u.u_data, pt_u.u_sa.sa_len); return (&pt_u.u_sa); } static void p_tree(struct radix_node *rn) { again: kget(rn, rnode); if (rnode.rn_b < 0) { if (Aflag) printf("%-16p ", rn); if (rnode.rn_flags & RNF_ROOT) { if (Aflag) printf("(root node)%s", rnode.rn_dupedkey ? " =>\n" : "\n"); } else if (do_rtent) { kget(rn, rtentry); p_krtentry(&rtentry); if (Aflag) p_rtnode(); } else { p_sockaddr(kgetsa((struct sockaddr *)rnode.rn_key), 0, 0, 44); putchar('\n'); } if ((rn = rnode.rn_dupedkey)) goto again; } else { if (Aflag && do_rtent) { printf("%-16p ", rn); p_rtnode(); } rn = rnode.rn_r; p_tree(rnode.rn_l); p_tree(rn); } } static void p_rtflags(u_char flags) { putchar('<'); if (flags & RNF_NORMAL) putchar('N'); if (flags & RNF_ROOT) putchar('R'); if (flags & RNF_ACTIVE) putchar('A'); if (flags & ~(RNF_NORMAL | RNF_ROOT | RNF_ACTIVE)) printf("/0x%02x", flags); putchar('>'); } char nbuf[25]; static void p_rtnode(void) { struct radix_mask *rm = rnode.rn_mklist; if (rnode.rn_b < 0) { if (rnode.rn_mask) { printf("\t mask "); p_sockaddr(kgetsa((struct sockaddr *)rnode.rn_mask), 0, 0, -1); } else if (rm == 0) return; } else { snprintf(nbuf, sizeof nbuf, "(%d)", rnode.rn_b); printf("%6.6s %16p : %16p", nbuf, rnode.rn_l, rnode.rn_r); } putchar(' '); p_rtflags(rnode.rn_flags); while (rm) { kget(rm, rmask); snprintf(nbuf, sizeof nbuf, " %d refs, ", rmask.rm_refs); printf(" mk = %16p {(%d),%s", rm, -1 - rmask.rm_b, rmask.rm_refs ? nbuf : " "); p_rtflags(rmask.rm_flags); printf(", "); if (rmask.rm_flags & RNF_NORMAL) { struct radix_node rnode_aux; printf("leaf = %p ", rmask.rm_leaf); kget(rmask.rm_leaf, rnode_aux); p_sockaddr(kgetsa((struct sockaddr *)rnode_aux.rn_mask), 0, 0, -1); } else p_sockaddr(kgetsa((struct sockaddr *)rmask.rm_mask), 0, 0, -1); putchar('}'); if ((rm = rmask.rm_mklist)) printf(" ->"); } putchar('\n'); } static void p_krtentry(struct rtentry *rt) { static struct ifnet ifnet, *lastif; struct sockaddr_storage sock1, sock2; struct sockaddr *sa = (struct sockaddr *)&sock1; struct sockaddr *mask = (struct sockaddr *)&sock2; bcopy(kgetsa(rt_key(rt)), sa, sizeof(struct sockaddr)); if (sa->sa_len > sizeof(struct sockaddr)) bcopy(kgetsa(rt_key(rt)), sa, sa->sa_len); if (sa->sa_family == PF_KEY) { encap_print(rt); return; } if (rt_mask(rt)) { bcopy(kgetsa(rt_mask(rt)), mask, sizeof(struct sockaddr)); if (sa->sa_len > sizeof(struct sockaddr)) bcopy(kgetsa(rt_mask(rt)), mask, sa->sa_len); } else mask = 0; p_addr(sa, mask, rt->rt_flags); p_gwaddr(kgetsa(rt->rt_gateway), sa->sa_family); p_flags(rt->rt_flags, "%-6.6s "); printf("%6d %8ld ", rt->rt_refcnt, rt->rt_use); if (rt->rt_rmx.rmx_mtu) printf("%6u ", rt->rt_rmx.rmx_mtu); else printf("%6s ", "-"); putchar((rt->rt_rmx.rmx_locks & RTV_MTU) ? 'L' : ' '); if (rt->rt_ifp) { if (rt->rt_ifp != lastif) { kget(rt->rt_ifp, ifnet); lastif = rt->rt_ifp; } printf(" %.16s%s", ifnet.if_xname, rt->rt_nodes[0].rn_dupedkey ? " =>" : ""); } putchar('\n'); if (vflag) printf("\texpire %10u%c\n", rt->rt_rmx.rmx_expire, (rt->rt_rmx.rmx_locks & RTV_EXPIRE) ? 'L' : ' '); } /* * Print routing statistics */ void rt_stats(void) { struct rtstat rtstat; int mib[6]; size_t size; mib[0] = CTL_NET; mib[1] = PF_ROUTE; mib[2] = 0; mib[3] = 0; mib[4] = NET_RT_STATS; mib[5] = 0; size = sizeof (rtstat); if (sysctl(mib, 6, &rtstat, &size, NULL, 0) < 0) { perror("sysctl of routing table statistics"); exit(1); } printf("routing:\n"); printf("\t%u bad routing redirect%s\n", rtstat.rts_badredirect, plural(rtstat.rts_badredirect)); printf("\t%u dynamically created route%s\n", rtstat.rts_dynamic, plural(rtstat.rts_dynamic)); printf("\t%u new gateway%s due to redirects\n", rtstat.rts_newgateway, plural(rtstat.rts_newgateway)); printf("\t%u destination%s found unreachable\n", rtstat.rts_unreach, plural(rtstat.rts_unreach)); printf("\t%u use%s of a wildcard route\n", rtstat.rts_wildcard, plural(rtstat.rts_wildcard)); } static void encap_print(struct rtentry *rt) { struct sockaddr_encap sen1, sen2, sen3; struct ipsec_policy ipo; struct sockaddr_in6 s61, s62; bcopy(kgetsa(rt_key(rt)), &sen1, sizeof(sen1)); bcopy(kgetsa(rt_mask(rt)), &sen2, sizeof(sen2)); bcopy(kgetsa(rt->rt_gateway), &sen3, sizeof(sen3)); if (sen1.sen_type == SENT_IP4) { printf("%-18s %-5u ", netname4(sen1.sen_ip_src.s_addr, sen2.sen_ip_src.s_addr), ntohs(sen1.sen_sport)); printf("%-18s %-5u %-5u ", netname4(sen1.sen_ip_dst.s_addr, sen2.sen_ip_dst.s_addr), ntohs(sen1.sen_dport), sen1.sen_proto); } if (sen1.sen_type == SENT_IP6) { bzero(&s61, sizeof(s61)); bzero(&s62, sizeof(s62)); s61.sin6_family = s62.sin6_family = AF_INET6; s61.sin6_len = s62.sin6_len = sizeof(s61); bcopy(&sen1.sen_ip6_src, &s61.sin6_addr, sizeof(struct in6_addr)); #ifdef __KAME__ if (IN6_IS_ADDR_LINKLOCAL(&s61.sin6_addr) || IN6_IS_ADDR_MC_LINKLOCAL(&s61.sin6_addr) || IN6_IS_ADDR_MC_INTFACELOCAL(&s61.sin6_addr)) { s61.sin6_scope_id = ((u_int16_t)s61.sin6_addr.s6_addr[2] << 8) | s61.sin6_addr.s6_addr[3]; s61.sin6_addr.s6_addr[2] = s61.sin6_addr.s6_addr[3] = 0; } #endif bcopy(&sen2.sen_ip6_src, &s62.sin6_addr, sizeof(struct in6_addr)); #ifdef __KAME__ if (IN6_IS_ADDR_LINKLOCAL(&s62.sin6_addr) || IN6_IS_ADDR_MC_LINKLOCAL(&s62.sin6_addr) || IN6_IS_ADDR_MC_INTFACELOCAL(&s62.sin6_addr)) { s62.sin6_scope_id = ((u_int16_t)s62.sin6_addr.s6_addr[2] << 8) | s62.sin6_addr.s6_addr[3]; s62.sin6_addr.s6_addr[2] = s62.sin6_addr.s6_addr[3] = 0; } #endif printf("%-42s %-5u ", netname6(&s61, &s62), ntohs(sen1.sen_ip6_sport)); bzero(&s61, sizeof(s61)); bzero(&s62, sizeof(s62)); s61.sin6_family = s62.sin6_family = AF_INET6; s61.sin6_len = s62.sin6_len = sizeof(s61); bcopy(&sen1.sen_ip6_dst, &s61.sin6_addr, sizeof(struct in6_addr)); #ifdef __KAME__ if (IN6_IS_ADDR_LINKLOCAL(&s61.sin6_addr) || IN6_IS_ADDR_MC_LINKLOCAL(&s61.sin6_addr) || IN6_IS_ADDR_MC_INTFACELOCAL(&s61.sin6_addr)) { s61.sin6_scope_id = ((u_int16_t)s61.sin6_addr.s6_addr[2] << 8) | s61.sin6_addr.s6_addr[3]; s61.sin6_addr.s6_addr[2] = s61.sin6_addr.s6_addr[3] = 0; } #endif bcopy(&sen2.sen_ip6_dst, &s62.sin6_addr, sizeof(struct in6_addr)); #ifdef __KAME__ if (IN6_IS_ADDR_LINKLOCAL(&s62.sin6_addr) || IN6_IS_ADDR_MC_LINKLOCAL(&s62.sin6_addr) || IN6_IS_ADDR_MC_INTFACELOCAL(&s62.sin6_addr)) { s62.sin6_scope_id = ((u_int16_t)s62.sin6_addr.s6_addr[2] << 8) | s62.sin6_addr.s6_addr[3]; s62.sin6_addr.s6_addr[2] = s62.sin6_addr.s6_addr[3] = 0; } #endif printf("%-42s %-5u %-5u ", netname6(&s61, &s62), ntohs(sen1.sen_ip6_dport), sen1.sen_ip6_proto); } if (sen3.sen_type == SENT_IPSP) { char hostn[NI_MAXHOST]; kget(sen3.sen_ipsp, ipo); if (getnameinfo(&ipo.ipo_dst.sa, ipo.ipo_dst.sa.sa_len, hostn, NI_MAXHOST, NULL, 0, NI_NUMERICHOST) != 0) strlcpy (hostn, "none", NI_MAXHOST); printf("%s", hostn); printf("/%-u", ipo.ipo_sproto); switch (ipo.ipo_type) { case IPSP_IPSEC_REQUIRE: printf("/require"); break; case IPSP_IPSEC_ACQUIRE: printf("/acquire"); break; case IPSP_IPSEC_USE: printf("/use"); break; case IPSP_IPSEC_DONTACQ: printf("/dontacq"); break; case IPSP_PERMIT: printf("/bypass"); break; case IPSP_DENY: printf("/deny"); break; default: printf("/<unknown type!>"); break; } if ((ipo.ipo_addr.sen_type == SENT_IP4 && ipo.ipo_addr.sen_direction == IPSP_DIRECTION_IN) || (ipo.ipo_addr.sen_type == SENT_IP6 && ipo.ipo_addr.sen_ip6_direction == IPSP_DIRECTION_IN)) printf("/in\n"); else if ((ipo.ipo_addr.sen_type == SENT_IP4 && ipo.ipo_addr.sen_direction == IPSP_DIRECTION_OUT) || (ipo.ipo_addr.sen_type == SENT_IP6 && ipo.ipo_addr.sen_ip6_direction == IPSP_DIRECTION_OUT)) printf("/out\n"); else printf("/<unknown>\n"); } }