1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-29 08:08:37 +00:00

Import IP Filter version 3.2alpha4 to bring in working LKM for 2.2

This commit is contained in:
Darren Reed 1997-04-03 10:22:02 +00:00
parent b182e52bf6
commit 5a1a935563
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/vendor/ipfilter/dist/; revision=24583
svn path=/vendor/ipfilter/3.2a4/; revision=24585; tag=vendor/ipfilter/3.2a4
82 changed files with 2684 additions and 834 deletions

View File

View File

@ -3,7 +3,7 @@
***************
*** 11,31 ****
*/
static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.0.1.1 1997/01/09 15:14:46 darrenr Exp $";
static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.0.2.2 1997/02/23 10:38:35 darrenr Exp $";
#include <stdio.h>
@ -25,7 +25,7 @@
extern char *index();
--- 11,37 ----
*/
static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.0.1.1 1997/01/09 15:14:46 darrenr Exp $";
static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.0.2.2 1997/02/23 10:38:35 darrenr Exp $";
+ /*
+ * Patches for IP Filter NAT extensions written by Darren Reed, 7/7/96

View File

@ -124,7 +124,7 @@ diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris
***************
*** 11,30 ****
#
# RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.0.1.1 1997/02/19 13:02:37 darrenr Exp $"
# RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.0.2.1 1997/02/23 10:38:36 darrenr Exp $"
# Your C compiler (eg, "cc" or "gcc")
@ -145,7 +145,7 @@ diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris
-Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
--- 11,34 ----
#
# RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.0.1.1 1997/02/19 13:02:37 darrenr Exp $"
# RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.0.2.1 1997/02/23 10:38:36 darrenr Exp $"
+ #
+ # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c)

View File

@ -0,0 +1,16 @@
*** in_proto.c.orig Wed Apr 2 19:50:00 1997
--- in_proto.c Wed Apr 2 19:51:21 1997
***************
*** 89,94 ****
--- 89,99 ----
void eoninput(), eonctlinput(), eonprotoinit();
#endif /* EON */
+ #if defined(IPFILTER) && !defined(IPFILTER_LKM)
+ void iplinit();
+ #define ip_init iplinit
+ #endif
+
extern struct domain inetdomain;
struct protosw inetsw[] = {

View File

@ -0,0 +1,32 @@
*** ip_input.c.orig Wed Apr 2 19:41:44 1997
--- /sys/netinet/ip_input.c Wed Apr 2 19:28:53 1997
***************
*** 74,79 ****
--- 74,82 ----
#ifdef IPFIREWALL
#include <netinet/ip_fw.h>
#endif
+ #if defined(IPFILTER_LKM) || defined(IPFILTER)
+ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ #endif
int rsvp_on = 0;
static int ip_rsvp_on;
***************
*** 310,316 ****
--- 313,327 ----
* - Wrap: fake packet's addr/port <unimpl.>
* - Encapsulate: put it in another IP and send out. <unimp.>
*/
+ #if defined(IPFILTER_LKM) || defined(IPFILTER)
+ if (fr_checkp) {
+ struct mbuf *m1 = m;
+ if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
+ return;
+ ip = mtod(m = m1, struct ip *);
+ }
+ #endif
#ifdef COMPAT_IPFW
if (ip_fw_chk_ptr) {
int action;

View File

@ -0,0 +1,69 @@
*** ip_output.c.orig Wed Apr 2 19:41:48 1997
--- /sys/netinet/ip_output.c Wed Apr 2 19:38:19 1997
***************
*** 67,72 ****
--- 67,76 ----
#else
#undef COMPAT_IPFW
#endif
+ #if defined(IPFILTER_LKM) || defined(IPFILTER)
+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ #endif
+
u_short ip_id;
***************
*** 75,81 ****
__P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
static int ip_getmoptions
__P((int, struct ip_moptions *, struct mbuf **));
! static int ip_optcopy __P((struct ip *, struct ip *));
static int ip_pcbopts __P((struct mbuf **, struct mbuf *));
static int ip_setmoptions
__P((int, struct ip_moptions **, struct mbuf *));
--- 79,85 ----
__P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
static int ip_getmoptions
__P((int, struct ip_moptions *, struct mbuf **));
! int ip_optcopy __P((struct ip *, struct ip *));
static int ip_pcbopts __P((struct mbuf **, struct mbuf *));
static int ip_setmoptions
__P((int, struct ip_moptions **, struct mbuf *));
***************
*** 338,344 ****
--- 342,358 ----
* - Wrap: fake packet's addr/port <unimpl.>
* - Encapsulate: put it in another IP and send out. <unimp.>
*/
+ #if defined(IPFILTER_LKM) || defined(IPFILTER)
+ if (fr_checkp) {
+ struct mbuf *m1 = m;
+ if ((*fr_checkp)(ip, hlen, ifp, 1, &m1))
+ error = EHOSTUNREACH;
+ if (error || !m1)
+ goto done;
+ ip = mtod(m = m1, struct ip *);
+ }
+ #endif
#ifdef COMPAT_IPFW
if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, ifp, IP_NAT_OUT)) {
error = EACCES;
***************
*** 559,565 ****
* Copy options from ip to jp,
* omitting those not copied during fragmentation.
*/
! static int
ip_optcopy(ip, jp)
struct ip *ip, *jp;
{
--- 573,579 ----
* Copy options from ip to jp,
* omitting those not copied during fragmentation.
*/
! int
ip_optcopy(ip, jp)
struct ip *ip, *jp;
{

View File

@ -0,0 +1,38 @@
#!/bin/csh -f
#
set dir=`pwd`
set karch=`uname -m`
if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch"
if ( -d /sys/$karch ) set archdir="/sys/$karch"
set confdir="$archdir/conf"
if ( $dir =~ */FreeBSD-2.2 ) cd ..
echo "Patching ip_input.c, ip_output.c and in_proto.c"
cat FreeBSD-2.2/ip_{in,out}put.c.diffs FreeBSD-2.2/in_proto.c.diffs | \
(cd /sys/netinet; patch)
set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1`
echo -n "Kernel configuration to update [$config] "
set newconfig=$<
if ( "$newconfig" != "" ) then
set config="$confdir/$newconfig"
else
set newconfig=$config
endif
echo "Re-config'ing $newconfig..."
if ( -f $confdir/$newconfig ) then
mv $confdir/$newconfig $confdir/$newconfig.bak
endif
if ( -d $archdir/../compile/$newconfig ) then
set bak=".bak"
set dot=0
while ( -d $archdir/../compile/${newconfig}${bak} )
set bak=".bak."$dot
set dot=`expr 1 + $dot`
end
mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}$bak
endif
awk '{print $0;if($2=="INET"){print"options IPFILTER_LKM\noptions IPFILTER_LOG"}}' \
$confdir/$newconfig.bak > $confdir/$newconfig
echo 'You will now need to run "config" and build a new kernel.'
exit 0

View File

@ -0,0 +1,36 @@
#!/bin/csh -f
#
set dir=`pwd`
set karch=`uname -m`
if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch"
if ( -d /sys/$karch ) set archdir="/sys/$karch"
set confdir="$archdir/conf"
if ( $dir =~ */FreeBSD ) cd ..
echo "Unpatching ip_input.c, ip_output.c and in_proto.c"
cat FreeBSD/ip_{in,out}put.c.diffs FreeBSD/in_proto.c.diffs | \
(cd /sys/netinet; patch -R)
set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1`
echo -n "Kernel configuration to update [$config] "
set newconfig=$<
if ( "$newconfig" != "" ) then
set config="$confdir/$newconfig"
else
set newconfig=$config
endif
if ( -f $confdir/$newconfig ) then
mv $confdir/$newconfig $confdir/$newconfig.bak
endif
if ( -d $archdir/../compile/$newconfig ) then
set bak=".bak"
set dot=0
while ( -d $archdir/../compile/${newconfig}.${bak} )
set bak=".bak.$dot"
set dot=`expr 1 + $dot`
end
mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.$bak
endif
grep -v IPFILTER $confdir/$newconfig.bak > $confdir/$newconfig
echo 'You will now need to run "config" and build a new kernel.'
exit 0

View File

@ -5,6 +5,89 @@
# Thanks to Craig Bishop of connect.com.au and Sun Microsystems for the
# loan of a machine to work on a Solaris 2.x port of this software.
#
3.2alpha4 2/4/97 - Released
Some compiler warnings cleaned up.
FreeBSD-2.2 patches for LKM completed.
3.2alpha3 31/3/97 - Released
ipmon changes: -N for reading NAT logfile, -S for reading state logfile.
-a for reading all. -n now toggles hostname resolution.
Add logging of new state entries and expiration of old state entries.
count log successes and failures.
Add logging of new NAT entries and expiration of old NAT entries.
count log successes and failures.
Use u_quad_t for records of bytes & packets where kept
(IP Accounting: fr_hits, fr_bytes; IP state: is_pkts, is_bytes).
Fixup use of CPU and DCPU in Makefiles.
Fix broken 0/32 NAT mapping. Carl Makin <cmakin@nla.gov.au>
3.2alpha2
Implement mapping to 0/32 as being an alias for automatically using the
interface's first IP address.
Implement separate minor devices for both NAT and IP state code.
Fully prototype all functions.
Fix Makefile problem due to attempt to fix Sun compiling problems.
3.1.10 23/3/97 - Released
ipfstat -a requires a -i or -o command line option too. Print an error
when not present rather than attempt to do something.
patch updates for SunOS4 for kernel compiling.
patch for ipmon -s (flush's syslog file which isn't good). Andrew J. Schorr
<schorr@ead.dsa.com>
too many people hit their heads hard when compiling code into the kernel
that doesn't let any packets through. (fil.c - IPF_NOMATCH)
icmp-type parsing doesn't return any errors when it isn't constructed
correctly. Neil Readwin
Using "-conf" with modload on SunOS4 doesn't work.
Timothy Demarest <demarest@arraycomm.com>
Need to define ARCH in makefile for SunOS4 building. "make sunos4"
in INSTALL.SunOS is incorrect. James R Grinter <jrg@blodwen.demon.co.uk>
[all SunOS targets now run buildsunos]
NAT lookups are still incorrect, matching non-TCP/UDP with TCP/UDP
information. ArkanoiD <ark@paranoid.convey.ru>
Need to check for __FreeBSD_version being 199511 rather than 199607
in mln_ipl.c. Eric Feillant <Eric.Feillant@EUnet.fr>
3.1.9 8/3/97 - Released
fixed incorrect lookup of active NAT entries.
patch for ip_deq() wrong for pre 2.1.6 FreeBSD.
fyeung@fyeung8.netific.com (Francis Yeung)
check for out with return-rst/return-icmp at wrong place - Erkki Ritoniemi
(erkki@vlsi.fi)
text_readip returns the interface pointer pointing to text on stack -
Neil Readwin
fix from Pradeep Krishnan for printout rules "with not opt sec".
3.1.8 18/2/97 - Released
Diffs for ip_output.c and ip_input.c updated to fix bug with fastroute and
compiling warnings about reuse of m0.
prevent use of return-rst and return-icmp with rules blocking packets going
out, preventing panics in certain situations.

View File

@ -0,0 +1,53 @@
To build a kernel for use with the loadable kernel module, follow these
steps:
1. do "make freebsd22"
2. do "make install-bsd"
(probably has to be done as root)
3. run "FreeBSD-2.2/minstall" as root
4. build a new kernel
5. install and reboot with the new kernel
6. use modload(8) to load the packet filter with:
modload if_ipl.o
7. do "modstat" to confirm that it has been loaded successfully.
There is no need to use mknod to create the device in /dev;
- upon loading the module, it will create itself with the correct values,
under the name (IPL_NAME) from the Makefile. It will also remove itself
from /dev when it is modunload'd.
To build a kernel with the IP filter, follow these steps:
*** KERNEL INSTALL CURRENTLY UNSUPPORTED ***
1. do "make freebsd22"
2. do "make install-bsd"
(probably has to be done as root)
3. run "FreeBSD-2.2/kinstall" as root
4. build a new kernel
5a) For FreeBSD 2.2 (or later)
create devices for IP Filter as follows:
mknod /dev/ipl c 79 0
mknod /dev/ipnat c 79 1
mknod /dev/ipstate c 79 2
5b) For versions prior to FreeBSD 2.2:
create devices for IP Filter as follows (assuming it was
installed into the device table as char dev 20):
mknod /dev/ipl c 20 0
mknod /dev/ipnat c 20 1
mknod /dev/ipstate c 20 2
6. install and reboot with the new kernel
Darren Reed
darrenr@cyber.com.au

View File

@ -1,4 +1,7 @@
*** IF you are using FreeBSD 2.2 or later, see the file "INST.FreeBSD-2.2" ***
To build a kernel for use with the loadable kernel module, follow these
steps:
1. do "make bsd"
@ -33,7 +36,11 @@ To build a kernel with the IP filter, follow these steps:
4. build a new kernel
5. create /dev/ipl with "mknod /dev/ipl c 20 0".
5. create devices for IP Filter as follows (assuming it was
installed into the device table as char dev 20):
mknod /dev/ipl c 20 0
mknod /dev/ipnat c 20 1
mknod /dev/ipstate c 20 2
6. install and reboot with the new kernel

View File

@ -1,7 +1,7 @@
To install as a Loadable Kernel Module (LKM):
1. do a "make sunos4" in this directory
1. do a "make solaris" in this directory
2. Run the script "SunOS4/minstall" as root.
@ -22,7 +22,7 @@ To install as a Loadable Kernel Module (LKM):
To install as part of a SunOS 4.1.x kernel:
1. do a "make sunos4" in this directory
1. do a "make solaris" in this directory
2. Run the script "SunOS4/kinstall" as root.
NOTE: This script sets up /dev/ipl as char. device 59,0

View File

@ -5,17 +5,19 @@
# and is not changed in any way. The author accepts no responsibility
# for the use of this software. I hate legaleese, don't you ?
#
# $Id: Makefile,v 2.0.1.5 1997/02/16 06:17:04 darrenr Exp $
# $Id: Makefile,v 2.0.2.7 1997/04/02 12:23:14 darrenr Exp $
#
# where to put things.
#
BINDEST=/usr/local/ip_fil3.1.1/bin
SBINDEST=/usr/local/ip_fil3.1.1/sbin
MANDIR=/usr/local/ip_fil3.1.1/man
#To test prototyping
#CC=gcc -Wstrict-prototypes -Wmissing-prototypes -Werror
CC=gcc
DEBUG=-g
CFLAGS=-I$$(TOP)
DCPU=`uname -m`
CPU=`uname -m`
#
# To enable this to work as a Loadable Kernel Module...
#
@ -40,7 +42,7 @@ POLICY=-DIPF_DEFAULT_PASS=FR_PASS
MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
"CC=$(CC)" 'CFLAGS=$(CFLAGS) $(SOLARIS2)' "IPFLKM=$(IPFLKM)" \
"IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "ARCH=$(ARCH)"
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)"
#
########## ########## ########## ########## ########## ########## ##########
#
@ -66,33 +68,31 @@ tests:
sunos solaris:
./buildsunos
sunos4 solaris1:
(cd SunOS4; make build TOP=.. $(MFLAGS); cd ..)
(cd SunOS4; make -f Makefile.ipsend TOP=.. $(MFLAGS); cd ..)
freebsd22 freebsd30:
-if [ ! -d BSD/$(CPU) ] ; then mkdir BSD/$(CPU); fi
@if [ ! -f `uname -v|sed -e 's@^.*:\(/[^: ]*\).*@\1@'`/ioconf.h ] ; then \
echo "Can't find ioconf.h"; \
exit 1;\
fi
rm -f BSD/$(CPU)/ioconf.h
ln -s `uname -v|sed -e 's@^.*:\(/[^: ]*\).*@\1@'`/ioconf.h BSD/$(CPU)
make bsd
sunos5 solaris2:
(cd SunOS5/$(DCPU); make build TOP=../.. $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Dsparc -D__sparc__"; cd ..)
(cd SunOS5/$(DCPU); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
sunos5x86 solaris2x86:
(cd SunOS5/$(DCPU); make build TOP=../.. $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Di86pc -Di386 -D__i386__"; cd ..)
(cd SunOS5/$(DCPU); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
bsd netbsd freebsd:
-if [ ! -d BSD/$(DCPU) ] ; then mkdir BSD/$(DCPU); fi
-rm -f BSD/$(DCPU)/Makefile BSD/$(DCPU)/Makefile.ipsend
-ln -s ../Makefile BSD/$(DCPU)/Makefile
-ln -s ../Makefile.ipsend BSD/$(DCPU)/Makefile.ipsend
(cd BSD/$(DCPU); make build "TOP=../.." $(MFLAGS); cd ..)
(cd BSD/$(DCPU); make -f Makefile.ipsend "TOP=../.." $(MFLAGS); cd ..)
bsd netbsd freebsd freebsd20 freebsd21:
-if [ ! -d BSD/$(CPU) ] ; then mkdir BSD/$(CPU); fi
-rm -f BSD/$(CPU)/Makefile BSD/$(CPU)/Makefile.ipsend
-ln -s ../Makefile BSD/$(CPU)/Makefile
-ln -s ../Makefile.ipsend BSD/$(CPU)/Makefile.ipsend
(cd BSD/$(CPU); make build "TOP=../.." $(MFLAGS); cd ..)
(cd BSD/$(CPU); make -f Makefile.ipsend "TOP=../.." $(MFLAGS); cd ..)
bsdi bsdos:
-if [ ! -d BSD/$(DCPU) ] ; then mkdir BSD/$(DCPU); fi
-rm -f BSD/$(DCPU)/Makefile BSD/$(DCPU)/Makefile.ipsend
-ln -s ../Makefile BSD/$(DCPU)/Makefile
-ln -s ../Makefile.ipsend BSD/$(DCPU)/Makefile.ipsend
(cd BSD/$(DCPU); make build "TOP=../.." $(MFLAGS) LKM= ; cd ..)
(cd BSD/$(DCPU); make -f Makefile.ipsend "TOP=../.." $(MFLAGS); cd ..)
-if [ ! -d BSD/$(CPU) ] ; then mkdir BSD/$(CPU); fi
-rm -f BSD/$(CPU)/Makefile BSD/$(CPU)/Makefile.ipsend
-ln -s ../Makefile BSD/$(CPU)/Makefile
-ln -s ../Makefile.ipsend BSD/$(CPU)/Makefile.ipsend
(cd BSD/$(CPU); make build "TOP=../.." $(MFLAGS) LKM= ; cd ..)
(cd BSD/$(CPU); make -f Makefile.ipsend "TOP=../.." $(MFLAGS); cd ..)
clean:
${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl \
@ -125,12 +125,24 @@ get:
fi \
done
sunos4 solaris1:
(cd SunOS4; make build TOP=.. $(MFLAGS); cd ..)
(cd SunOS4; make -f Makefile.ipsend TOP=.. $(MFLAGS); cd ..)
sunos5 solaris2:
(cd SunOS5/$(CPU); make build TOP=../.. $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Dsparc -D__sparc__"; cd ..)
(cd SunOS5/$(CPU); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
sunos5x86 solaris2x86:
(cd SunOS5/$(CPU); make build TOP=../.. $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Di86pc -Di386 -D__i386__"; cd ..)
(cd SunOS5/$(CPU); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
install-bsd: bsd
(cd BSD/$(DCPU); $(MAKE) "TOP=../.." install)
(cd BSD/$(CPU); $(MAKE) "CPU=$(CPU) TOP=../.." install)
install-sunos4: solaris
(cd SunOS4; $(MAKE) "TOP=.." install)
(cd SunOS4; $(MAKE) "CPU=$(CPU) TOP=.." install)
install-sunos5: solaris
(cd SunOS5; $(MAKE) "TOP=.." install)
(cd SunOS5; $(MAKE) "CPU=$(CPU) TOP=.." install)
# XXX FIXME: bogus to depend on all!
install: all ip_fil.h

View File

@ -0,0 +1,104 @@
These are Instructions for Configuring A FreeBSD Box For NAT
After you have installed IpFilter.
You will need to change three files:
/etc/rc.local
/etc/sysconfig
/etc/natrules
You will have to:
1) Load the kernel module
2) Make the ipnat rules
3) Load the ipnat rules
4) Enable routing between interfaces
5) Add static routes for the subnet ranges
6) Configure your network interfaces
7) reboot the computer for the changes to take effect.
The FAQ was written by Chris Coleman <chris@@bbcc.ctc.edu>
This was tested using ipfilter 3.1.4 and FreeBSD 2.1.6-RELEASE
_________________________________________________________
1) Loading the Kernel Module
If you are using a Kernal Loadable Module you need to edit your
/etc/rc.local file and load the module at boot time.
use the line:
modload /lkm/if_ipl.o
If you are not loading a kernel module, skip this step.
_________________________________________________________
2) Setting up the NAT Rules
Make a file called /etc/natrules
put in the rules that you need for your system.
If you want to use the whole 10 Network. Try:
map fpx0 10.0.0.0/8 -> 208.8.0.1/32 portmap tcp/udp 10000:65000
_________________________________________________________
Here is an explaination of each part of the command:
map starts the command.
fpx0 is the interface with the real internet address.
10.0.0.0 is the subnet you want to use.
/8 is the subnet mask. ie 255.0.0.0
208.8.0.1 is the real ip address that you use.
/32 is the subnet mask 255.255.255.255, ie only use this ip address.
portmap tcp/udp 10000:65000
tells it to use the ports to redirect the tcp/udp calls through
The one line should work for the whole network.
_________________________________________________________
3) Loading the NAT Rules:
The NAT Rules will need to be loaded every time the computer
reboots.
In your /etc/rc.local put the line:
ipnat -f /etc/natrules
To check and see if it is loaded, as root type
ipnat -ls
_________________________________________________________
4) Enable Routing between interfaces.
Tell the kernel to route these addresses.
in the rc.local file put the line:
sysctl -w net.inet.ip.forwarding=1
_________________________________________________________
5) Static Routes to Subnet Ranges
Now you have to add a static routes for the subnet ranges.
Edit your /etc/sysconfig to add them at bootup.
static_routes="foo"
route_foo="10.0.0.0 -netmask 0xf0000000 -interface 10.0.0.1"
_________________________________________________________
6) Make sure that you have your interfaces configured.
I have two Intel Ether Express Pro B cards.
One is on 208.8.0.1 The other is on 10.0.0.1
You need to configure these in the /etc/sysconfig
network_interfaces="fxp0 fxp1"
ifconfig_fxp0="inet 208.8.0.1 netmask 255.255.255.0"
ifconfig_fxp1="inet 10.0.0.1 netmask 255.0.0.0"
_________________________________________________________

View File

@ -1,5 +1,5 @@
#! /bin/sh
# $Id: buildsunos,v 2.0.1.1 1997/01/09 15:14:43 darrenr Exp $
# $Id: buildsunos,v 2.0.2.3 1997/03/30 15:37:34 darrenr Exp $
:
rev=`uname -r | sed -e 's/^\([^\.]*\)\..*/\1/'`
cpu=`uname -m`
@ -12,12 +12,12 @@ if [ $rev = 5 ] ; then
ln -s ../Makefile.ipsend SunOS5/${cpu}/Makefile.ipsend
fi
if [ $cpu = i86pc ] ; then
make ${1+"$@"} sunos5x86 SOLARIS2="-DSOLARIS2=$solrev" DCPU=${cpu}
make ${1+"$@"} sunos5x86 SOLARIS2="-DSOLARIS2=$solrev" CPU=${cpu}
exit $?
fi
if [ x$solrev = x ] ; then
make ${1+"$@"} sunos$rev "ARCH=`uname -m`"
exit $?
fi
make ${1+"$@"} sunos$rev SOLARIS2="-DSOLARIS2=$solrev" DCPU=${cpu}
make ${1+"$@"} sunos$rev SOLARIS2="-DSOLARIS2=$solrev" CPU=${cpu}
exit $?

View File

@ -0,0 +1,2 @@
Æ . Ä..'! CVS
 protocols

View File

@ -7,12 +7,13 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed";
static char rcsid[] = "$Id: fil.c,v 2.0.1.7 1997/02/18 10:53:47 darrenr Exp $";
static char rcsid[] = "$Id: fil.c,v 2.0.2.7 1997/04/02 12:23:15 darrenr Exp $";
#endif
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#if defined(_KERNEL) || defined(KERNEL)
@ -44,8 +45,8 @@ static char rcsid[] = "$Id: fil.c,v 2.0.1.7 1997/02/18 10:53:47 darrenr Exp $";
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_nat.h"
#include "ip_frag.h"
#include "ip_state.h"
@ -54,46 +55,48 @@ static char rcsid[] = "$Id: fil.c,v 2.0.1.7 1997/02/18 10:53:47 darrenr Exp $";
#endif
#ifndef _KERNEL
#include "ipf.h"
# include "ipf.h"
# include "ipt.h"
extern int opts;
extern void debug(), verbose();
#define FR_IFVERBOSE(ex,second,verb_pr) if (ex) { verbose verb_pr; second; }
#define FR_IFDEBUG(ex,second,verb_pr) if (ex) { debug verb_pr; second; }
#define FR_VERBOSE(verb_pr) verbose verb_pr
#define FR_DEBUG(verb_pr) debug verb_pr
#define FR_SCANLIST(p, ip, fi, m) fr_scanlist(p, ip, fi)
# define FR_IFVERBOSE(ex,second,verb_pr) if (ex) { verbose verb_pr; \
second; }
# define FR_IFDEBUG(ex,second,verb_pr) if (ex) { debug verb_pr; \
second; }
# define FR_VERBOSE(verb_pr) verbose verb_pr
# define FR_DEBUG(verb_pr) debug verb_pr
# define FR_SCANLIST(p, ip, fi, m) fr_scanlist(p, ip, fi, m)
# define SEND_RESET(ip, qif, q, if) send_reset(ip, if)
# define IPLLOG(a, c, d, e) ipllog()
# if SOLARIS
# define ICMP_ERROR(b, ip, t, c, if, src) icmp_error(ip)
# define bcmp memcmp
# endif
#else
#define FR_IFVERBOSE(ex,second,verb_pr) ;
#define FR_IFDEBUG(ex,second,verb_pr) ;
#define FR_VERBOSE(verb_pr)
#define FR_DEBUG(verb_pr)
#define FR_SCANLIST(p, ip, fi, m) fr_scanlist(p, ip, fi, m)
extern int send_reset();
# if SOLARIS
extern int icmp_error(), ipfr_fastroute();
extern kmutex_t ipf_mutex, ipl_mutex;
# else
extern void ipfr_fastroute();
# define ICMP_ERROR(b, ip, t, c, if, src) icmp_error(b, ip, if)
# endif
extern int ipl_unreach, ipllog();
#endif
#if SOLARIS
# define SEND_RESET(ip, if, q) send_reset(ip, qif, q)
# define ICMP_ERROR(b, ip, t, c, if, src) \
#else /* #ifndef _KERNEL */
# define FR_IFVERBOSE(ex,second,verb_pr) ;
# define FR_IFDEBUG(ex,second,verb_pr) ;
# define FR_VERBOSE(verb_pr)
# define FR_DEBUG(verb_pr)
# define FR_SCANLIST(p, ip, fi, m) fr_scanlist(p, ip, fi, m)
# define IPLLOG(a, c, d, e) ipllog(a, IPL_LOGIPF, c, d, e)
# if SOLARIS
extern kmutex_t ipf_mutex;
# define SEND_RESET(ip, qif, q, if) send_reset(ip, qif, q)
# define ICMP_ERROR(b, ip, t, c, if, src) \
icmp_error(b, ip, t, c, if, src)
#else
# define SEND_RESET(ip, if, q) send_reset(ip)
# if BSD < 199103
# define ICMP_ERROR(b, ip, t, c, if, src) \
icmp_error(mtod(b, ip_t *), t, c, if, src)
# else
# define ICMP_ERROR(b, ip, t, c, if, src) \
# define FR_SCANLIST(p, ip, fi, m) fr_scanlist(p, ip, fi, m)
# define SEND_RESET(ip, qif, q, if) send_reset((struct tcpiphdr *)ip)
# if BSD < 199103
# define ICMP_ERROR(b, ip, t, c, if, src) \
icmp_error(mtod(b, ip_t *), t, c, if, src)
# else
# define ICMP_ERROR(b, ip, t, c, if, src) \
icmp_error(b, t, c, (src).s_addr, if)
# endif
# endif
#endif
@ -103,7 +106,7 @@ extern int ipl_unreach, ipllog();
#ifdef IPF_DEFAULT_PASS
#define IPF_NOMATCH (IPF_DEFAULT_PASS|FR_NOMATCH)
#else
#define IPF_NOMATCH (FR_NOMATCH)
#define IPF_NOMATCH (FR_PASS|FR_NOMATCH)
#endif
struct filterstats frstats[2] = {{0,0,0,0,0},{0,0,0,0,0}};
@ -113,6 +116,10 @@ int fr_flags = IPF_LOGGING, fr_active = 0;
fr_info_t frcache[2];
static void fr_makefrip __P((int, ip_t *, fr_info_t *));
static int fr_tcpudpchk __P((frentry_t *, fr_info_t *));
static int fr_scanlist __P((int, ip_t *, fr_info_t *, void *));
/*
* bit values for identifying presence of individual IP options
@ -159,7 +166,7 @@ struct optlist secopt[8] = {
* compact the IP header into a structure which contains just the info.
* which is useful for comparing IP headers with.
*/
void fr_makefrip(hlen, ip, fin)
static void fr_makefrip(hlen, ip, fin)
int hlen;
ip_t *ip;
fr_info_t *fin;
@ -278,7 +285,7 @@ fr_info_t *fin;
/*
* check an IP packet for TCP/UDP characteristics such as ports and flags.
*/
int fr_tcpudpchk(fr, fin)
static int fr_tcpudpchk(fr, fin)
frentry_t *fr;
fr_info_t *fin;
{
@ -371,7 +378,7 @@ fr_info_t *fin;
* Could be per interface, but this gets real nasty when you don't have
* kernel sauce.
*/
int fr_scanlist(pass, ip, fin, m)
static int fr_scanlist(pass, ip, fin, m)
int pass;
ip_t *ip;
register fr_info_t *fin;
@ -404,8 +411,7 @@ void *m;
if (opts & (OPT_VERBOSE|OPT_DEBUG))
printf("\n");
FR_VERBOSE(("%c", (pass & FR_PASS) ? 'p' : 'b'));
if (fin->fin_ifp && *fr->fr_ifname &&
strcasecmp((char *)fin->fin_ifp, fr->fr_ifname))
if (fr->fr_ifa && fr->fr_ifa != fin->fin_ifp)
continue;
FR_VERBOSE((":i"));
#endif
@ -467,7 +473,7 @@ void *m;
pass = (*fr->fr_func)(pass, ip, fin);
#ifdef IPFILTER_LOG
if ((pass & FR_LOGMASK) == FR_LOG) {
if (!ipllog(fr->fr_flags, ip, fin, m))
if (!IPLLOG(fr->fr_flags, ip, fin, m))
frstats[fin->fin_out].fr_skip++;
frstats[fin->fin_out].fr_pkl++;
}
@ -475,7 +481,7 @@ void *m;
FR_DEBUG(("pass %#x\n", pass));
fr->fr_hits++;
if (pass & FR_ACCOUNT)
fr->fr_bytes += ip->ip_len;
fr->fr_bytes += (U_QUAD_T)ip->ip_len;
else
fin->fin_icode = fr->fr_icode;
fin->fin_rule = rulen;
@ -504,7 +510,8 @@ mblk_t **mp;
struct mbuf **mp;
# endif
#else
)
, mp)
char *mp;
#endif
ip_t *ip;
int hlen;
@ -518,8 +525,12 @@ int out;
register fr_info_t *fin = &frinfo;
frentry_t *fr = NULL;
int pass, changed;
#ifndef _KERNEL
char *mc = mp, *m = mp;
#endif
#if !defined(__SVR4) && !defined(__svr4__) && defined(_KERNEL)
#ifdef _KERNEL
# if !defined(__SVR4) && !defined(__svr4__)
register struct mbuf *m = *mp;
struct mbuf *mc = NULL;
@ -538,9 +549,10 @@ int out;
}
}
}
#endif
#if SOLARIS && defined(_KERNEL)
# endif
# if SOLARIS
mblk_t *mc = NULL, *m = qif->qf_m;
# endif
#endif
fr_makefrip(hlen, ip, fin);
fin->fin_ifp = ifp;
@ -608,7 +620,7 @@ int out;
}
}
if (fr && fr->fr_func)
if (fr && fr->fr_func && !(pass & FR_CALLNOW))
pass = (*fr->fr_func)(pass, ip, fin);
if (out) {
@ -639,7 +651,7 @@ int out;
pass |= FF_LOGBLOCK;
frstats[out].fr_bpkl++;
logit:
if (!ipllog(pass, ip, fin, m)) {
if (!IPLLOG(pass, ip, fin, m)) {
frstats[out].fr_skip++;
if ((pass & (FR_PASS|FR_LOGORBLOCK)) ==
(FR_PASS|FR_LOGORBLOCK))
@ -676,7 +688,7 @@ int out;
frstats[0].fr_ret++;
} else if ((pass & FR_RETRST) &&
!(fin->fin_fi.fi_fl & FI_SHORT)) {
if (SEND_RESET(ip, qif, q) == 0)
if (SEND_RESET(ip, qif, q, ifp) == 0)
frstats[1].fr_ret++;
}
#else
@ -736,37 +748,32 @@ int out;
#ifdef IPFILTER_LOG
# if !(defined(_KERNEL))
static void ipllog()
{
verbose("l");
}
# endif
int fr_copytolog(buf, len)
int fr_copytolog(dev, buf, len)
int dev;
char *buf;
int len;
{
int clen, tail;
register char *bufp = iplbuf[dev], *tp = iplt[dev], *hp = iplh[dev];
register int clen, tail;
tail = (iplh >= iplt) ? (iplbuf + IPLLOGSIZE - iplh) : (iplt - iplh);
tail = (hp >= tp) ? (bufp + IPLLOGSIZE - hp) : (tp - hp);
clen = MIN(tail, len);
bcopy(buf, iplh, clen);
bcopy(buf, hp, clen);
len -= clen;
tail -= clen;
iplh += clen;
hp += clen;
buf += clen;
if (iplh == iplbuf + IPLLOGSIZE) {
iplh = iplbuf;
tail = iplt - iplh;
if (hp == bufp + IPLLOGSIZE) {
hp = bufp;
tail = tp - hp;
}
if (len && tail) {
clen = MIN(tail, len);
bcopy(buf, iplh, clen);
bcopy(buf, hp, clen);
len -= clen;
iplh += clen;
hp += clen;
}
iplh[dev] = hp;
return len;
}
#endif

View File

@ -12,6 +12,7 @@
#include <strings.h>
#endif
#include <sys/types.h>
#include <sys/time.h>
#include <sys/param.h>
#include <sys/file.h>
#include <stdlib.h>
@ -26,15 +27,15 @@
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <net/if.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_nat.h"
#include "ip_frag.h"
#include "ip_state.h"
#include <netdb.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ipf.h"
#include "ip_nat.h"
#include "ip_frag.h"
#include "ip_state.h"
#include "kmem.h"
#ifdef __NetBSD__
#include <paths.h>
@ -42,7 +43,7 @@
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-1996 Darren Reed";
static char rcsid[] = "$Id: fils.c,v 2.0.1.2 1997/01/30 10:21:48 darrenr Exp $";
static char rcsid[] = "$Id: fils.c,v 2.0.2.7 1997/04/02 12:23:16 darrenr Exp $";
#endif
#ifdef _PATH_UNIX
#define VMUNIX _PATH_UNIX
@ -62,10 +63,15 @@ static char *filters[4] = { "ipfilter(in)", "ipfilter(out)",
int opts = 0;
static void showstats(), showfrstates();
static void showlist(), showipstates();
extern int main __P((int, char *[]));
static void showstats __P((int, friostat_t *));
static void showfrstates __P((int, ipfrstat_t *));
static void showlist __P((friostat_t *));
static void showipstates __P((int, ips_stat_t *));
static void Usage __P((char *));
void Usage(name)
static void Usage(name)
char *name;
{
fprintf(stderr, "Usage: %s [-afhIiosv] [-d <device>]\n", name);
@ -253,6 +259,10 @@ struct friostat *fiop;
i++;
} else if (opts & OPT_INQUE)
fp = (struct frentry *)fiop->f_acctin[set];
else {
FPRINTF(stderr, "No -i or -o given with -a\n");
return;
}
} else if (opts & OPT_OUTQUE) {
i = F_OUT;
fp = (struct frentry *)fiop->f_fout[set];
@ -281,9 +291,17 @@ struct friostat *fiop;
if (opts & OPT_OUTQUE)
fp->fr_flags |= FR_OUTQUE;
if (opts & (OPT_HITS|OPT_VERBOSE))
#ifdef USE_QUAD_T
PRINTF("%qd ", fp->fr_hits);
#else
PRINTF("%ld ", fp->fr_hits);
#endif
if (opts & (OPT_ACCNT|OPT_VERBOSE))
#ifdef USE_QUAD_T
PRINTF("%qd ", fp->fr_bytes);
#else
PRINTF("%ld ", fp->fr_bytes);
#endif
if (opts & OPT_SHOWLINENO)
PRINTF("@%d ", n);
printfr(fp);
@ -312,13 +330,16 @@ ips_stat_t *ipsp;
return;
for (i = 0; i < IPSTATE_SIZE; i++)
while (istab[i]) {
if (kmemcpy(&ips, istab[i], sizeof(ips)) == -1)
if (kmemcpy((char *)&ips, (u_long)istab[i],
sizeof(ips)) == -1)
break;
PRINTF("%s -> ", inet_ntoa(ips.is_src));
PRINTF("%s age %d pass %d pr %d state %d/%d\n",
PRINTF("%s age %ld pass %d pr %d state %d/%d\n",
inet_ntoa(ips.is_dst), ips.is_age,
ips.is_pass, ips.is_p, ips.is_state[0],
ips.is_state[1]);
PRINTF("\tpkts %ld bytes %ld",
ips.is_pkts, ips.is_bytes);
if (ips.is_p == IPPROTO_TCP)
PRINTF("\t%hu -> %hu %lu:%lu %hu:%hu\n",
ntohs(ips.is_sport),
@ -326,10 +347,10 @@ ips_stat_t *ipsp;
ips.is_seq, ips.is_ack,
ips.is_swin, ips.is_dwin);
else if (ips.is_p == IPPROTO_UDP)
PRINTF("\t%hu -> %hu\n", ntohs(ips.is_sport),
PRINTF(" %hu -> %hu\n", ntohs(ips.is_sport),
ntohs(ips.is_dport));
else if (ips.is_p == IPPROTO_ICMP)
PRINTF("\t%hu %hu %d\n", ips.is_icmp.ics_id,
PRINTF(" %hu %hu %d\n", ips.is_icmp.ics_id,
ips.is_icmp.ics_seq,
ips.is_icmp.ics_type);
istab[i] = ips.is_next;
@ -353,7 +374,7 @@ ipfrstat_t *ifsp;
return;
for (i = 0; i < IPFT_SIZE; i++)
while (ipfrtab[i]) {
if (kmemcpy(&ifr, (u_long)ipfrtab[i],
if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i],
sizeof(ifr)) == -1)
break;
PRINTF("%s -> ", inet_ntoa(ifr.ipfr_src));

View File

@ -55,7 +55,7 @@
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
static char rcsid[] = "$Id: inet_addr.c,v 2.0.1.1 1997/01/09 15:14:43 darrenr Exp $";
static char rcsid[] = "$Id: inet_addr.c,v 2.0.2.3 1997/03/27 13:45:00 darrenr Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
@ -63,6 +63,15 @@ static char rcsid[] = "$Id: inet_addr.c,v 2.0.1.1 1997/01/09 15:14:43 darrenr Ex
#include <arpa/inet.h>
#include <ctype.h>
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
int inet_aton __P((const char *, struct in_addr *));
/*
* Check whether "cp" is a valid ascii representation
* of an Internet address and convert to a binary address.

View File

@ -6,17 +6,48 @@
* to the original author and the contributors.
*
* @(#)ip_compat.h 1.8 1/14/96
* $Id: ip_compat.h,v 2.0.1.4 1997/02/04 14:24:25 darrenr Exp $
* $Id: ip_compat.h,v 2.0.2.6 1997/04/02 12:23:17 darrenr Exp $
*/
#ifndef __IP_COMPAT_H_
#define __IP_COMPAT_H__
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
#ifndef SOLARIS
#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
#endif
#if SOLARIS
#define MTYPE(m) ((m)->b_datap->db_type)
# define MTYPE(m) ((m)->b_datap->db_type)
# include <sys/ioccom.h>
# include <sys/sysmacros.h>
/*
* because Solaris 2 defines these in two places :-/
*/
# undef IPOPT_EOL
# undef IPOPT_NOP
# undef IPOPT_LSRR
# undef IPOPT_RR
# undef IPOPT_SSRR
# ifndef _KERNEL
# define _KERNEL
# undef RES_INIT
# include <inet/common.h>
# include <inet/ip.h>
# include <inet/ip_ire.h>
# undef _KERNEL
# else
# include <inet/common.h>
# include <inet/ip.h>
# include <inet/ip_ire.h>
# endif
#endif
#define IPMINLEN(i, h) ((i)->ip_len >= ((i)->ip_hl * 4 + sizeof(struct h)))
@ -24,6 +55,13 @@
#define IP_OFFMASK 0x1fff
#endif
#if BSD > 199306
# define USE_QUAD_T
# define U_QUAD_T u_quad_t
#else
# define U_QUAD_T u_long
#endif
#ifndef MAX
#define MAX(a,b) (((a) > (b)) ? (a) : (b))
#endif
@ -85,11 +123,18 @@
#define IPOPT_FINN 205 /* FINN */
#ifdef __FreeBSD__
# include <machine/spl.h>
# if defined(IPFILTER_LKM) && !defined(ACTUALLY_LKM_NOT_KERNEL)
# define ACTUALLY_LKM_NOT_KERNEL
# endif
#endif
/*
* Build some macros and #defines to enable the same code to compile anywhere
* Well, that's the idea, anyway :-)
*/
#ifdef _KERNEL
#if defined(_KERNEL) || defined(KERNEL)
# if SOLARIS
# define MUTEX_ENTER(x) mutex_enter(x)
# define MUTEX_EXIT(x) mutex_exit(x)
@ -108,6 +153,7 @@
# ifdef sun
# if defined(__svr4__) || defined(__SVR4)
extern ill_t *get_unit __P((char *));
# define GETUNIT(n) get_unit((n))
# else
# include <sys/kmem_alloc.h>
@ -132,8 +178,8 @@ typedef struct qif {
queue_t *qf_out;
void *qf_wqinfo;
void *qf_rqinfo;
int (*qf_inp)();
int (*qf_outp)();
int (*qf_inp) __P((queue_t *, mblk_t *));
int (*qf_outp) __P((queue_t *, mblk_t *));
mblk_t *qf_m;
int qf_len;
char qf_name[8];
@ -151,10 +197,10 @@ typedef struct qif {
# define htons(x) (x)
# define htonl(x) (x)
# endif
# define KMALLOC(x) kmem_alloc((x), KM_NOSLEEP)
# define KMALLOC(a,b,c) (a) = (b)kmem_alloc((c), KM_NOSLEEP)
# define GET_MINOR(x) getminor(x)
# else
# define KMALLOC(x) new_kmem_alloc((x), KMEM_NOSLEEP)
# define KMALLOC(a,b,c) (a) = (b)new_kmem_alloc((c), KMEM_NOSLEEP)
# endif /* __svr4__ */
# endif /* sun && !linux */
# ifndef GET_MINOR
@ -162,7 +208,7 @@ typedef struct qif {
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
# include <vm/vm.h>
# if !defined(__FreeBSD__)
# if !defined(__FreeBSD__) || (defined (__FreeBSD__) && __FreeBSD__>=3)
# include <vm/vm_extern.h>
# include <sys/proc.h>
extern vm_map_t kmem_map;
@ -170,15 +216,15 @@ extern vm_map_t kmem_map;
# include <vm/vm_kern.h>
# endif /* __FreeBSD__ */
/*
** # define KMALLOC(x) kmem_alloc(kmem_map, (x))
** # define KFREE(x) kmem_free(kmem_map, (vm_offset_t)(x), \
# define KMALLOC(a,b,c) (a) = (b)kmem_alloc(kmem_map, (c))
# define KFREE(x) kmem_free(kmem_map, (vm_offset_t)(x), \
sizeof(*(x)))
*/
# ifdef M_PFIL
# define KMALLOC(x) malloc((x), M_PFIL, M_NOWAIT)
# define KMALLOC(a, b, c) MALLOC((a), b, (c), M_PFIL, M_NOWAIT)
# define KFREE(x) FREE((x), M_PFIL)
# else
# define KMALLOC(x) malloc((x), M_TEMP, M_NOWAIT)
# define KMALLOC(a, b, c) MALLOC((a), b, (c), M_TEMP, M_NOWAIT)
# define KFREE(x) FREE((x), M_TEMP)
# endif
# define UIOMOVE(a,b,c,d) uiomove(a,b,d)
@ -193,17 +239,16 @@ extern vm_map_t kmem_map;
# endif
# endif
#else
# ifndef linux
# define MUTEX_ENTER(x) ;
# define MUTEX_EXIT(x) ;
# define SPLNET(x) ;
# define SPLX(x) ;
# define KMALLOC(x) malloc(x)
# define KFREE(x) free(x)
# define GETUNIT(x) (x)
# define IRCOPY(a,b,c) bcopy((a), (b), (c))
# define IWCOPY(a,b,c) bcopy((a), (b), (c))
# endif
# define MUTEX_ENTER(x) ;
# define MUTEX_EXIT(x) ;
# define SPLNET(x) ;
# undef SPLX
# define SPLX(x) ;
# define KMALLOC(a,b,c) (a) = (b)malloc(c)
# define KFREE(x) free(x)
# define GETUNIT(x) get_unit(x)
# define IRCOPY(a,b,c) bcopy((a), (b), (c))
# define IWCOPY(a,b,c) bcopy((a), (b), (c))
#endif /* KERNEL */
#ifdef linux
@ -318,7 +363,7 @@ struct ipovly {
# define UNITNAME(n) dev_get((n))
# define ifnet device
# define KMALLOC(x) kmalloc((x), GFP_ATOMIC)
# define KMALLOC(a,b,c) (a) = (b)kmalloc((c), GFP_ATOMIC)
# define KFREE(x) kfree_s((x), sizeof(*(x)))
# define IRCOPY(a,b,c) { \
error = verify_area(VERIFY_READ, \

View File

@ -7,17 +7,39 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: ip_fil.c,v 2.0.1.7 1997/02/19 12:45:02 darrenr Exp $";
static char rcsid[] = "$Id: ip_fil.c,v 2.0.2.6 1997/04/02 12:23:19 darrenr Exp $";
#endif
#ifndef SOLARIS
#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
#endif
#ifdef __FreeBSD__
#include <osreldate.h>
#endif
#ifndef _KERNEL
#include <stdio.h>
#include <string.h>
#endif
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#ifdef _KERNEL
#include <sys/systm.h>
#endif
#include <sys/uio.h>
#if !SOLARIS
#include <sys/dir.h>
#include <sys/mbuf.h>
#else
#define bcmp memcmp
#define bzero(a,b) memset(a,0,b)
#define bcopy(a,b,c) memcpy(b,a,c)
#include <sys/filio.h>
#endif
#include <sys/protosw.h>
#include <sys/socket.h>
@ -36,8 +58,8 @@ static char rcsid[] = "$Id: ip_fil.c,v 2.0.1.7 1997/02/19 12:45:02 darrenr Exp $
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include <syslog.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_frag.h"
#include "ip_nat.h"
#include "ip_state.h"
@ -47,45 +69,49 @@ static char rcsid[] = "$Id: ip_fil.c,v 2.0.1.7 1997/02/19 12:45:02 darrenr Exp $
extern fr_flags, fr_active;
extern struct protosw inetsw[];
extern int (*fr_checkp)();
#if BSD < 199306
extern int ipfr_slowtimer();
static int (*fr_saveslowtimo)();
static int (*fr_saveslowtimo) __P((void));
extern int tcp_ttl;
#else
extern void ipfr_slowtimer();
static void (*fr_saveslowtimo)();
static void (*fr_saveslowtimo) __P((void));
#endif
int ipl_inited = 0;
int ipl_unreach = ICMP_UNREACH_FILTER;
int send_reset();
#ifndef _KERNEL
#include "ipt.h"
static struct ifnet **ifneta = NULL;
static int nifs = 0;
struct ifnet *get_unit __P((char *));
#endif
#ifdef IPFILTER_LOG
# define LOGSIZE 8192
int ipllog();
char iplbuf[LOGSIZE];
caddr_t iplh = iplbuf, iplt = iplbuf;
static int iplused = 0;
char iplbuf[3][IPLLOGSIZE];
caddr_t iplh[3], iplt[3];
int iplused[3] = {0,0,0};
#endif /* IPFILTER_LOG */
static void frflush();
static int frrequest();
static int (*fr_savep)() = NULL;
static void frflush __P((caddr_t));
static int frrequest __P((int, caddr_t, int));
static void frzerostats __P((caddr_t));
#ifdef _KERNEL
static int (*fr_savep) __P((struct ip *, int, struct ifnet *,
int, struct mbuf **));
#else
void init_ifp __P((void));
static int (*fr_savep) __P((struct ip *, int, struct ifnet *,
int, char *));
static int no_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *));
static int write_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *));
#endif
#if _BSDI_VERSION >= 199501
#if (_BSDI_VERSION >= 199510) && defined(_KERNEL)
# include <sys/device.h>
# include <sys/conf.h>
int iplioctl __P((dev_t, int, caddr_t, int, struct proc *));
int iplopen __P((dev_t, int, int, struct proc *));
int iplclose __P((dev_t, int, int, struct proc *));
# ifdef IPFILTER_LOG
int iplread __P((dev_t, struct uio *, int));
# else
# define iplread noread
# endif
int iplioctl __P((dev_t, int, caddr_t, int, struct proc *));
struct cfdriver iplcd = {
NULL, "ipl", NULL, NULL, DV_DULL, 0
};
@ -96,9 +122,11 @@ struct devsw iplsw = {
nostrat, nodump, nopsize, 0,
nostop
};
#endif /* _BSDI_VERSION >= 199501 */
#endif /* _BSDI_VERSION >= 199510 && _KERNEL */
#ifdef IPFILTER_LKM
#ifdef _KERNEL
# ifdef IPFILTER_LKM
int iplidentify(s)
char *s;
{
@ -106,12 +134,12 @@ char *s;
return 1;
return 0;
}
#endif /* IPFILTER_LKM */
# endif /* IPFILTER_LKM */
int iplattach()
{
int s;
int s, i;
SPLNET(s);
if (ipl_inited || (fr_checkp == fr_check)) {
@ -125,6 +153,14 @@ int iplattach()
fr_checkp = fr_check;
fr_saveslowtimo = inetsw[0].pr_slowtimo;
inetsw[0].pr_slowtimo = ipfr_slowtimer;
/*
* Set log buffer pointers for each of the log buffers
*/
for (i = 0; i <= 2; i++) {
iplh[i] = iplbuf[i];
iplt[i] = iplbuf[i];
}
SPLX(s);
return 0;
}
@ -142,7 +178,9 @@ int ipldetach()
return EBUSY;
}
#if defined(IPFILTER_LKM) || defined(IPFILTER)
fr_checkp = fr_savep;
#endif
inetsw[0].pr_slowtimo = fr_saveslowtimo;
frflush((caddr_t)&i);
ipl_inited = 0;
@ -154,6 +192,7 @@ int ipldetach()
SPLX(s);
return 0;
}
#endif /* _KERNEL */
static void frzerostats(data)
@ -219,7 +258,7 @@ caddr_t data;
* Filter ioctl interface.
*/
int iplioctl(dev, cmd, data, mode
#if _BSDI_VERSION >= 199501
#if ((_BSDI_VERSION >= 199510) || (BSD >= 199506)) && defined(_KERNEL)
, p)
struct proc *p;
#else
@ -232,18 +271,20 @@ int mode;
{
int error = 0, s, unit;
#ifdef _KERNEL
unit = minor(dev);
if (unit != 0)
if ((2 < unit) || (unit < 0))
return ENXIO;
#endif
SPLNET(s);
switch (cmd) {
case FIONREAD :
#ifdef IPFILTER_LOG
*(int *)data = iplused;
*(int *)data = iplused[unit];
#endif
break;
#ifndef IPFILTER_LKM
#if !defined(IPFILTER_LKM) && defined(_KERNEL)
case SIOCFRENB :
{
u_int enable;
@ -330,9 +371,9 @@ int mode;
if (!(mode & FWRITE))
error = EPERM;
else {
*(int *)data = iplused;
iplh = iplt = iplbuf;
iplused = 0;
*(int *)data = iplused[unit];
iplh[unit] = iplt[unit] = iplbuf[unit];
iplused[unit] = 0;
}
break;
#endif /* IPFILTER_LOG */
@ -365,16 +406,13 @@ caddr_t data;
{
register frentry_t *fp, *f, **fprev;
register frentry_t **ftail;
frentry_t fr;
frentry_t frd;
frdest_t *fdp;
struct frentry frd;
int error = 0, in;
fp = &fr;
fp = &frd;
IRCOPY(data, (caddr_t)fp, sizeof(*fp));
bzero((char *)frcache, sizeof(frcache[0]) * 2);
in = (fp->fr_flags & FR_INQUE) ? 0 : 1;
if (fp->fr_flags & FR_ACCOUNT) {
ftail = fprev = &ipacct[in][set];
@ -383,8 +421,8 @@ caddr_t data;
else
return ESRCH;
IRCOPY((char *)fp, (char *)&frd, sizeof(frd));
fp = &frd;
bzero((char *)frcache, sizeof(frcache[0]) * 2);
if (*fp->fr_ifname) {
fp->fr_ifa = GETUNIT(fp->fr_ifname);
if (!fp->fr_ifa)
@ -451,7 +489,8 @@ caddr_t data;
if (f)
error = EEXIST;
else {
if ((f = (struct frentry *)KMALLOC(sizeof(*f)))) {
KMALLOC(f, frentry_t *, sizeof(*f));
if (f != NULL) {
bcopy((char *)fp, (char *)f, sizeof(*f));
f->fr_hits = 0;
f->fr_next = *ftail;
@ -464,44 +503,48 @@ caddr_t data;
}
#if !defined(linux)
#ifdef _KERNEL
/*
* routines below for saving IP headers to buffer
*/
int iplopen(dev, flags
#if _BSDI_VERSION >= 199501
#if ((_BSDI_VERSION >= 199510) || (BSD >= 199506)) && defined(_KERNEL)
, devtype, p)
int devtype;
struct proc *p;
#else
# else
)
#endif
# endif
dev_t dev;
int flags;
{
u_int min = minor(dev);
if (min)
if (2 < min)
min = ENXIO;
else
min = 0;
return min;
}
int iplclose(dev, flags
#if _BSDI_VERSION >= 199501
#if ((_BSDI_VERSION >= 199510) || (BSD >= 199506)) && defined(_KERNEL)
, devtype, p)
int devtype;
struct proc *p;
#else
# else
)
#endif
# endif
dev_t dev;
int flags;
{
u_int min = minor(dev);
if (min)
if (2 < min)
min = ENXIO;
else
min = 0;
return min;
}
@ -521,52 +564,57 @@ int iplread(dev, uio)
dev_t dev;
register struct uio *uio;
{
register int ret, s;
register int ret, s, unit;
register size_t sz, sx;
int error;
unit = minor(dev);
if ((2 < unit) || (unit < 0))
return ENXIO;
if (!uio->uio_resid)
return 0;
while (!iplused) {
error = SLEEP(iplbuf, "ipl sleep");
while (!iplused[unit]) {
error = SLEEP(iplbuf[unit], "ipl sleep");
if (error)
return error;
}
SPLNET(s);
sx = sz = MIN(uio->uio_resid, iplused);
if (iplh < iplt)
sz = MIN(sz, LOGSIZE - (iplt - iplbuf));
sx = sz = MIN(uio->uio_resid, iplused[unit]);
if (iplh[unit] < iplt[unit])
sz = MIN(sz, IPLLOGSIZE - (iplt[unit] - iplbuf[unit]));
sx -= sz;
# if BSD >= 199306 || defined(__FreeBSD__)
uio->uio_rw = UIO_READ;
# endif
if (!(ret = UIOMOVE(iplt, sz, UIO_READ, uio))) {
iplt += sz;
iplused -= sz;
if ((iplh < iplt) && (iplt == iplbuf + LOGSIZE))
iplt = iplbuf;
if (!(ret = UIOMOVE(iplt[unit], sz, UIO_READ, uio))) {
iplt[unit] += sz;
iplused[unit] -= sz;
if ((iplh[unit] < iplt[unit]) && (iplt[unit] == iplbuf[unit] + IPLLOGSIZE))
iplt[unit] = iplbuf[unit];
if (sx && !(ret = UIOMOVE(iplt, sx, UIO_READ, uio))) {
iplt += sx;
iplused -= sx;
if ((iplh < iplt) && (iplt == iplbuf + LOGSIZE))
iplt = iplbuf;
if (sx && !(ret = UIOMOVE(iplt[unit], sx, UIO_READ, uio))) {
iplt[unit] += sx;
iplused[unit] -= sx;
if ((iplh[unit] < iplt[unit]) && (iplt[unit] == iplbuf[unit] + IPLLOGSIZE))
iplt[unit] = iplbuf[unit];
}
if (!iplused) /* minimise wrapping around the end */
iplh = iplt = iplbuf;
if (!iplused[unit]) /* minimise wrapping around the end */
iplh[unit] = iplt[unit] = iplbuf[unit];
}
SPLX(s);
return ret;
}
# endif /* IPFILTER_LOG */
#endif /* linux */
#ifdef IPFILTER_LOG
int ipllog(flags, ip, fin, m)
# ifdef IPFILTER_LOG
int ipllog(flags, dev, ip, fin, m)
u_int flags;
int dev;
ip_t *ip;
register fr_info_t *fin;
struct mbuf *m;
@ -597,16 +645,16 @@ struct mbuf *m;
mlen = (flags & FR_LOGBODY) ? MIN(ip->ip_len - hlen, 128) : 0;
len = hlen + sizeof(iplci) + mlen;
if (iplused + len > LOGSIZE)
if (iplused[dev] + len > IPLLOGSIZE)
return 0;
iplused += len;
iplused[dev] += len;
# ifdef sun
# ifdef sun
uniqtime(&iplci);
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
microtime((struct timeval *)&iplci);
# endif
# endif
iplci.flags = flags;
iplci.hlen = (u_char)hlen;
iplci.plen = (u_char)mlen;
@ -619,22 +667,25 @@ struct mbuf *m;
if ((iplci.ifname[1] = ifp->if_name[1]))
if ((iplci.ifname[2] = ifp->if_name[2]))
iplci.ifname[3] = ifp->if_name[3];
# endif
# endif
if (iplh[dev] == iplbuf[dev] + IPLLOGSIZE)
iplh[dev] = iplbuf[dev];
/*
* Gauranteed to succeed from above
*/
(void) fr_copytolog(&iplci, sizeof(iplci));
(void) fr_copytolog(dev, (char *)&iplci, sizeof(iplci));
for (len -= sizeof(iplci); m && len > 0; m = m->m_next, len -= hlen) {
hlen = MIN(len, m->m_len);
if (fr_copytolog(mtod(m, char *), hlen))
if (fr_copytolog(dev, mtod(m, char *), hlen))
break;
}
wakeup(iplbuf);
wakeup(iplbuf[dev]);
return 1;
}
#endif /* IPFILTER_LOG */
# endif /* IPFILTER_LOG */
/*
* send_reset - this could conceivably be a call to tcp_respond(), but that
@ -651,22 +702,22 @@ struct tcpiphdr *ti;
if (ti->ti_flags & TH_RST)
return -1; /* feedback loop */
#if BSD < 199306
# if BSD < 199306
m = m_get(M_DONTWAIT, MT_HEADER);
#else
# else
m = m_gethdr(M_DONTWAIT, MT_HEADER);
m->m_data += max_linkhdr;
#endif
# endif
if (m == NULL)
return -1;
if (ti->ti_flags & TH_SYN)
tlen = 1;
m->m_len = sizeof (struct tcpiphdr);
#if BSD >= 199306
# if BSD >= 199306
m->m_pkthdr.len = sizeof (struct tcpiphdr);
m->m_pkthdr.rcvif = (struct ifnet *)0;
#endif
# endif
bzero(mtod(m, char *), sizeof(struct tcpiphdr));
ip = mtod(m, struct ip *);
tp = mtod(m, struct tcpiphdr *);
@ -686,11 +737,11 @@ struct tcpiphdr *ti;
ip->ip_tos = ((struct ip *)ti)->ip_tos;
ip->ip_p = ((struct ip *)ti)->ip_p;
ip->ip_len = sizeof (struct tcpiphdr);
#if BSD < 199306
# if BSD < 199306
ip->ip_ttl = tcp_ttl;
#else
# else
ip->ip_ttl = ip_defttl;
#endif
# endif
/*
* extra 0 in case of multicast
@ -700,13 +751,18 @@ struct tcpiphdr *ti;
}
#ifndef IPFILTER_LKM
void iplinit()
# ifndef IPFILTER_LKM
# if BSD < 199306
int
# else
void
# endif
iplinit()
{
(void) iplattach();
ip_init();
}
#endif
# endif
void ipfr_fastroute(m0, fin, fdp)
@ -738,12 +794,12 @@ frdest_t *fdp;
#if (BSD >= 199306) && !defined(__NetBSD__) && !defined(__bsdi__)
# ifdef RTF_CLONING
rtalloc_ign(ro, RTF_CLONING);
# else
# else
rtalloc_ign(ro, RTF_PRCLONING);
# endif
#else
# endif
# else
rtalloc(ro);
#endif
# endif
if (!ifp) {
if (!(fin->fin_fr->fr_flags & FR_FASTROUTE)) {
error = -2;
@ -773,19 +829,19 @@ frdest_t *fdp;
* If small enough for interface, can just send directly.
*/
if (ip->ip_len <= ifp->if_mtu) {
#ifndef sparc
# ifndef sparc
ip->ip_id = htons(ip->ip_id);
ip->ip_len = htons(ip->ip_len);
ip->ip_off = htons(ip->ip_off);
#endif
# endif
if (!ip->ip_sum)
ip->ip_sum = in_cksum(m, hlen);
#if BSD >= 199306
# if BSD >= 199306
error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst,
ro->ro_rt);
#else
# else
error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst);
#endif
# endif
goto done;
}
/*
@ -818,11 +874,11 @@ frdest_t *fdp;
error = ENOBUFS;
goto bad;
}
#if BSD >= 199306
# if BSD >= 199306
m->m_data += max_linkhdr;
#else
# else
m->m_off = MMAXOFF - hlen;
#endif
# endif
mhip = mtod(m, struct ip *);
bcopy((char *)ip, (char *)mhip, sizeof(*ip));
if (hlen > sizeof (struct ip)) {
@ -843,9 +899,9 @@ frdest_t *fdp;
error = ENOBUFS; /* ??? */
goto sendorfree;
}
#ifndef sparc
# ifndef sparc
mhip->ip_off = htons((u_short)mhip->ip_off);
#endif
# endif
mhip->ip_sum = 0;
mhip->ip_sum = in_cksum(m, mhlen);
*mnext = m;
@ -865,13 +921,13 @@ frdest_t *fdp;
m0 = m->m_act;
m->m_act = 0;
if (error == 0)
#if BSD >= 199306
# if BSD >= 199306
error = (*ifp->if_output)(ifp, m,
(struct sockaddr *)dst, ro->ro_rt);
#else
# else
error = (*ifp->if_output)(ifp, m,
(struct sockaddr *)dst);
#endif
# endif
else
m_freem(m);
}
@ -885,3 +941,159 @@ frdest_t *fdp;
m_freem(m);
goto done;
}
#else /* #ifdef _KERNEL */
static int no_output __P((struct ifnet *ifp, struct mbuf *m,
struct sockaddr *s, struct rtentry *rt))
{
return 0;
}
# ifdef __STDC__
static int write_output __P((struct ifnet *ifp, struct mbuf *m,
struct sockaddr *s, struct rtentry *rt))
{
ip_t *ip = (ip_t *)m;
# else
static int write_output(ifp, ip)
struct ifnet *ifp;
ip_t *ip;
{
# endif
FILE *fp;
char fname[32];
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606))
sprintf(fname, "/tmp/%s", ifp->if_xname);
if ((fp = fopen(fname, "a"))) {
fclose(fp);
}
#else
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
if ((fp = fopen(fname, "a"))) {
fwrite((char *)ip, ntohs(ip->ip_len), 1, fp);
fclose(fp);
}
#endif
}
struct ifnet *get_unit(name)
char *name;
{
struct ifnet *ifp, **ifa;
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606))
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
if (!strcmp(name, ifp->if_xname))
return ifp;
}
#else
char ifname[32], *s;
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
(void) sprintf(ifname, "%s%d", ifp->if_name, ifp->if_unit);
if (!strcmp(name, ifname))
return ifp;
}
#endif
if (!ifneta) {
ifneta = (struct ifnet **)malloc(sizeof(ifp) * 2);
ifneta[1] = NULL;
ifneta[0] = (struct ifnet *)calloc(1, sizeof(*ifp));
nifs = 1;
} else {
nifs++;
ifneta = (struct ifnet **)realloc(ifneta,
(nifs + 1) * sizeof(*ifa));
ifneta[nifs] = NULL;
ifneta[nifs - 1] = (struct ifnet *)malloc(sizeof(*ifp));
}
ifp = ifneta[nifs - 1];
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606))
strncpy(ifp->if_xname, name, sizeof(ifp->if_xname));
#else
for (s = name; *s && !isdigit(*s); s++)
;
if (*s && isdigit(*s)) {
ifp->if_unit = atoi(s);
ifp->if_name = (char *)malloc(s - name + 1);
strncpy(ifp->if_name, name, s - name);
ifp->if_name[s - name] = '\0';
} else {
ifp->if_name = strdup(name);
ifp->if_unit = -1;
}
#endif
ifp->if_output = no_output;
return ifp;
}
void init_ifp()
{
FILE *fp;
struct ifnet *ifp, **ifa;
char fname[32];
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606))
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s", ifp->if_xname);
if ((fp = fopen(fname, "w")))
fclose(fp);
}
#else
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
if ((fp = fopen(fname, "w")))
fclose(fp);
}
#endif
}
void ipfr_fastroute(ip, fin, fdp)
ip_t *ip;
fr_info_t *fin;
frdest_t *fdp;
{
struct ifnet *ifp = fdp->fd_ifp;
if (!ifp)
return; /* no routing table out here */
ip->ip_len = htons((u_short)ip->ip_len);
ip->ip_off = htons((u_short)(ip->ip_off | IP_MF));
ip->ip_sum = 0;
(*ifp->if_output)(ifp, (void *)ip, NULL, 0);
}
void ipllog()
{
verbose("l");
}
int send_reset(ip, ifp)
ip_t *ip;
struct ifnet *ifp;
{
verbose("- TCP RST sent\n");
return 0;
}
int icmp_error(ip, ifp)
ip_t *ip;
struct ifnet *ifp;
{
verbose("- TCP RST sent\n");
return 0;
}
#endif /* _KERNEL */

View File

@ -6,7 +6,7 @@
* to the original author and the contributors.
*
* @(#)ip_fil.h 1.35 6/5/96
* $Id: ip_fil.h,v 2.0.1.2 1997/01/10 00:28:15 darrenr Exp $
* $Id: ip_fil.h,v 2.0.2.9 1997/04/02 12:23:20 darrenr Exp $
*/
#ifndef __IP_FIL_H__
@ -19,20 +19,12 @@
#if defined(KERNEL) && !defined(_KERNEL)
#define _KERNEL
#endif
#if SOLARIS
# include <sys/ioccom.h>
# include <sys/sysmacros.h>
# ifdef _KERNEL
# include <inet/common.h>
/*
* because Solaris 2 defines these in two places :-/
*/
#undef IPOPT_EOL
#undef IPOPT_NOP
#undef IPOPT_LSRR
#undef IPOPT_RR
#undef IPOPT_SSRR
# include <inet/ip.h>
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
@ -118,9 +110,12 @@ typedef struct frdest {
typedef struct frentry {
struct frentry *fr_next;
struct ifnet *fr_ifa;
u_long fr_hits;
u_long fr_bytes; /* this is only incremented when a packet */
/* matches this rule and it is the last match*/
/*
* There are only incremented when a packet matches this rule and
* it is the last match
*/
U_QUAD_T fr_hits;
U_QUAD_T fr_bytes;
/*
* Fields after this may not change whilst in the kernel.
*/
@ -140,7 +135,7 @@ typedef struct frentry {
u_short fr_stop; /* top port for <> and >< */
u_short fr_dtop; /* top port for <> and >< */
u_long fr_flags; /* per-rule flags && options (see below) */
int (*fr_func)(); /* call this function */
int (*fr_func) __P((int, struct ip *, fr_info_t *)); /* call this function */
char fr_icode; /* return ICMP code */
char fr_ifname[IFNAMSIZ];
struct frdest fr_tif; /* "to" interface */
@ -162,7 +157,7 @@ typedef struct frentry {
/*
* fr_flags
*/
*/
#define FR_BLOCK 0x00001
#define FR_PASS 0x00002
#define FR_OUTQUE 0x00004
@ -276,18 +271,100 @@ typedef struct ipl_ci {
#define IPMINLEN(i, h) ((i)->ip_len >= ((i)->ip_hl * 4 + sizeof(struct h)))
#define IPLLOGSIZE 8192
extern int fr_check();
extern int fr_copytolog();
extern fr_info_t frcache[];
extern char *iplh, *iplt;
extern char iplbuf[IPLLOGSIZE];
#ifdef _KERNEL
extern struct frentry *ipfilter[2][2], *ipacct[2][2];
extern struct filterstats frstats[];
/*
* Device filenames. Use ipf on Solaris2 because ipl is already a name used
* by something else.
*/
#ifndef IPL_NAME
# if SOLARIS
extern int ipfsync();
# define IPL_NAME "/dev/ipf"
# else
# define IPL_NAME "/dev/ipl"
# endif
#endif
#define IPL_NAT "/dev/ipnat"
#define IPL_STATE "/dev/ipstate"
#define IPL_LOGIPF 0 /* Minor device #'s for accessing logs */
#define IPL_LOGNAT 1
#define IPL_LOGSTATE 2
#if !defined(CDEV_MAJOR) && defined (__FreeBSD_version) && \
(__FreeBSD_version >= 220000)
# define CDEV_MAJOR 79
#endif
#ifndef _KERNEL
extern int fr_check __P((struct ip *, int, struct ifnet *, int, char *));
extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *,
int, char *));
extern int send_reset __P((struct ip *, struct ifnet *));
extern int icmp_error __P((struct ip *, struct ifnet *));
extern void ipllog __P((void));
extern void ipfr_fastroute __P((struct ip *, fr_info_t *, frdest_t *));
#else
# if SOLARIS
extern int fr_check __P((struct ip *, int, struct ifnet *, int, qif_t *,
queue_t *, mblk_t **));
extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *,
int, qif_t *, queue_t *, mblk_t *));
extern int icmp_error __P((queue_t *, ip_t *, int, int, qif_t *,
struct in_addr));
# else
extern int fr_check __P((struct ip *, int, struct ifnet *, int,
struct mbuf **));
extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int,
struct mbuf **));
extern int send_reset __P((struct tcpiphdr *));
extern int ipllog __P((u_int, int, struct ip *, fr_info_t *, struct mbuf *));
extern void ipfr_fastroute __P((struct mbuf *, fr_info_t *, frdest_t *));
# endif
#endif
extern int fr_copytolog __P((int, char *, int));
extern int ipl_unreach;
extern fr_info_t frcache[];
extern char *iplh[3], *iplt[3];
extern char iplbuf[3][IPLLOGSIZE];
extern int iplused[3];
extern struct frentry *ipfilter[2][2], *ipacct[2][2];
extern struct filterstats frstats[];
#ifndef _KERNEL
extern int iplioctl __P((dev_t, int, caddr_t, int));
extern int iplopen __P((dev_t, int));
extern int iplclose __P((dev_t, int));
#else
extern int iplattach __P((void));
extern int ipldetach __P((void));
# if SOLARIS
extern int iplioctl __P((dev_t, int, int, int, cred_t *, int *));
extern int iplopen __P((dev_t *, int, int, cred_t *));
extern int iplclose __P((dev_t, int, int, cred_t *));
extern int ipfsync __P((void));
# ifdef IPFILTER_LOG
extern int iplread __P((dev_t, struct uio *, cred_t *));
# endif
# else
# ifdef IPFILTER_LKM
extern int iplidentify __P((char *));
# endif
# if (_BSDI_VERSION >= 199510) || (__FreeBSD_version >= 199612)
extern int iplioctl __P((dev_t, int, caddr_t, int, struct proc *));
extern int iplopen __P((dev_t, int, int, struct proc *));
extern int iplclose __P((dev_t, int, int, struct proc *));
# else
extern int iplioctl __P((dev_t, int, caddr_t, int));
extern int iplopen __P((dev_t, int));
extern int iplclose __P((dev_t, int));
# endif /* (_BSDI_VERSION >= 199510) */
# ifdef IPFILTER_LOG
# if BSD >= 199306
extern int iplread __P((dev_t, struct uio *, int));
# else
extern int iplread __P((dev_t, struct uio *));
# endif /* BSD >= 199306 */
# else
# define iplread noread
# endif /* IPFILTER_LOG */
# endif /* SOLARIS */
#endif /* _KERNEL */
#endif /* __IP_FIL_H__ */

View File

@ -7,7 +7,7 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: ip_frag.c,v 2.0.1.2 1997/02/16 06:17:35 darrenr Exp $";
static char rcsid[] = "$Id: ip_frag.c,v 2.0.2.5 1997/04/02 12:23:21 darrenr Exp $";
#endif
#if !defined(_KERNEL) && !defined(KERNEL)
@ -17,12 +17,19 @@ static char rcsid[] = "$Id: ip_frag.c,v 2.0.1.2 1997/02/16 06:17:35 darrenr Exp
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#if defined(__FreeBSD__) && (__FreeBSD__ >= 3)
#include <sys/ioccom.h>
#include <sys/filio.h>
#include <sys/fcntl.h>
#else
#include <sys/ioctl.h>
#endif
#include <sys/uio.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#ifdef _KERNEL
#ifdef _KERNEL
# include <sys/systm.h>
#endif
#if !defined(__SVR4) && !defined(__svr4__)
@ -47,8 +54,8 @@ static char rcsid[] = "$Id: ip_frag.c,v 2.0.1.2 1997/02/16 06:17:35 darrenr Exp
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_frag.h"
#include "ip_nat.h"
#include "ip_state.h"
@ -69,6 +76,13 @@ extern kmutex_t ipf_frag;
# endif
#endif
#ifdef __FreeBSD__
# if BSD < 199306
int ipfr_slowtimer __P((void));
# else
void ipfr_slowtimer __P((void));
# endif
#endif /* __FreeBSD__ */
ipfrstat_t *ipfr_fragstats()
{
@ -114,7 +128,8 @@ int pass;
return -1;
}
if (!(fr = (ipfr_t *)KMALLOC(sizeof(*fr)))) {
KMALLOC(fr, ipfr_t *, sizeof(*fr));
if (fr == NULL) {
ipfr_stats.ifs_nomem++;
MUTEX_EXIT(&ipf_frag);
return -1;
@ -230,10 +245,10 @@ void ipfr_unload()
* Slowly expire held state for fragments. Timeouts are set * in expectation
* of this being called twice per second.
*/
# if BSD < 199306
int ipfr_slowtimer()
# else
# if (BSD >= 199306) || SOLARIS
void ipfr_slowtimer()
# else
int ipfr_slowtimer()
# endif
{
ipfr_t **fp, *fr;

View File

@ -6,7 +6,7 @@
* to the original author and the contributors.
*
* @(#)ip_frag.h 1.5 3/24/96
* $Id: ip_frag.h,v 2.0.1.1 1997/01/09 15:14:43 darrenr Exp $
* $Id: ip_frag.h,v 2.0.2.4 1997/03/27 13:45:09 darrenr Exp $
*/
#ifndef __IP_FRAG_H_
@ -39,9 +39,13 @@ typedef struct ipfrstat {
#define IPFR_CMPSZ (4 + 4 + 2 + 1 + 1)
extern ipfrstat_t *ipfr_fragstats();
extern int ipfr_newfrag(), ipfr_knownfrag();
# ifdef _KERNEL
extern void ipfr_unload();
# endif
extern ipfrstat_t *ipfr_fragstats __P((void));
extern int ipfr_newfrag __P((ip_t *, fr_info_t *, int));
extern int ipfr_knownfrag __P((ip_t *, fr_info_t *));
extern void ipfr_unload __P((void));
#if (BSD >= 199306) || SOLARIS
extern void ipfr_slowtimer __P((void));
#else
extern int ipfr_slowtimer __P((void));
#endif
#endif /* __IP_FIL_H__ */

View File

@ -9,7 +9,11 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
static char rcsid[] = "$Id: ip_nat.c,v 2.0.1.11 1997/02/16 06:26:47 darrenr Exp $";
static char rcsid[] = "$Id: ip_nat.c,v 2.0.2.8 1997/04/02 12:23:23 darrenr Exp $";
#endif
#if defined(__FreeBSD__) && defined(KERNEL)
#define _KERNEL
#endif
#if !defined(_KERNEL) && !defined(KERNEL)
@ -20,12 +24,13 @@ static char rcsid[] = "$Id: ip_nat.c,v 2.0.1.11 1997/02/16 06:26:47 darrenr Exp
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/uio.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#ifdef _KERNEL
#ifdef _KERNEL
# include <sys/systm.h>
#endif
#if !defined(__SVR4) && !defined(__svr4__)
@ -57,8 +62,8 @@ extern struct ifnet vpnif;
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_nat.h"
#include "ip_state.h"
#ifndef MIN
@ -80,10 +85,13 @@ extern kmutex_t ipf_nat;
# endif
#endif
static int flush_nattable(), clear_natlist();
static void nattable_sync();
static int flush_nattable __P((void)), clear_natlist __P((void));
static void nattable_sync __P((void)), nat_delete __P((struct nat *));
static nat_t *nat_new __P((ipnat_t *, ip_t *, fr_info_t *, u_short, int));
static void fix_outcksum __P((u_short *, u_long));
static void fix_incksum __P((u_short *, u_long));
void fix_outcksum(sp, n)
static void fix_outcksum(sp, n)
u_short *sp;
u_long n;
{
@ -104,7 +112,7 @@ u_long n;
}
void fix_incksum(sp, n)
static void fix_incksum(sp, n)
u_short *sp;
u_long n;
{
@ -182,7 +190,8 @@ int cmd, mode;
error = EEXIST;
break;
}
if (!(n = (ipnat_t *)KMALLOC(sizeof(*n)))) {
KMALLOC(n, ipnat_t *, sizeof(*n));
if (n == NULL) {
error = ENOMEM;
break;
}
@ -365,7 +374,7 @@ static int clear_natlist()
/*
* Create a new NAT table entry.
*/
nat_t *nat_new(np, ip, fin, flags, direction)
static nat_t *nat_new(np, ip, fin, flags, direction)
ipnat_t *np;
ip_t *ip;
fr_info_t *fin;
@ -387,15 +396,22 @@ int direction;
}
/* Give me a new nat */
if (!(nat = (nat_t *)KMALLOC(sizeof(*nat))))
KMALLOC(nat, nat_t *, sizeof(*nat));
if (nat == NULL)
return NULL;
bzero((char *)nat, sizeof(*nat));
nat->nat_flags = flags;
/*
* Search the current table for a match.
*/
if (direction == NAT_OUTBOUND) {
#if SOLARIS
ill_t *ill = fin->fin_ifp;
#else
struct ifnet *ifp = fin->fin_ifp;
#endif
/*
* If it's an outbound packet which doesn't match any existing
* record, then create a new port
@ -403,6 +419,34 @@ int direction;
do {
port = 0;
in.s_addr = np->in_nip;
if (!in.s_addr && (np->in_outmsk == 0xffffffff)) {
#if SOLARIS
in.s_addr = ill->ill_ipif->ipif_local_addr;
#else
struct ifaddr *ifa;
struct sockaddr_in *sin;
ifa = ifp->if_addrlist;
# if BSD < 199306
sin = (struct sockaddr_in *)&ifa->ifa_addr;
# else
sin = (struct sockaddr_in *)ifa->ifa_addr;
while (sin && ifa &&
sin->sin_family != AF_INET) {
ifa = ifa->ifa_next;
sin = (struct sockaddr_in *)ifa->ifa_addr;
}
if (!ifa)
sin = NULL;
if (!sin) {
KFREE(nat);
return NULL;
}
# endif
in = sin->sin_addr;
in.s_addr = ntohl(in.s_addr);
#endif
}
if (nflags & IPN_TCPUDP) {
port = htons(np->in_pnext++);
if (np->in_pnext >= ntohs(np->in_pmax)) {
@ -555,8 +599,9 @@ u_short sport, mapdport;
for (; nat; nat = nat->nat_hnext[1])
if (nat->nat_oip.s_addr == src.s_addr &&
nat->nat_outip.s_addr == mapdst.s_addr &&
(!flags || (nat->nat_oport == sport &&
nat->nat_outport == mapdport)))
flags == nat->nat_flags && (!flags ||
(nat->nat_oport == sport &&
nat->nat_outport == mapdport)))
return nat;
return NULL;
}
@ -581,8 +626,8 @@ u_short sport, dport;
for (; nat; nat = nat->nat_hnext[0])
if (nat->nat_inip.s_addr == src.s_addr &&
nat->nat_oip.s_addr == dst.s_addr &&
(!flags || (nat->nat_inport == sport &&
nat->nat_oport == dport)))
flags == nat->nat_flags && (!flags ||
(nat->nat_inport == sport && nat->nat_oport == dport)))
return nat;
return NULL;
}
@ -606,8 +651,9 @@ u_short mapsport, dport;
for (; nat; nat = nat->nat_hnext[0])
if (nat->nat_outip.s_addr == mapsrc.s_addr &&
nat->nat_oip.s_addr == dst.s_addr &&
(!flags || (nat->nat_outport == mapsport &&
nat->nat_oport == dport)))
flags == nat->nat_flags && (!flags ||
(nat->nat_outport == mapsport &&
nat->nat_oport == dport)))
return nat;
return NULL;
}
@ -684,17 +730,20 @@ fr_info_t *fin;
*/
if (!(nat = nat_outlookup(nflags, ip->ip_src, sport,
ip->ip_dst, dport))) {
if (np->in_redir == NAT_REDIRECT)
continue;
/*
* if it's a redirection, then we don't want
* If it's a redirection, then we don't want
* to create new outgoing port stuff.
* Redirections are only for incoming
* connections.
*/
if (np->in_redir == NAT_REDIRECT)
continue;
if (!(nat = nat_new(np, ip, fin, nflags,
NAT_OUTBOUND)))
break;
#ifdef IPFILTER_LOG
nat_log(nat, (u_short)np->in_redir);
#endif
}
ip->ip_src = nat->nat_outip;
@ -719,8 +768,8 @@ fr_info_t *fin;
if (ip->ip_p == IPPROTO_TCP) {
csump = &tcp->th_sum;
set_tcp_age(&nat->nat_age,
nat->nat_state, ip, fin,1);
fr_tcp_age(&nat->nat_age,
nat->nat_state, ip, fin,1);
} else if (ip->ip_p == IPPROTO_UDP) {
udphdr_t *udp = (udphdr_t *)tcp;
@ -787,20 +836,20 @@ fr_info_t *fin;
(np->in_redir == NAT_MAP || np->in_pmin == dport)) {
if (!(nat = nat_inlookup(nflags, ip->ip_src, sport,
ip->ip_dst, dport))) {
/*
* If this rule (np) is a redirection, rather
* than a mapping, then do a nat_new.
* Otherwise, if it's just a mapping, do a
* continue;
*/
if (np->in_redir == NAT_MAP)
continue;
else {
/*
* If this rule (np) is a redirection,
* rather than a mapping, then do a
* nat_new. Otherwise, if it's just a
* mapping, do a continue;
*/
if (!(nat = nat_new(np, ip, fin,
nflags,
NAT_INBOUND)))
break;
}
if (!(nat = nat_new(np, ip, fin, nflags,
NAT_INBOUND)))
break;
#ifdef IPFILTER_LOG
nat_log(nat, (u_short)np->in_redir);
#endif
}
ip->ip_dst = nat->nat_inip;
@ -824,8 +873,8 @@ fr_info_t *fin;
if (ip->ip_p == IPPROTO_TCP) {
csump = &tcp->th_sum;
set_tcp_age(&nat->nat_age,
nat->nat_state, ip, fin,0);
fr_tcp_age(&nat->nat_age,
nat->nat_state, ip, fin,0);
} else if (ip->ip_p == IPPROTO_UDP) {
udphdr_t *udp = (udphdr_t *)tcp;
@ -887,9 +936,61 @@ void ip_natexpire()
continue;
}
*natp = nat->nat_next;
#ifdef IPFILTER_LOG
nat_log(nat, NL_EXPIRE);
#endif
nat_delete(nat);
nat_stats.ns_expire++;
}
SPLX(s);
MUTEX_EXIT(&ipf_nat);
}
#ifdef IPFILTER_LOG
void nat_log(nat, type)
struct nat *nat;
u_short type;
{
struct ipnat *np;
struct natlog natl;
int rulen;
if (iplused[IPL_LOGNAT] + sizeof(natl) > IPLLOGSIZE) {
nat_stats.ns_logfail++;
return;
}
if (iplh[IPL_LOGNAT] == iplbuf[IPL_LOGNAT] + IPLLOGSIZE)
iplh[IPL_LOGNAT] = iplbuf[IPL_LOGNAT];
# ifdef sun
uniqtime(&natl);
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
microtime((struct timeval *)&natl);
# endif
natl.nl_origport = nat->nat_oport;
natl.nl_outport = nat->nat_outport;
natl.nl_inport = nat->nat_inport;
natl.nl_origip = nat->nat_oip;
natl.nl_outip = nat->nat_outip;
natl.nl_inip = nat->nat_inip;
natl.nl_type = type;
natl.nl_rule = -1;
if (nat->nat_ptr) {
for (rulen = 0, np = nat_list; np; np = np->in_next, rulen++)
if (np == nat->nat_ptr) {
natl.nl_rule = rulen;
break;
}
}
if (!fr_copytolog(IPL_LOGNAT, (char *)&natl, sizeof(natl))) {
iplused[IPL_LOGNAT] += sizeof(natl);
nat_stats.ns_logged++;
} else
nat_stats.ns_logfail++;
wakeup(iplbuf[IPL_LOGNAT]);
}
#endif

View File

@ -6,7 +6,7 @@
* to the original author and the contributors.
*
* @(#)ip_nat.h 1.5 2/4/96
* $Id: ip_nat.h,v 2.0.1.7 1997/01/30 12:39:41 darrenr Exp $
* $Id: ip_nat.h,v 2.0.2.6 1997/03/31 10:05:30 darrenr Exp $
*/
#ifndef __IP_NAT_H_
@ -40,7 +40,8 @@
#define NAT_SIZE 367
typedef struct nat {
int nat_age;
u_long nat_age;
int nat_flags;
u_long nat_sumd;
u_long nat_ipsumd;
struct in_addr nat_inip;
@ -101,6 +102,8 @@ typedef struct natstat {
u_long ns_added;
u_long ns_expire;
u_long ns_inuse;
u_long ns_logged;
u_long ns_logfail;
nat_t **ns_table[2];
ipnat_t *ns_list;
} natstat_t;
@ -110,9 +113,37 @@ typedef struct natstat {
#define IPN_UDP 2
#define IPN_TCPUDP 3
typedef struct natlog {
struct timeval nl_tv;
struct in_addr nl_origip;
struct in_addr nl_outip;
struct in_addr nl_inip;
u_short nl_origport;
u_short nl_outport;
u_short nl_inport;
u_short nl_type;
int nl_rule;
} natlog_t;
#define NL_NEWMAP NAT_MAP
#define NL_NEWRDR NAT_REDIRECT
#define NL_EXPIRE 0xffff
extern nat_t *nat_table[2][NAT_SIZE];
extern int nat_ioctl();
extern nat_t *nat_outlookup(), *nat_inlookup(), *nat_lookupredir();
extern int ip_natout(), ip_natin();
extern void ip_natunload(), ip_natexpire();
extern int nat_ioctl __P((caddr_t, int, int));
extern nat_t *nat_outlookup __P((int, struct in_addr, u_short,
struct in_addr, u_short));
extern nat_t *nat_inlookup __P((int, struct in_addr, u_short,
struct in_addr, u_short));
extern nat_t *nat_lookupredir __P((natlookup_t *));
extern nat_t *nat_lookupmapip __P((int, struct in_addr, u_short,
struct in_addr, u_short));
extern int ip_natout __P((ip_t *, int, fr_info_t *));
extern int ip_natin __P((ip_t *, int, fr_info_t *));
extern void ip_natunload __P((void)), ip_natexpire __P((void));
extern void nat_log __P((struct nat *, u_short));
#endif /* __IP_NAT_H__ */

View File

@ -9,7 +9,7 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "%W% %G% (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: ip_sfil.c,v 2.0.1.3 1997/02/04 14:49:15 darrenr Exp $";
static char rcsid[] = "$Id: ip_sfil.c,v 2.0.2.3 1997/03/27 13:45:13 darrenr Exp $";
#endif
#include <sys/types.h>
@ -40,8 +40,8 @@ static char rcsid[] = "$Id: ip_sfil.c,v 2.0.1.3 1997/02/04 14:49:15 darrenr Exp
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_state.h"
#include "ip_frag.h"
#include "ip_nat.h"
@ -54,22 +54,22 @@ extern fr_flags, fr_active;
int ipfr_timer_id = 0;
int ipl_unreach = ICMP_UNREACH_HOST;
int send_reset();
int send_reset __P((struct tcpiphdr *, qif_t *, queue_t *));
u_short ipf_cksum __P((u_short *, int));
static void frzerostats __P((caddr_t));
#ifdef IPFILTER_LOG
int ipllog();
static void frflush();
char iplbuf[IPLLOGSIZE];
caddr_t iplh = iplbuf, iplt = iplbuf;
static int iplused = 0;
int ipllog __P((u_int, int, ip_t *, fr_info_t *, mblk_t *));
static void frflush __P((caddr_t));
char iplbuf[3][IPLLOGSIZE];
caddr_t iplh[3], iplt[3];
static int iplused[3] = {0, 0, 0};
#endif /* IPFILTER_LOG */
static int frrequest();
static int frrequest __P((int, caddr_t, int));
kmutex_t ipl_mutex, ipf_mutex, ipfs_mutex;
kmutex_t ipf_frag, ipf_state, ipf_nat;
kcondvar_t iplwait;
extern void ipfr_slowtimer();
int ipldetach()
{
@ -91,8 +91,15 @@ int ipldetach()
}
int iplattach()
int iplattach __P((void))
{
int i;
for (i = 0; i <= 2; i++) {
iplt[i] = iplbuf[i];
iplh[i] = iplbuf[i];
}
bzero((char *)nat_table, sizeof(nat_t *) * NAT_SIZE * 2);
mutex_init(&ipl_mutex, "ipf log mutex", MUTEX_DRIVER, NULL);
mutex_init(&ipf_mutex, "ipf filter mutex", MUTEX_DRIVER, NULL);
@ -175,12 +182,14 @@ caddr_t data;
int iplioctl(dev, cmd, data, mode, cp, rp)
dev_t dev;
int cmd;
caddr_t data;
int data;
int mode;
cred_t *cp;
int *rp;
{
int error = 0;
int error = 0, unit;
unit = getminor(dev);
switch (cmd) {
case SIOCFRENB :
@ -189,18 +198,18 @@ int *rp;
if (!(mode & FWRITE))
return EPERM;
IRCOPY(data, (caddr_t)&enable, sizeof(enable));
IRCOPY((caddr_t)data, (caddr_t)&enable, sizeof(enable));
break;
}
case SIOCSETFF :
if (!(mode & FWRITE))
return EPERM;
mutex_enter(&ipf_mutex);
IRCOPY(data, (caddr_t)&fr_flags, sizeof(fr_flags));
IRCOPY((caddr_t)data, (caddr_t)&fr_flags, sizeof(fr_flags));
mutex_exit(&ipf_mutex);
break;
case SIOCGETFF :
IWCOPY((caddr_t)&fr_flags, data, sizeof(fr_flags));
IWCOPY((caddr_t)&fr_flags, (caddr_t)data, sizeof(fr_flags));
break;
case SIOCINAFR :
case SIOCRMAFR :
@ -209,7 +218,7 @@ int *rp;
if (!(mode & FWRITE))
return EPERM;
mutex_enter(&ipf_mutex);
error = frrequest(cmd, data, fr_active);
error = frrequest(cmd, (caddr_t)data, fr_active);
mutex_exit(&ipf_mutex);
break;
case SIOCINIFR :
@ -218,7 +227,7 @@ int *rp;
if (!(mode & FWRITE))
return EPERM;
mutex_enter(&ipf_mutex);
error = frrequest(cmd, data, 1 - fr_active);
error = frrequest(cmd, (caddr_t)data, 1 - fr_active);
mutex_exit(&ipf_mutex);
break;
case SIOCSWAPA :
@ -247,29 +256,30 @@ int *rp;
fio.f_acctout[1] = ipacct[1][1];
fio.f_active = fr_active;
mutex_exit(&ipf_mutex);
IWCOPY((caddr_t)&fio, data, sizeof(fio));
IWCOPY((caddr_t)&fio, (caddr_t)data, sizeof(fio));
break;
}
case SIOCFRZST :
if (!(mode & FWRITE))
return EPERM;
frzerostats(data);
frzerostats((caddr_t)data);
break;
#ifdef IPFILTER_LOG
case SIOCIPFFL :
if (!(mode & FWRITE))
return EPERM;
mutex_enter(&ipf_mutex);
frflush(data);
frflush((caddr_t)data);
mutex_exit(&ipf_mutex);
break;
case SIOCIPFFB :
if (!(mode & FWRITE))
return EPERM;
mutex_enter(&ipl_mutex);
IWCOPY((caddr_t)&iplused, data, sizeof(iplused));
iplh = iplt = iplbuf;
iplused = 0;
IWCOPY((caddr_t)&iplused[unit], (caddr_t)data,
sizeof(iplused[unit]));
iplh[unit] = iplt[unit] = iplbuf[unit];
iplused[unit] = 0;
mutex_exit(&ipl_mutex);
break;
#endif /* IPFILTER_LOG */
@ -284,13 +294,15 @@ int *rp;
case SIOCGNATL :
case SIOCFLNAT :
case SIOCCNATL :
error = nat_ioctl(data, cmd, mode);
error = nat_ioctl((caddr_t)data, cmd, mode);
break;
case SIOCGFRST :
IWCOPY((caddr_t)ipfr_fragstats(), data, sizeof(ipfrstat_t));
IWCOPY((caddr_t)ipfr_fragstats(), (caddr_t)data,
sizeof(ipfrstat_t));
break;
case SIOCGIPST :
IWCOPY((caddr_t)fr_statetstats(), data, sizeof(ips_stat_t));
IWCOPY((caddr_t)fr_statetstats(), (caddr_t)data,
sizeof(ips_stat_t));
break;
default :
error = EINVAL;
@ -418,7 +430,8 @@ caddr_t data;
if (f)
error = EEXIST;
else {
if ((f = (struct frentry *)KMALLOC(sizeof(*f)))) {
KMALLOC(f, frentry_t *, sizeof(*f));
if (f != NULL) {
bcopy((char *)fp, (char *)f, sizeof(*f));
f->fr_hits = 0;
f->fr_next = *ftail;
@ -443,8 +456,7 @@ cred_t *cred;
if (!(otype & OTYP_CHR))
return ENXIO;
if (min)
min = ENXIO;
min = (2 < min || min < 0) ? ENXIO : 0;
return min;
}
@ -456,8 +468,7 @@ cred_t *cred;
{
u_int min = getminor(dev);
if (min)
min = ENXIO;
min = (2 < min || min < 0) ? ENXIO : 0;
return min;
}
@ -476,7 +487,9 @@ cred_t *cp;
register int ret;
register size_t sz, sx;
char *h, *t;
int error, used, usedo, copied;
int error, used, usedo, copied, unit;
unit = getminor(dev);
if (!uio->uio_resid)
return 0;
@ -488,16 +501,16 @@ cred_t *cp;
* if the log is empty.
*/
mutex_enter(&ipl_mutex);
while (!iplused) {
while (!iplused[unit]) {
error = cv_wait_sig(&iplwait, &ipl_mutex);
if (!error) {
mutex_exit(&ipl_mutex);
return EINTR;
}
}
h = iplh;
t = iplt;
used = iplused;
h = iplh[unit];
t = iplt[unit];
used = iplused[unit];
mutex_exit(&ipl_mutex);
usedo = used;
@ -507,14 +520,14 @@ cred_t *cp;
*/
sx = sz = MIN(uio->uio_resid, used);
if (h <= t)
sz = MIN(sz, IPLLOGSIZE + iplbuf - t);
sz = MIN(sz, IPLLOGSIZE + iplbuf[unit] - t);
if (!(ret = uiomove(t, sz, UIO_READ, uio))) {
t += sz;
sx -= sz;
used -= sz;
if ((h < t) && (t >= iplbuf + IPLLOGSIZE))
t = iplbuf;
if ((h < t) && (t >= iplbuf[unit] + IPLLOGSIZE))
t = iplbuf[unit];
if (sx && !(ret = uiomove(t, sx, UIO_READ, uio)))
used -= sx;
@ -525,24 +538,25 @@ cred_t *cp;
*/
mutex_enter(&ipl_mutex);
copied = usedo - used;
iplused -= copied;
iplused[unit] -= copied;
if (!iplused) /* minimise wrapping around the end */
iplh = iplt = iplbuf;
if (!iplused[unit]) /* minimise wrapping around the end */
iplh[unit] = iplt[unit] = iplbuf[unit];
else {
iplt += copied;
if (iplt >= iplbuf + IPLLOGSIZE)
iplt -= IPLLOGSIZE;
if (iplt == iplbuf + IPLLOGSIZE)
iplt = iplbuf;
iplt[unit] += copied;
if (iplt[unit] >= iplbuf[unit] + IPLLOGSIZE)
iplt[unit] -= IPLLOGSIZE;
if (iplt[unit] == iplbuf[unit] + IPLLOGSIZE)
iplt[unit] = iplbuf[unit];
}
mutex_exit(&ipl_mutex);
return ret;
}
int ipllog(flags, ip, fin, m)
int ipllog(flags, dev, ip, fin, m)
u_int flags;
int dev;
ip_t *ip;
fr_info_t *fin;
mblk_t *m;
@ -575,11 +589,11 @@ mblk_t *m;
mlen = (flags & FR_LOGBODY) ? MIN(msgdsize(m) - hlen, 128) : 0;
len = hlen + sizeof(iplci) + mlen;
mutex_enter(&ipl_mutex);
if ((iplused + len) > IPLLOGSIZE) {
if ((iplused[dev] + len) > IPLLOGSIZE) {
mutex_exit(&ipl_mutex);
return 0;
}
iplused += len;
iplused[dev] += len;
uniqtime((struct timeval *)&iplci);
iplci.flags = flags;
@ -592,14 +606,14 @@ mblk_t *m;
/*
* Gauranteed to succeed from above
*/
(void) fr_copytolog(&iplci, sizeof(iplci));
(void) fr_copytolog(dev, (char *)&iplci, sizeof(iplci));
len -= sizeof(iplci);
if (len && m) {
s = m->b_rptr;
do {
if ((hlen = MIN(m->b_wptr - s, len))) {
if (fr_copytolog(s, hlen))
if (fr_copytolog(dev, s, hlen))
break;
len -= hlen;
}
@ -725,7 +739,7 @@ struct in_addr src;
bcopy((char *)ip, (char *)&icmp->icmp_ip, sizeof(*ip));
bcopy((char *)ip + (ip->ip_hl << 2),
(char *)&icmp->icmp_ip + sizeof(*ip), 8); /* 64 bits */
icmp->icmp_cksum = ipf_cksum(icmp, sizeof(*icmp) + 8);
icmp->icmp_cksum = ipf_cksum((u_short *)icmp, sizeof(*icmp) + 8);
ip_wput(qif->qf_ill->ill_wq, mb);
return 0;
}

View File

@ -7,7 +7,7 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: ip_state.c,v 2.0.1.3 1997/02/16 06:18:36 darrenr Exp $";
static char rcsid[] = "$Id: ip_state.c,v 2.0.2.6 1997/04/02 12:23:24 darrenr Exp $";
#endif
#if !defined(_KERNEL) && !defined(KERNEL)
@ -17,12 +17,19 @@ static char rcsid[] = "$Id: ip_state.c,v 2.0.1.3 1997/02/16 06:18:36 darrenr Exp
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#if defined(__FreeBSD__) && (__FreeBSD__ >= 3)
#include <sys/ioccom.h>
#include <sys/filio.h>
#include <sys/fcntl.h>
#else
#include <sys/ioctl.h>
#endif
#include <sys/uio.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#ifdef _KERNEL
#ifdef _KERNEL
# include <sys/systm.h>
#endif
#if !defined(__SVR4) && !defined(__svr4__)
@ -48,15 +55,13 @@ static char rcsid[] = "$Id: ip_state.c,v 2.0.1.3 1997/02/16 06:18:36 darrenr Exp
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_state.h"
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
void set_tcp_age();
#define TCP_CLOSE (TH_FIN|TH_RST)
ipstate_t *ips_table[IPSTATE_SIZE];
@ -169,8 +174,8 @@ u_int pass;
*/
if ((tcp->th_flags & (TH_SYN|TH_ACK)) == TH_SYN)
is->is_ack = 0; /* Trumpet WinSock 'ism */
set_tcp_age(&is->is_age, is->is_state, ip, fin,
tcp->th_sport == is->is_sport);
fr_tcp_age(&is->is_age, is->is_state, ip, fin,
tcp->th_sport == is->is_sport);
break;
}
case IPPROTO_UDP :
@ -187,7 +192,8 @@ u_int pass;
return -1;
}
if (!(is = (ipstate_t *)KMALLOC(sizeof(*is)))) {
KMALLOC(is, ipstate_t *, sizeof(*is));
if (is == NULL) {
ips_stats.iss_nomem++;
return -1;
}
@ -197,9 +203,14 @@ u_int pass;
is->is_next = ips_table[hv];
ips_table[hv] = is;
is->is_pass = pass;
is->is_pkts = 1;
is->is_bytes = ip->ip_len;
if (pass & FR_LOGFIRST)
is->is_pass &= ~(FR_LOGFIRST|FR_LOG);
ips_num++;
#ifdef IPFILTER_LOG
ipstate_log(is, ISL_NEW);
#endif
MUTEX_EXIT(&ipf_state);
return 0;
}
@ -210,13 +221,7 @@ u_int pass;
* change timeout depending on whether new packet is a SYN-ACK returning for a
* SYN or a RST or FIN which indicate time to close up shop.
*/
int fr_tcpstate(is, fin, ip, tcp, sport
#ifndef _KERNEL
,isp)
ipstate_t **isp;
#else
)
#endif
int fr_tcpstate(is, fin, ip, tcp, sport)
register ipstate_t *is;
fr_info_t *fin;
ip_t *ip;
@ -278,11 +283,13 @@ u_short sport;
is->is_dwin = ntohs(tcp->th_win);
}
ips_stats.iss_hits++;
is->is_pkts++;
is->is_bytes += ip->ip_len;
/*
* Nearing end of connection, start timeout.
*/
set_tcp_age(&is->is_age, is->is_state, ip, fin,
tcp->th_sport == is->is_sport);
fr_tcp_age(&is->is_age, is->is_state, ip, fin,
tcp->th_sport == is->is_sport);
return 1;
}
return 0;
@ -301,7 +308,7 @@ fr_info_t *fin;
register u_char pr;
struct icmp *ic;
tcphdr_t *tcp;
u_int hv, hlen;
u_int hv, hlen, pass;
if ((ip->ip_off & 0x1fff) || (fin->fin_fi.fi_fl & FI_SHORT))
return 0;
@ -336,6 +343,8 @@ fr_info_t *fin;
is->is_icmp.ics_type != ic->icmp_type)
continue;
is->is_age = fr_icmptimeout;
is->is_pkts++;
is->is_bytes += ip->ip_len;
ips_stats.iss_hits++;
MUTEX_EXIT(&ipf_state);
return is->is_pass;
@ -357,7 +366,6 @@ fr_info_t *fin;
if (fr_tcpstate(is, fin, ip, tcp, sport)) {
#ifdef _KERNEL
MUTEX_EXIT(&ipf_state);
return is->is_pass;
#else
int pass = is->is_pass;
@ -366,8 +374,8 @@ fr_info_t *fin;
isp = &ips_table[hv];
KFREE(is);
}
return pass;
#endif
return pass;
}
}
MUTEX_EXIT(&ipf_state);
@ -389,9 +397,12 @@ fr_info_t *fin;
PAIRS(sport, dport, is->is_sport, is->is_dport) &&
IPPAIR(src, dst, is->is_src, is->is_dst)) {
ips_stats.iss_hits++;
is->is_pkts++;
is->is_bytes += ip->ip_len;
is->is_age = fr_udptimeout;
pass = is->is_pass;
MUTEX_EXIT(&ipf_state);
return is->is_pass;
return pass;
}
MUTEX_EXIT(&ipf_state);
break;
@ -445,6 +456,9 @@ void fr_timeoutstate()
ips_stats.iss_fin++;
else
ips_stats.iss_expire++;
#ifdef IPFILTER_LOG
ipstate_log(is, ISL_EXPIRE);
#endif
KFREE(is);
ips_num--;
} else
@ -458,8 +472,8 @@ void fr_timeoutstate()
* Original idea freom Pradeep Krishnan for use primarily with NAT code.
* (pkrishna@netcom.com)
*/
void set_tcp_age(age, state, ip, fin, dir)
int *age;
void fr_tcp_age(age, state, ip, fin, dir)
u_long *age;
u_char *state;
ip_t *ip;
fr_info_t *fin;
@ -540,3 +554,51 @@ int dir;
break;
}
}
#ifdef IPFILTER_LOG
void ipstate_log(is, type)
struct ipstate *is;
u_short type;
{
struct ipslog ipsl;
if (iplused[IPL_LOGSTATE] + sizeof(ipsl) > IPLLOGSIZE) {
ips_stats.iss_logfail++;
return;
}
if (iplh[IPL_LOGSTATE] == iplbuf[IPL_LOGSTATE] + IPLLOGSIZE)
iplh[IPL_LOGSTATE] = iplbuf[IPL_LOGSTATE];
# ifdef sun
uniqtime(&ipsl);
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
microtime((struct timeval *)&ipsl);
# endif
ipsl.isl_pkts = is->is_pkts;
ipsl.isl_bytes = is->is_bytes;
ipsl.isl_src = is->is_src;
ipsl.isl_dst = is->is_dst;
ipsl.isl_p = is->is_p;
ipsl.isl_flags = is->is_flags;
ipsl.isl_type = type;
if (ipsl.isl_p == IPPROTO_TCP || ipsl.isl_p == IPPROTO_UDP) {
ipsl.isl_sport = is->is_sport;
ipsl.isl_dport = is->is_dport;
} else if (ipsl.isl_p == IPPROTO_ICMP)
ipsl.isl_itype = is->is_icmp.ics_type;
else {
ipsl.isl_ps.isl_filler[0] = 0;
ipsl.isl_ps.isl_filler[1] = 0;
}
if (!fr_copytolog(IPL_LOGSTATE, (char *)&ipsl, sizeof(ipsl))) {
iplused[IPL_LOGSTATE] += sizeof(ipsl);
ips_stats.iss_logged++;
} else
ips_stats.iss_logfail++;
wakeup(iplbuf[IPL_LOGSTATE]);
}
#endif

View File

@ -6,7 +6,7 @@
* to the original author and the contributors.
*
* @(#)ip_state.h 1.3 1/12/96 (C) 1995 Darren Reed
* $Id: ip_state.h,v 2.0.1.1 1997/01/09 15:14:43 darrenr Exp $
* $Id: ip_state.h,v 2.0.2.5 1997/03/31 10:05:32 darrenr Exp $
*/
#ifndef __IP_STATE_H__
#define __IP_STATE_H__
@ -37,8 +37,10 @@ typedef struct tcpstate {
typedef struct ipstate {
struct ipstate *is_next;
int is_age;
u_long is_age;
u_int is_pass;
U_QUAD_T is_pkts;
U_QUAD_T is_bytes;
struct in_addr is_src;
struct in_addr is_dst;
u_char is_p;
@ -63,6 +65,31 @@ typedef struct ipstate {
#define TH_OPENING (TH_SYN|TH_ACK)
typedef struct ipslog {
struct timeval isl_tv;
U_QUAD_T isl_pkts;
U_QUAD_T isl_bytes;
struct in_addr isl_src;
struct in_addr isl_dst;
u_char isl_p;
u_char isl_flags;
u_short isl_type;
union {
u_short isl_filler[2];
u_short isl_ports[2];
u_short isl_icmp;
} isl_ps;
} ipslog_t;
#define isl_sport isl_ps.isl_ports[0]
#define isl_dport isl_ps.isl_ports[1]
#define isl_itype isl_ps.isl_icmp
#define ISL_NEW 0
#define ISL_EXPIRE 0xffff
typedef struct ips_stat {
u_long iss_hits;
u_long iss_miss;
@ -74,13 +101,18 @@ typedef struct ips_stat {
u_long iss_expire;
u_long iss_fin;
u_long iss_active;
u_long iss_logged;
u_long iss_logfail;
ipstate_t **iss_table;
} ips_stat_t;
extern ips_stat_t *fr_statetstats();
extern int fr_addstate(), fr_checkstate();
extern void fr_timeoutstate(), set_tcp_age();
# ifdef _KERNEL
extern void fr_stateunload();
# endif
extern int fr_tcpstate __P((ipstate_t *, fr_info_t *, ip_t *,
tcphdr_t *, u_short));
extern ips_stat_t *fr_statetstats __P((void));
extern int fr_addstate __P((ip_t *, fr_info_t *, u_int));
extern int fr_checkstate __P((ip_t *, fr_info_t *));
extern void fr_timeoutstate __P((void));
extern void fr_tcp_age __P((u_long *, u_char *, ip_t *, fr_info_t *, int));
extern void fr_stateunload __P((void));
extern void ipstate_log __P((struct ipstate *, u_short));
#endif /* __IP_STATE_H__ */

View File

@ -13,14 +13,10 @@
#if !defined(__SVR4) && !defined(__GNUC__)
#include <strings.h>
#endif
#if !defined(__SVR4) && defined(__GNUC__)
extern char *index();
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/file.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
@ -28,31 +24,40 @@ extern char *index();
#include <netinet/in_systm.h>
#include <net/if.h>
#include <netinet/ip.h>
#include "ip_fil.h"
#include <netdb.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ipf.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: ipf.c,v 2.0.1.2 1997/02/04 14:37:46 darrenr Exp $";
static char rcsid[] = "$Id: ipf.c,v 2.0.2.5 1997/03/31 10:05:33 darrenr Exp $";
#endif
#if SOLARIS
void frsync(), blockunknown();
static void frsync __P((void));
static void blockunknown __P((void));
#endif
#if !defined(__SVR4) && defined(__GNUC__)
extern char *index __P((const char *, int));
#endif
void zerostats();
extern char *optarg;
void zerostats __P((void));
int main __P((int, char *[]));
int opts = 0;
static int fd = -1;
static void procfile(), flushfilter(), set_state();
static void packetlogon(), swapactive(), showstats();
static char *getline();
static void procfile __P((char *, char *)), flushfilter __P((char *));
static void set_state __P((u_int)), showstats __P((friostat_t *));
static void packetlogon __P((char *)), swapactive __P((void));
static int opendevice __P((void));
static char *getline __P((char *, size_t, FILE *));
int main(argc,argv)
int argc;
@ -64,10 +69,10 @@ char *argv[];
switch (c)
{
case 'E' :
set_state(1);
set_state((u_int)1);
break;
case 'D' :
set_state(0);
set_state((u_int)0);
break;
case 'A' :
opts &= ~OPT_INACTIVE;
@ -208,9 +213,11 @@ char *name, *file;
if (opts & OPT_ZERORULEST)
add = SIOCZRLST;
else if (opts & OPT_INACTIVE)
add = fr->fr_hits ? SIOCINIFR : SIOCADIFR;
add = (u_int)fr->fr_hits ? SIOCINIFR :
SIOCADIFR;
else
add = fr->fr_hits ? SIOCINAFR : SIOCADAFR;
add = (u_int)fr->fr_hits ? SIOCINAFR :
SIOCADAFR;
if (fr->fr_hits)
fr->fr_hits--;
if (fr && (opts & OPT_VERBOSE))
@ -226,7 +233,11 @@ char *name, *file;
if (ioctl(fd, add, fr) == -1)
perror("ioctl(SIOCZRLST)");
else {
#ifdef USE_QUAD_T
printf("hits %qd bytes %qd ",
#else
printf("hits %ld bytes %ld ",
#endif
fr->fr_hits, fr->fr_bytes);
printfr(fr);
}
@ -347,7 +358,7 @@ static void swapactive()
#if defined(sun) && (defined(__SVR4) || defined(__svr4__))
void frsync()
static void frsync()
{
if (opendevice() != -2 && ioctl(fd, SIOCFRSYN, 0) == -1)
perror("SIOCFRSYN");
@ -405,7 +416,7 @@ friostat_t *fp;
#if SOLARIS
void blockunknown()
static void blockunknown()
{
int flag;

View File

@ -6,7 +6,7 @@
* to the original author and the contributors.
*
* @(#)ipf.h 1.12 6/5/96
* $Id: ipf.h,v 2.0.1.1 1997/01/09 15:14:43 darrenr Exp $
* $Id: ipf.h,v 2.0.2.4 1997/03/27 13:45:18 darrenr Exp $
*/
#ifndef SOLARIS
@ -29,10 +29,22 @@
#define OPT_SHOWLINENO 0x04000
#define OPT_PRINTFR 0x08000
#define OPT_ZERORULEST 0x10000
#define OPT_SAVEOUT 0x20000
extern struct frentry *parse();
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
extern struct frentry *parse __P((char *));
extern void printfr __P((struct frentry *));
extern void binprint __P((struct frentry *)), initparse __P((void));
extern u_short portnum __P((char *));
extern void printfr(), binprint(), initparse();
#if defined(__SVR4) || defined(__svr4__)
#define index strchr
@ -48,10 +60,12 @@ struct ipopt_names {
};
extern u_long hostnum(), optname();
extern void printpacket();
extern u_long buildopts __P((char *, char *));
extern u_long hostnum __P((char *, int *));
extern u_long optname __P((char ***, u_short *));
extern void printpacket __P((struct ip *));
#if SOLARIS
extern int inet_aton();
extern int inet_aton __P((const char *, struct in_addr *));
#endif
#ifdef sun

View File

@ -47,10 +47,12 @@ etherfind -n -t
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed";
static char rcsid[] = "$Id: ipft_ef.c,v 2.0.1.1 1997/01/09 15:14:43 darrenr Exp $";
static char rcsid[] = "$Id: ipft_ef.c,v 2.0.2.3 1997/03/10 08:10:24 darrenr Exp $";
#endif
static int etherf_open(), etherf_close(), etherf_readip();
static int etherf_open __P((char *));
static int etherf_close __P((void));
static int etherf_readip __P((char *, int, char **, int *));
struct ipread etherf = { etherf_open, etherf_close, etherf_readip };

View File

@ -38,15 +38,15 @@
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed";
static char rcsid[] = "$Id: ipft_hx.c,v 2.0.1.2 1997/02/04 13:57:56 darrenr Exp $";
static char rcsid[] = "$Id: ipft_hx.c,v 2.0.2.3 1997/03/10 08:10:25 darrenr Exp $";
#endif
extern int opts;
extern u_short portnum();
extern u_long buildopts();
static int hex_open(), hex_close(), hex_readip();
static char *readhex();
static int hex_open __P((char *));
static int hex_close __P((void));
static int hex_readip __P((char *, int, char **, int *));
static char *readhex __P((char *, char *));
struct ipread iphex = { hex_open, hex_close, hex_readip };
static FILE *tfp = NULL;
@ -85,7 +85,7 @@ static int hex_readip(buf, cnt, ifn, dir)
char *buf, **ifn;
int cnt, *dir;
{
register char *s;
register char *s, *t, *u;
struct ip *ip;
char line[513];
@ -104,7 +104,30 @@ int cnt, *dir;
printf("input: %s\n", line);
fflush(stdout);
}
ip = (struct ip *)readhex(line, (char *)ip);
/*
* interpret start of line as possibly "[ifname]" or
* "[in/out,ifname]".
*/
*ifn = NULL;
*dir = 0;
if ((*buf == '[') && (s = index(line, ']'))) {
t = buf + 1;
if (t - s > 0) {
if ((u = index(t, ',')) && (u < s)) {
u++;
*ifn = u;
if (*t == 'i')
*dir = 0;
else if (*t == 'o')
*dir = 1;
} else
*ifn = t;
*s++ = '\0';
}
} else
s = line;
ip = (struct ip *)readhex(s, (char *)ip);
}
return -1;
}

View File

@ -30,7 +30,7 @@
#include "pcap.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char rcsid[] = "$Id: ipft_pc.c,v 2.0.1.1 1997/01/09 15:14:44 darrenr Exp $";
static char rcsid[] = "$Id: ipft_pc.c,v 2.0.2.3 1997/03/10 08:10:26 darrenr Exp $";
#endif
struct llc {
@ -59,7 +59,11 @@ static struct llc llcs[DLT_MAX+1] = {
{ 0, 0, 0 } /* DLT_FDDI */
};
static int pcap_open(), pcap_close(), pcap_readip();
static int pcap_open __P((char *));
static int pcap_close __P((void));
static int pcap_readip __P((char *, int, char **, int *));
static void swap_hdr __P((pcaphdr_t *));
static int pcap_read_rec __P((struct pcap_pkthdr *));
static int pfd = -1, s_type = -1, swapped = 0;

View File

@ -33,7 +33,7 @@
#include "snoop.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char rcsid[] = "$Id: ipft_sn.c,v 2.0.1.1 1997/01/09 15:14:44 darrenr Exp $";
static char rcsid[] = "$Id: ipft_sn.c,v 2.0.2.3 1997/03/10 08:10:29 darrenr Exp $";
#endif
struct llc {
@ -59,9 +59,12 @@ static struct llc llcs[SDL_MAX+1] = {
{ 0, 0, 0 }, /* SDL_OTHER */
};
static int snoop_open(), snoop_close(), snoop_readip();
static int snoop_open __P((char *));
static int snoop_close __P((void));
static int snoop_readip __P((char *, int, char **, int *));
static int sfd = -1, s_type = -1;
static int snoop_read_rec __P((struct snooppkt *));
struct ipread snoop = { snoop_open, snoop_close, snoop_readip };

View File

@ -56,10 +56,13 @@ tcpdump -nqte
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
static char rcsid[] = "$Id: ipft_td.c,v 2.0.1.1 1997/01/09 15:14:44 darrenr Exp $";
static char rcsid[] = "$Id: ipft_td.c,v 2.0.2.3 1997/03/10 08:10:30 darrenr Exp $";
#endif
static int tcpd_open(), tcpd_close(), tcpd_readip();
static int tcpd_open __P((char *));
static int tcpd_close __P((void));
static int tcpd_readip __P((char *, int, char **, int *));
static int count_dots __P((char *));
struct ipread tcpd = { tcpd_open, tcpd_close, tcpd_readip };

View File

@ -40,15 +40,17 @@
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed";
static char rcsid[] = "$Id: ipft_tx.c,v 2.0.1.2 1997/01/19 04:52:25 darrenr Exp $";
static char rcsid[] = "$Id: ipft_tx.c,v 2.0.2.3 1997/03/10 08:10:31 darrenr Exp $";
#endif
extern int opts;
extern u_long buildopts();
extern u_long buildopts __P((char *, char *));
static char *tx_proto = "";
static int text_open(), text_close(), text_readip(), parseline();
static int text_open __P((char *)), text_close __P((void));
static int text_readip __P((char *, int, char **, int *));
static int parseline __P((char *, struct ip *, char **, int *));
static char tcp_flagset[] = "FSRPAU";
static u_char tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH,
@ -58,8 +60,8 @@ struct ipread iptext = { text_open, text_close, text_readip };
static FILE *tfp = NULL;
static int tfd = -1;
static u_long tx_hostnum();
static u_short tx_portnum();
static u_long tx_hostnum __P((char *, int *));
static u_short tx_portnum __P((char *));
/*
@ -190,7 +192,7 @@ int cnt, *dir;
printf("input: %s\n", line);
*ifn = NULL;
*dir = 0;
if (!parseline(line, buf, ifn, dir))
if (!parseline(line, (struct ip *)buf, ifn, dir))
#if 0
return sizeof(struct tcpiphdr);
#else
@ -211,6 +213,8 @@ int *out;
char *cps[20], **cpp, c, ipopts[68];
int i, r;
if (*ifn)
free(*ifn);
bzero((char *)ip, MAX(sizeof(*tcp), sizeof(*ic)) + sizeof(*ip));
bzero((char *)tcp, sizeof(*tcp));
bzero((char *)ic, sizeof(*ic));
@ -236,7 +240,7 @@ int *out;
cpp++;
if (!*cpp)
return 1;
*ifn = *cpp++;
*ifn = strdup(*cpp++);
}
c = **cpp;

View File

@ -11,6 +11,6 @@
#ifndef __IPL_H_
#define __IPL_H__
#define IPL_VERSION "IP Filter v3.1.7 - 8/2/97"
#define IPL_VERSION "IP Filter v3.2alpha4"
#endif

View File

@ -7,45 +7,55 @@
*/
#include <stdio.h>
#include <assert.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
#include <syslog.h>
#include <sys/errno.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/param.h>
#include <sys/uio.h>
#include <fcntl.h>
#include <errno.h>
#if !defined(__SVR4) && !defined(__svr4__)
#include <strings.h>
#include <sys/dir.h>
#include <sys/mbuf.h>
#else
#include <sys/byteorder.h>
#endif
#include <sys/protosw.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <sys/file.h>
#include <stdlib.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/user.h>
#include <net/if.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <net/if.h>
#include <netinet/ip.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include <sys/uio.h>
#include <sys/protosw.h>
#include <sys/user.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <ctype.h>
#include <syslog.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_nat.h"
#include "ip_state.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char rcsid[] = "$Id: ipmon.c,v 2.0.1.2 1997/02/04 14:49:19 darrenr Exp $";
static char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-1996 Darren Reed";
static char rcsid[] = "$Id: ipmon.c,v 2.0.2.6 1997/04/02 12:23:27 darrenr Exp $";
#endif
#include "ip_fil.h"
struct flags {
int value;
@ -64,20 +74,42 @@ struct flags tcpfl[] = {
static char line[2048];
static void printpacket(), dumphex();
static int opts = 0;
static void usage __P((char *));
static void print_ipflog __P((FILE *, char *, int));
static void print_natlog __P((FILE *, char *, int));
static void print_statelog __P((FILE *, char *, int));
static void dumphex __P((FILE *, u_char *, int));
static void printiplci __P((struct ipl_ci *));
static void resynclog __P((int, struct ipl_ci *, FILE *));
static int read_ipflog __P((int, int *, char *, int, FILE *));
static int read_natlog __P((int, int *, char *, int, FILE *));
static int read_statelog __P((int, int *, char *, int, FILE *));
char *hostname __P((int, struct in_addr));
char *portname __P((int, char *, u_short));
int main __P((int, char *[]));
#define OPT_SYSLOG 0x01
#define OPT_RESOLVE 0x02
#define OPT_HEXBODY 0x04
#define OPT_VERBOSE 0x08
#define OPT_HEXHDR 0x10
static int (*readfunc[3]) __P((int, int *, char *, int, FILE *)) =
{ read_ipflog, read_natlog, read_statelog };
static void (*printfunc[3]) __P((FILE *, char *, int)) =
{ print_ipflog, print_natlog, print_statelog };
#define OPT_SYSLOG 0x001
#define OPT_RESOLVE 0x002
#define OPT_HEXBODY 0x004
#define OPT_VERBOSE 0x008
#define OPT_HEXHDR 0x010
#define OPT_TAIL 0x020
#define OPT_ALL 0x040
#define OPT_NAT 0x080
#define OPT_STATE 0x100
#ifndef LOGFAC
#define LOGFAC LOG_LOCAL0
#endif
void printiplci(icp)
static void printiplci(icp)
struct ipl_ci *icp;
{
printf("sec %ld usec %ld hlen %d plen %d\n", icp->sec, icp->usec,
@ -161,7 +193,73 @@ FILE *log;
}
int readlogentry(fd, lenp, buf, bufsize, log)
static int read_natlog(fd, lenp, buf, bufsize, log)
int fd, bufsize, *lenp;
char *buf;
FILE *log;
{
int len, avail = 0, want = sizeof(struct natlog);
*lenp = 0;
if (ioctl(fd, FIONREAD, &avail) == -1) {
perror("ioctl(FIONREAD");
return 1;
}
if (avail < want)
return 2;
while (want) {
len = read(fd, buf, want);
if (len > 0)
want -= len;
else
break;
}
if (!want) {
*lenp = sizeof(struct natlog);
return 0;
}
return !len ? 2 : -1;
}
static int read_statelog(fd, lenp, buf, bufsize, log)
int fd, bufsize, *lenp;
char *buf;
FILE *log;
{
int len, avail = 0, want = sizeof(struct ipslog);
*lenp = 0;
if (ioctl(fd, FIONREAD, &avail) == -1) {
perror("ioctl(FIONREAD");
return 1;
}
if (avail < want)
return 2;
while (want) {
len = read(fd, buf, want);
if (len > 0)
want -= len;
else
break;
}
if (!want) {
*lenp = sizeof(struct ipslog);
return 0;
}
return !len ? 2 : -1;
}
static int read_ipflog(fd, lenp, buf, bufsize, log)
int fd, bufsize, *lenp;
char *buf;
FILE *log;
@ -185,9 +283,9 @@ FILE *log;
if ((icp->hlen > 92) || (now < icp->sec) ||
((now - icp->sec) > (86400*5))) {
if (opts & OPT_SYSLOG)
syslog(LOG_INFO, "Out of sync! (1,%x)\n", now);
syslog(LOG_INFO, "Out of sync! (1,%lx)\n", now);
else
fprintf(log, "Out of sync! (1,%x)\n", now);
fprintf(log, "Out of sync! (1,%lx)\n", now);
dumphex(log, buf, sizeof(struct ipl_ci));
resynclog(fd, icp, log);
}
@ -304,7 +402,129 @@ int len;
}
static void printpacket(log, buf, blen)
static void print_natlog(log, buf, blen)
FILE *log;
char *buf;
int blen;
{
struct natlog *nl = (struct natlog *)buf;
char *t = line;
struct tm *tm;
int res;
res = (opts & OPT_RESOLVE) ? 1 : 0;
tm = localtime((time_t *)&nl->nl_tv.tv_sec);
if (!(opts & OPT_SYSLOG)) {
(void) sprintf(t, "%2d/%02d/%4d ",
tm->tm_mday, tm->tm_mon + 1, tm->tm_year + 1900);
t += strlen(t);
}
(void) sprintf(t, "%02d:%02d:%02d.%-.6ld @%hd ",
tm->tm_hour, tm->tm_min, tm->tm_sec, nl->nl_tv.tv_usec,
nl->nl_rule);
t += strlen(t);
if (nl->nl_type == NL_NEWMAP)
strcpy(t, "NAT:MAP ");
else if (nl->nl_type == NL_NEWRDR)
strcpy(t, "NAT:RDR ");
else if (nl->nl_type == ISL_EXPIRE)
strcpy(t, "NAT:EXPIRE ");
else
sprintf(t, "Type: %d ", nl->nl_type);
t += strlen(t);
(void) sprintf(t, "%s,%s <- -> ", hostname(res, nl->nl_inip),
portname(res, NULL, nl->nl_inport));
t += strlen(t);
(void) sprintf(t, "%s,%s ", hostname(res, nl->nl_outip),
portname(res, NULL, nl->nl_outport));
t += strlen(t);
(void) sprintf(t, "[%s,%s]", hostname(res, nl->nl_origip),
portname(res, NULL, nl->nl_origport));
t += strlen(t);
*t++ = '\n';
*t++ = '\0';
if (opts & OPT_SYSLOG)
syslog(LOG_INFO, "%s", line);
else
(void) fprintf(log, "%s", line);
}
static void print_statelog(log, buf, blen)
FILE *log;
char *buf;
int blen;
{
struct ipslog *sl = (struct ipslog *)buf;
struct protoent *pr;
char *t = line, *proto, pname[6];
struct tm *tm;
int res;
res = (opts & OPT_RESOLVE) ? 1 : 0;
tm = localtime((time_t *)&sl->isl_tv.tv_sec);
if (!(opts & OPT_SYSLOG)) {
(void) sprintf(t, "%2d/%02d/%4d ",
tm->tm_mday, tm->tm_mon + 1, tm->tm_year + 1900);
t += strlen(t);
}
(void) sprintf(t, "%02d:%02d:%02d.%-.6ld ",
tm->tm_hour, tm->tm_min, tm->tm_sec, sl->isl_tv.tv_usec);
t += strlen(t);
if (sl->isl_type == ISL_NEW)
strcpy(t, "STATE:NEW ");
else if (sl->isl_type == ISL_EXPIRE)
strcpy(t, "STATE:EXPIRE ");
else
sprintf(t, "Type: %d ", sl->isl_type);
t += strlen(t);
pr = getprotobynumber((int)sl->isl_p);
if (!pr) {
proto = pname;
sprintf(proto, "%d", (u_int)sl->isl_p);
} else
proto = pr->p_name;
if (sl->isl_p == IPPROTO_TCP || sl->isl_p == IPPROTO_UDP) {
(void) sprintf(t, "%s,%s -> ",
hostname(res, sl->isl_src),
portname(res, proto, sl->isl_sport));
t += strlen(t);
(void) sprintf(t, "%s,%s PR %s ",
hostname(res, sl->isl_dst),
portname(res, proto, sl->isl_dport), proto);
} else if (sl->isl_p == IPPROTO_ICMP) {
(void) sprintf(t, "%s -> ", hostname(res, sl->isl_src));
t += strlen(t);
(void) sprintf(t, "%s PR icmp %d ",
hostname(res, sl->isl_dst), sl->isl_itype);
}
t += strlen(t);
if (sl->isl_type != ISL_NEW) {
#ifdef USE_QUAD_T
(void) sprintf(t, "Pkts %qd Bytes %qd",
#else
(void) sprintf(t, "Pkts %ld Bytes %ld",
#endif
sl->isl_pkts, sl->isl_bytes);
t += strlen(t);
}
*t++ = '\n';
*t++ = '\0';
if (opts & OPT_SYSLOG)
syslog(LOG_INFO, "%s", line);
else
(void) fprintf(log, "%s", line);
}
static void print_ipflog(log, buf, blen)
FILE *log;
char *buf;
int blen;
@ -483,47 +703,102 @@ int blen;
if (opts & OPT_HEXHDR)
dumphex(log, buf, sizeof(struct ipl_ci));
if (opts & OPT_HEXBODY)
dumphex(log, ip, lp->plen + lp->hlen);
fflush(log);
dumphex(log, (u_char *)ip, lp->plen + lp->hlen);
}
void static usage(prog)
char *prog;
{
fprintf(stderr, "%s: [-NFhstvxX] [-f <logfile>]\n", prog);
exit(1);
}
void flushlogs(file, log)
char *file;
FILE *log;
{
int fd, flushed = 0;
if ((fd = open(file, O_RDWR)) == -1) {
(void) fprintf(stderr, "%s: ", file);
perror("open");
exit(-1);
}
if (ioctl(fd, SIOCIPFFB, &flushed) == 0) {
printf("%d bytes flushed from log buffer\n",
flushed);
fflush(stdout);
} else
perror("SIOCIPFFB");
(void) close(fd);
if (flushed) {
if (opts & OPT_SYSLOG)
syslog(LOG_INFO, "%d bytes flushed from log\n",
flushed);
else
fprintf(log, "%d bytes flushed from log\n", flushed);
}
}
int main(argc, argv)
int argc;
char *argv[];
{
struct stat stat;
FILE *log = NULL;
int fd = -1, flushed = 0, doread, n;
int fd[3] = {-1, -1, -1}, flushed = 0, doread, n, i, nfd = 1;
int tr, nr, regular;
int fdt[3] = {IPL_LOGIPF, IPL_LOGNAT, IPL_LOGSTATE};
char buf[512], c, *iplfile = IPL_NAME;
extern int optind;
extern char *optarg;
while ((c = getopt(argc, argv, "Nf:FsvxX")) != -1)
while ((c = getopt(argc, argv, "?af:FhnNsStvxX")) != -1)
switch (c)
{
case 'a' :
opts |= OPT_ALL;
nfd = 3;
break;
case 'f' :
iplfile = optarg;
break;
case 'F' :
if ((fd == -1) &&
(fd = open(iplfile, O_RDWR)) == -1) {
(void) fprintf(stderr, "%s: ", IPL_NAME);
perror("open");
exit(-1);
if (!(opts & OPT_ALL))
flushlogs(iplfile, log);
else {
flushlogs(IPL_NAME, log);
flushlogs(IPL_NAT, log);
flushlogs(IPL_STATE, log);
}
if (ioctl(fd, SIOCIPFFB, &flushed) == 0) {
printf("%d bytes flushed from log buffer\n",
flushed);
fflush(stdout);
} else
perror("SIOCIPFFB");
break;
case 'n' :
opts |= OPT_RESOLVE;
break;
case 'N' :
opts |= OPT_RESOLVE;
opts |= OPT_NAT;
fdt[0] = IPL_LOGNAT;
readfunc[0] = read_natlog;
printfunc[0] = print_natlog;
break;
case 's' :
openlog(argv[0], LOG_NDELAY|LOG_PID, LOGFAC);
opts |= OPT_SYSLOG;
break;
case 'S' :
opts |= OPT_STATE;
fdt[0] = IPL_LOGSTATE;
readfunc[0] = read_statelog;
printfunc[0] = print_statelog;
break;
case 't' :
opts |= OPT_TAIL;
break;
case 'v' :
opts |= OPT_VERBOSE;
break;
@ -533,50 +808,95 @@ char *argv[];
case 'X' :
opts |= OPT_HEXHDR;
break;
default :
case 'h' :
case '?' :
usage(argv[0]);
}
if ((fd == -1) && (fd = open(iplfile, O_RDONLY)) == -1) {
(void) fprintf(stderr, "%s: ", IPL_NAME);
if ((fd[0] == -1) && (fd[0] = open(iplfile, O_RDONLY)) == -1) {
(void) fprintf(stderr, "%s: ", iplfile);
perror("open");
exit(-1);
}
if ((opts & OPT_ALL)) {
if ((fd[1] = open(IPL_NAT, O_RDONLY)) == -1) {
(void) fprintf(stderr, "%s: ", IPL_NAT);
perror("open");
exit(-1);
}
if ((fd[2] = open(IPL_STATE, O_RDONLY)) == -1) {
(void) fprintf(stderr, "%s: ", IPL_STATE);
perror("open");
exit(-1);
}
}
if (!(opts & OPT_SYSLOG)) {
log = argv[optind] ? fopen(argv[optind], "a") : stdout;
setvbuf(log, NULL, _IONBF, 0);
}
if (flushed) {
if (opts & OPT_SYSLOG)
syslog(LOG_INFO, "%d bytes flushed from log\n",
flushed);
else
fprintf(log, "%d bytes flushed from log\n", flushed);
if (fstat(fd[0], &stat) == -1) {
fprintf(stderr, "%s :", iplfile);
perror("fstat");
exit(-1);
}
for (doread = 1; doread; )
switch (readlogentry(fd, &n, buf, sizeof(buf), log))
{
case -1 :
if (opts & OPT_SYSLOG)
syslog(LOG_ERR, "read: %m\n");
else
perror("read");
doread = 0;
break;
case 1 :
if (opts & OPT_SYSLOG)
syslog(LOG_ERR, "aborting logging\n");
else
fprintf(log, "aborting logging\n");
doread = 0;
break;
case 2 :
break;
case 0 :
printpacket(log, buf, n, opts);
break;
regular = !S_ISCHR(stat.st_mode);
for (doread = 1; doread; ) {
nr = 0;
for (i = 0; i < nfd; i++) {
tr = 0;
if (!regular) {
if (ioctl(fd[i], FIONREAD, &tr) == -1) {
perror("ioctl(FIONREAD)");
exit(-1);
}
} else {
tr = (lseek(fd[i], 0, SEEK_CUR) <
stat.st_size);
if (!tr && !(opts & OPT_TAIL))
doread = 0;
}
if (!tr)
continue;
nr += tr;
tr = (*readfunc[i])(fd[i], &n, buf, sizeof(buf), log);
switch (tr)
{
case -1 :
if (opts & OPT_SYSLOG)
syslog(LOG_ERR, "read: %m\n");
else
perror("read");
doread = 0;
break;
case 1 :
if (opts & OPT_SYSLOG)
syslog(LOG_ERR, "aborting logging\n");
else
fprintf(log, "aborting logging\n");
doread = 0;
break;
case 2 :
break;
case 0 :
if (n > 0) {
(*printfunc[i])(log, buf, n);
if (!(opts & OPT_SYSLOG))
fflush(log);
}
break;
}
}
if (!nr && regular && (opts & OPT_TAIL))
sleep(1);
}
exit(0);
/* NOTREACHED */
}

View File

@ -25,6 +25,7 @@
#include <sys/byteorder.h>
#endif
#include <sys/types.h>
#include <sys/time.h>
#include <sys/param.h>
#include <stdlib.h>
#include <unistd.h>
@ -40,18 +41,20 @@
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/if.h>
#include "ip_compat.h"
#include <netdb.h>
#include <arpa/nameser.h>
#include <arpa/inet.h>
#include <resolv.h>
#include "ip_nat.h"
#include <ctype.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_nat.h"
#include "kmem.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
static char rcsid[] = "$Id: ipnat.c,v 2.0.1.8 1997/02/16 21:23:40 darrenr Exp $";
static char rcsid[] = "$Id: ipnat.c,v 2.0.2.6 1997/04/02 12:23:29 darrenr Exp $";
#endif
#if SOLARIS
@ -59,9 +62,18 @@ static char rcsid[] = "$Id: ipnat.c,v 2.0.1.8 1997/02/16 21:23:40 darrenr Exp $"
#endif
extern char *optarg;
extern int kmemcpy();
void dostats(), printnat(), parsefile(), flushtable();
ipnat_t *parse __P((char *));
u_long hostnum __P((char *, int *));
u_long hostmask __P((char *));
u_short portnum __P((char *, char *));
void dostats __P((int, int)), flushtable __P((int, int));
void printnat __P((ipnat_t *, int, void *));
void parsefile __P((int, char *, int));
void usage __P((char *));
int countbits __P((u_long));
char *getnattype __P((ipnat_t *));
int main __P((int, char*[]));
#define OPT_REM 1
#define OPT_NODO 2
@ -190,7 +202,7 @@ void *ptr;
printf(" udp");
printf("\n");
if (verbose)
printf("\t%p %u %x %u %x %d\n", (u_int)np->in_ifp,
printf("\t%p %u %x %u %p %d\n", np->in_ifp,
np->in_space, np->in_flags, np->in_pnext, np,
np->in_use);
} else {
@ -220,7 +232,7 @@ void *ptr;
}
printf("\n");
if (verbose)
printf("\t%p %u %s %d %x\n", (u_int)np->in_ifp,
printf("\t%p %u %s %d %x\n", np->in_ifp,
np->in_space, inet_ntoa(np->in_nextip),
np->in_pnext, np->in_flags);
}
@ -235,7 +247,8 @@ ipnat_t *ipnat;
{
ipnat_t ipnatbuff;
if (ipnat && kmemcpy(&ipnatbuff, ipnat, sizeof(ipnatbuff)))
if (ipnat && kmemcpy((char *)&ipnatbuff, (long)ipnat,
sizeof(ipnatbuff)))
return "???";
return (ipnatbuff.in_redir == NAT_MAP) ? "MAP" : "RDR";
@ -264,13 +277,13 @@ int fd, opts;
ns.ns_added, ns.ns_expire);
printf("inuse\t%lu\n", ns.ns_inuse);
if (opts & OPT_VERBOSE)
printf("table %p list %p\n",
(u_int)ns.ns_table, (u_int)ns.ns_list);
printf("table %p list %p\n", ns.ns_table, ns.ns_list);
}
if (opts & OPT_LIST) {
printf("List of active MAP/Redirect filters:\n");
while (ns.ns_list) {
if (kmemcpy(&ipn, ns.ns_list, sizeof(ipn))) {
if (kmemcpy((char *)&ipn, (long)ns.ns_list,
sizeof(ipn))) {
perror("kmemcpy");
break;
}
@ -279,7 +292,8 @@ int fd, opts;
}
nt[0] = (nat_t **)malloc(sizeof(*nt) * NAT_SIZE);
if (kmemcpy(nt[0], ns.ns_table[0], sizeof(**nt) * NAT_SIZE)) {
if (kmemcpy((char *)nt[0], (long)ns.ns_table[0],
sizeof(**nt) * NAT_SIZE)) {
perror("kmemcpy");
return;
}
@ -288,7 +302,8 @@ int fd, opts;
for (i = 0; i < NAT_SIZE; i++)
for (np = nt[0][i]; np; np = nat.nat_hnext[0]) {
if (kmemcpy(&nat, np, sizeof(nat)))
if (kmemcpy((char *)&nat, (long)np,
sizeof(nat)))
break;
printf("%s %-15s %-5hu <- ->",
@ -300,7 +315,7 @@ int fd, opts;
ntohs(nat.nat_outport));
printf(" [%s %hu]", inet_ntoa(nat.nat_oip),
ntohs(nat.nat_oport));
printf(" %d %hu %lx", nat.nat_age,
printf(" %ld %hu %lx", nat.nat_age,
nat.nat_use, nat.nat_sumd);
#if SOLARIS
printf(" %lx", nat.nat_ipsumd);

View File

View File

@ -19,6 +19,11 @@
#include <errno.h>
#include <nlist.h>
#include <stdio.h>
#include <netinet/in.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include "ipsend.h"
/*
* lookup host and return

View File

@ -20,6 +20,10 @@ static char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed";
#include <netinet/in.h>
#include <net/if.h>
#include <net/if_arp.h>
#include <netinet/in.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include "ipsend.h"
#if defined(__SVR4) || defined(__svr4__)
#define bcopy(a,b,c) memmove(b,a,c)
@ -67,7 +71,6 @@ char *ether;
struct arpreq ar;
struct sockaddr_in *sin, san;
struct hostent *hp;
char *inet_ntoa();
int fd;
if (!bcmp(ipsave, ip, 4)) {

View File

@ -27,17 +27,12 @@ static char sccsid[] = "%W% %G% (C)1995";
#ifndef linux
#include <netinet/if_ether.h>
#include <netinet/ip_var.h>
#include <netinet/tcpip.h>
#endif
#include "ip_compat.h"
#ifdef linux
#include "tcpip.h"
#endif
#include "ipsend.h"
static char *ipbuf = NULL, *ethbuf = NULL;
extern int arp(), sendip();
u_short chksum(buf,len)
u_short *buf;
@ -73,7 +68,7 @@ struct in_addr gwip;
bcopy((char *)buf, s + sizeof(*eh), len);
if (gwip.s_addr == last_gw.s_addr)
bcopy(last_arp, (char *)&eh->ether_dhost, 6);
else if (arp((char *)&gwip, &eh->ether_dhost) == -1)
else if (arp((char *)&gwip, (char *)&eh->ether_dhost) == -1)
{
perror("arp");
return -2;
@ -107,7 +102,7 @@ int frag;
bzero((char *)&eh->ether_shost, sizeof(eh->ether_shost));
if (last_gw.s_addr && (gwip.s_addr == last_gw.s_addr))
bcopy(last_arp, (char *)&eh->ether_dhost, 6);
else if (arp((char *)&gwip, &eh->ether_dhost) == -1)
else if (arp((char *)&gwip, (char *)&eh->ether_dhost) == -1)
{
perror("arp");
return -2;
@ -129,7 +124,7 @@ int frag;
if (!frag || (sizeof(*eh) + ntohs(ip->ip_len) < mtu))
{
ip->ip_sum = 0;
ip->ip_sum = chksum(ip, ip->ip_hl << 2);
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
bcopy((char *)ip, ipbuf + sizeof(*eh), ntohs(ip->ip_len));
err = sendip(nfd, ipbuf, sizeof(*eh) + ntohs(ip->ip_len));
@ -202,7 +197,7 @@ int frag;
ts += hlen;
ip->ip_len = htons(ts);
ip->ip_sum = 0;
ip->ip_sum = chksum(ip, hlen);
ip->ip_sum = chksum((u_short *)ip, hlen);
bcopy((char *)ip, ipbuf + sizeof(*eh), hlen);
bcopy(s + sent, ipbuf + sizeof(*eh) + hlen, ts - hlen);
err = sendip(nfd, ipbuf, sizeof(*eh) + ts);
@ -268,7 +263,7 @@ struct in_addr gwip;
ti->ti_len = htons(thlen);
ip->ip_len = (ip->ip_hl << 2) + thlen;
ti->ti_sum = 0;
ti->ti_sum = chksum(ti, thlen + sizeof(ip_t));
ti->ti_sum = chksum((u_short *)ti, thlen + sizeof(ip_t));
bcopy((char *)&ti->ti_sport,
(char *)ip + (ip->ip_hl << 2), thlen);
@ -300,7 +295,7 @@ struct in_addr gwip;
ti->ti_len = htons(thlen);
ip->ip_len = (ip->ip_hl << 2) + thlen;
ti->ti_sum = 0;
ti->ti_sum = chksum(ti, thlen + sizeof(ip_t));
ti->ti_sum = chksum((u_short *)ti, thlen + sizeof(ip_t));
bcopy((char *)&ti->ti_sport,
(char *)ip + (ip->ip_hl << 2), sizeof(udphdr_t));
@ -321,7 +316,7 @@ struct in_addr gwip;
ic = (struct icmp *)((char *)ip + (ip->ip_hl << 2));
ic->icmp_cksum = 0;
ic->icmp_cksum = chksum((char *)ic, sizeof(struct icmp));
ic->icmp_cksum = chksum((u_short *)ic, sizeof(struct icmp));
return send_ip(nfd, mtu, ip, gwip, 1);
}

View File

@ -34,14 +34,8 @@ static char sccsid[] = "%W% %G% (C)1995 Darren Reed";
#include <netinet/ip_icmp.h>
#ifndef linux
#include <netinet/ip_var.h>
#include <netinet/tcpip.h>
#endif
#include "ip_compat.h"
#ifdef linux
#include <linux/sockios.h>
#include "tcpip.h"
#endif
#include "ipt.h"
#include "ipsend.h"
extern char *optarg;
@ -49,7 +43,6 @@ extern int optind;
#ifndef NO_IPF
extern struct ipread snoop, pcap, etherf, iphex, tcpd, iptext;
#endif
extern int resolve(), ip_resend();
int opts = 0;
#ifndef DEFAULT_DEVICE
@ -75,7 +68,11 @@ char default_device[] = DEFAULT_DEVICE;
#endif
void usage(prog)
static void usage __P((char *));
int main __P((int, char **));
static void usage(prog)
char *prog;
{
fprintf(stderr, "Usage: %s [options] <-r filename|-R filename>\n\

View File

@ -34,21 +34,13 @@ static char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
#include <netinet/ip_icmp.h>
#ifndef linux
#include <netinet/ip_var.h>
#include <netinet/tcpip.h>
#endif
#include "ip_compat.h"
#ifdef linux
#include <linux/sockios.h>
#include "tcpip.h"
#endif
#include "ipt.h"
#include "ipsend.h"
extern char *optarg;
extern int optind;
extern int resolve(), optname(), initdevice(), send_packet();
char options[68];
#ifdef linux
char default_device[] = "eth0";
@ -69,7 +61,12 @@ char default_device[] = "lan0";
#endif
void usage(prog)
static void usage __P((char *));
static void do_icmp __P((ip_t *, char *));
int main __P((int, char **));
static void usage(prog)
char *prog;
{
fprintf(stderr, "Usage: %s [options] dest [flags]\n\
@ -346,5 +343,5 @@ char **argv;
if (tcp->th_dport)
return do_socket(dev, mtu, ti, gwip);
#endif
return send_packets(dev, mtu, ti, gwip);
return send_packets(dev, mtu, (ip_t *)ti, gwip);
}

View File

@ -0,0 +1,64 @@
/*
* ipsend.h (C) 1997 Darren Reed
*
* This was written to test what size TCP fragments would get through
* various TCP/IP packet filters, as used in IP firewalls. In certain
* conditions, enough of the TCP header is missing for unpredictable
* results unless the filter is aware that this can happen.
*
* The author provides this program as-is, with no gaurantee for its
* suitability for any specific purpose. The author takes no responsibility
* for the misuse/abuse of this program and provides it for the sole purpose
* of testing packet filter policies. This file maybe distributed freely
* providing it is not modified and that this notice remains in tact.
*
*/
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
#include "ip_compat.h"
#ifdef linux
#include <linux/sockios.h>
#endif
#include "tcpip.h"
#include "ipt.h"
extern int resolve __P((char *, char *));
extern int arp __P((char *, char *));
extern u_short chksum __P((u_short *, int));
extern int send_ether __P((int, char *, int, struct in_addr));
extern int send_ip __P((int, int, ip_t *, struct in_addr, int));
extern int send_tcp __P((int, int, ip_t *, struct in_addr));
extern int send_udp __P((int, int, ip_t *, struct in_addr));
extern int send_icmp __P((int, int, ip_t *, struct in_addr));
extern int send_packet __P((int, int, ip_t *, struct in_addr));
extern int send_packets __P((char *, int, ip_t *, struct in_addr));
extern u_short seclevel __P((char *));
extern u_long optname __P((char *, char *));
extern int initdevice __P((char *, int, int));
extern int sendip __P((int, char *, int));
#ifdef linux
extern struct sock *find_tcp __P((int, struct tcpiphdr *));
#else
extern struct tcpcb *find_tcp __P((int, struct tcpiphdr *));
#endif
extern int ip_resend __P((char *, int, struct ipread *, struct in_addr, char *));
extern void ip_test1 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test2 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test3 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test4 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test5 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test6 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test7 __P((char *, int, ip_t *, struct in_addr, int));
extern int do_socket __P((char *, int, struct tcpiphdr *, struct in_addr));
extern int openkmem __P((void));
extern int kmemcpy __P((char *, void *, int));
#define KMCPY(a,b,c) kmemcpy((char *)(a), (void *)(b), (int)(c))

View File

@ -0,0 +1,3 @@
0Æ . Ä,..+ CVS0Í
.cvsignore0Î44arp.c0Ï Crashable0ÐMakefile0Ñarp.c0Ò
dlcommon.c0Ódltest.h0Ôin_var.h0Õip.c0Ö ip_compat.h0×ip_var.h0Ø

View File

@ -18,6 +18,16 @@ static char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
#include <netinet/ip.h>
#include "ip_compat.h"
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
struct ipopt_names {
int on_value;
int on_bit;
@ -49,6 +59,10 @@ struct ipopt_names secnames[] = {
};
u_short seclevel __P((char *));
u_long optname __P((char *, char *));
u_short seclevel(slevel)
char *slevel;
{

View File

@ -34,23 +34,16 @@ static char sccsid[] = "%W% %G% (C)1995 Darren Reed";
#include <netinet/ip_icmp.h>
#ifndef linux
#include <netinet/ip_var.h>
#include <netinet/tcpip.h>
#endif
#include "ip_compat.h"
#ifdef linux
#include <linux/sockios.h>
#include "tcpip.h"
#endif
#include "ipt.h"
#include "ipsend.h"
extern char *optarg;
extern int optind;
extern int initdevice(), resolve();
extern int ip_test1(), ip_test2(), ip_test3(), ip_test4(), ip_test5();
extern int ip_test6(), ip_test7();
char options[68];
#ifdef linux
char default_device[] = "eth0";
@ -70,9 +63,12 @@ char default_device[] = "lan0";
# endif
#endif
static void usage __P((char *));
int main __P((int, char **));
void usage(prog)
char *prog;
static void usage(prog)
char *prog;
{
fprintf(stderr, "Usage: %s [options] dest\n\
\toptions:\n\
@ -94,8 +90,8 @@ char *prog;
int main(argc, argv)
int argc;
char **argv;
int argc;
char **argv;
{
struct tcpiphdr *ti;
struct in_addr gwip;
@ -191,19 +187,26 @@ char **argv;
switch (tests)
{
case 1 :
return ip_test1(dev, mtu, ti, gwip, pointtest);
ip_test1(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 2 :
return ip_test2(dev, mtu, ti, gwip, pointtest);
ip_test2(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 3 :
return ip_test3(dev, mtu, ti, gwip, pointtest);
ip_test3(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 4 :
return ip_test4(dev, mtu, ti, gwip, pointtest);
ip_test4(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 5 :
return ip_test5(dev, mtu, ti, gwip, pointtest);
ip_test5(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 6 :
return ip_test6(dev, mtu, ti, gwip, pointtest);
ip_test6(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 7 :
return ip_test7(dev, mtu, ti, gwip, pointtest);
ip_test7(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
default :
break;
}

View File

@ -52,23 +52,15 @@ static char sccsid[] = "%W% %G% (C)1995 Darren Reed";
#include <netinet/in_pcb.h>
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
#include "ip_compat.h"
#ifdef linux
#include "tcpip.h"
#else
#include <netinet/tcpip.h>
# if defined(__SVR4) || defined(__svr4__)
#include <sys/sysmacros.h>
# endif
#endif
#include "ipsend.h"
#define PAUSE() tv.tv_sec = 0; tv.tv_usec = 10000; \
(void) select(0, NULL, NULL, NULL, &tv)
extern int send_ip(), send_tcp(), send_udp(), send_icmp(), send_ether();
extern int initdevice(), kmemcpy();
extern u_short chksum();
extern struct tcpcb *find_tcp();
void ip_test1(dev, mtu, ip, gwip, ptest)
char *dev;
@ -178,8 +170,8 @@ int ptest;
for (; i < (ntohs(ip->ip_len) * 2); i++) {
ip->ip_id = htons(id++);
ip->ip_sum = 0;
ip->ip_sum = chksum(ip, ip->ip_hl << 2);
(void) send_ether(nfd, ip, i, gwip);
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
(void) send_ether(nfd, (char *)ip, i, gwip);
printf("%d\r", i);
fflush(stdout);
PAUSE();
@ -190,8 +182,8 @@ int ptest;
ip->ip_id = htons(id++);
ip->ip_len = htons(i);
ip->ip_sum = 0;
ip->ip_sum = chksum(ip, ip->ip_hl << 2);
(void) send_ether(nfd, ip, len, gwip);
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
(void) send_ether(nfd, (char *)ip, len, gwip);
printf("%d\r", i);
fflush(stdout);
PAUSE();
@ -209,8 +201,8 @@ int ptest;
ip->ip_id = htons(id++);
ip->ip_len = htons(i);
ip->ip_sum = 0;
ip->ip_sum = chksum(ip, ip->ip_hl << 2);
(void) send_ether(nfd, ip, len, gwip);
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
(void) send_ether(nfd, (char *)ip, len, gwip);
printf("%d\r", i);
fflush(stdout);
PAUSE();
@ -221,8 +213,8 @@ int ptest;
for (i = len; i > 0; i--) {
ip->ip_id = htons(id++);
ip->ip_sum = 0;
ip->ip_sum = chksum(ip, ip->ip_hl << 2);
(void) send_ether(nfd, ip, i, gwip);
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
(void) send_ether(nfd, (char *)ip, i, gwip);
printf("%d\r", i);
fflush(stdout);
PAUSE();
@ -1043,7 +1035,7 @@ int ptest;
printf("Can't find PCB\n");
goto skip_five_and_six;
}
kmemcpy((char*)&tcb, (void *)t, sizeof(tcb));
KMCPY(&tcb, t, sizeof(tcb));
ti.ti_win = tcb.rcv_adv;
ti.ti_seq = tcb.snd_nxt - 1;
ti.ti_ack = tcb.rcv_nxt;

View File

@ -48,8 +48,7 @@ static char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed";
#if LINUX < 0103
#include <net/inet/sock.h>
#endif
#include "ip_compat.h"
#include "tcpip.h"
#include "ipsend.h"
int nproc;
struct task_struct *proc;
@ -108,21 +107,20 @@ struct task_struct *getproc()
fprintf(stderr, "nlist(%#x) == %d\n", names, n);
return NULL;
}
if (kmemcpy((char *)&nproc, (void *)names[1].n_value,
sizeof(nproc)) == -1)
if (KMCPY(&nproc, names[1].n_value, sizeof(nproc)) == -1)
{
fprintf(stderr, "read nproc (%#x)\n", names[1].n_value);
return NULL;
}
siz = nproc * sizeof(struct task_struct *);
if (kmemcpy((char *)&v, (void *)names[0].n_value, sizeof(v)) == -1)
if (KMCPY(&v, names[0].n_value, sizeof(v)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) proc\n",
names[0].n_value, &v, sizeof(v));
return NULL;
}
pp = (struct task_struct **)malloc(siz);
if (kmemcpy((char *)pp, (void *)v, siz) == -1)
if (KMCPY(pp, v, siz) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) proc\n",
v, pp, siz);
@ -131,8 +129,7 @@ struct task_struct *getproc()
proc = (struct task_struct *)malloc(siz);
for (n = 0; n < NR_TASKS; n++)
{
if (kmemcpy((char *)(proc + n), (void *)pp[n],
sizeof(*proc)) == -1)
if (KMCPY((proc + n), pp[n], sizeof(*proc)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) proc\n",
pp[n], proc + n, sizeof(*proc));
@ -167,15 +164,14 @@ struct tcpiphdr *ti;
fs = p->files;
o = (struct file **)calloc(1, sizeof(*o) * (fs->count + 1));
if (kmemcpy((char *)o, (void *)fs->fd,
(fs->count + 1) * sizeof(*o)) == -1)
if (KMCPY(o, fs->fd, (fs->count + 1) * sizeof(*o)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - fd - failed\n",
fs->fd, o, sizeof(*o));
return NULL;
}
f = (struct file *)calloc(1, sizeof(*f));
if (kmemcpy((char *)f, (void *)o[fd], sizeof(*f)) == -1)
if (KMCPY(f, o[fd], sizeof(*f)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - o[fd] - failed\n",
o[fd], f, sizeof(*f));
@ -183,7 +179,7 @@ struct tcpiphdr *ti;
}
i = (struct inode *)calloc(1, sizeof(*i));
if (kmemcpy((char *)i, (void *)f->f_inode, sizeof(*i)) == -1)
if (KMCPY(i, f->f_inode, sizeof(*i)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - f_inode - failed\n",
f->f_inode, i, sizeof(*i));
@ -247,7 +243,7 @@ int flags;
perror("connect");
return -1;
}
kmemcpy((char*)&sk, (void *)s, sizeof(sk));
KMCPY(&sk, s, sizeof(sk));
ti->ti_win = sk.window;
ti->ti_seq = sk.sent_seq - 1;
ti->ti_ack = sk.rcv_ack_seq;

View File

@ -28,22 +28,16 @@ static char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed";
#include <netinet/ip_icmp.h>
#ifndef linux
#include <netinet/ip_var.h>
#include <netinet/tcpip.h>
#include <netinet/if_ether.h>
#endif
#include "ip_compat.h"
#ifdef linux
#include <linux/sockios.h>
#include "tcpip.h"
#endif
#include "ipt.h"
#include "ipsend.h"
static u_char buf[65536]; /* 1 big packet */
static void printpacket __P((ip_t *));
extern int initdevice(), arp(), sendip();
void printpacket(ip)
static void printpacket(ip)
ip_t *ip;
{
tcphdr_t *t;
@ -119,7 +113,7 @@ char *datain;
bcopy(ip, (char *)(eh + 1), len);
printpacket(ip);
if (sendip(wfd, eh, sizeof(*eh) + len) == -1)
if (sendip(wfd, (char *)eh, sizeof(*eh) + len) == -1)
{
perror("send_packet");
break;

View File

@ -36,7 +36,7 @@
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include "ipsend.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sbpf[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed";

View File

@ -36,9 +36,8 @@
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include "ip_compat.h"
#include "ipsend.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char snitid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed";

View File

@ -28,8 +28,7 @@
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include "ip_compat.h"
#include "tcpip.h"
#include "ipsend.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)slinux.c 1.2 8/25/95";

View File

@ -38,7 +38,8 @@
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include "ipsend.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char snitid[] = "@(#)snit.c 1.5 1/11/96 (C)1995 Darren Reed";

View File

@ -53,13 +53,11 @@ static char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
#include <netinet/in_pcb.h>
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
#include <netinet/tcpip.h>
#include "ipsend.h"
int nproc;
struct proc *proc;
extern int initdevice(), send_tcp();
#ifndef KMEM
# ifdef _PATH_KMEM
# define KMEM _PATH_KMEM
@ -77,9 +75,17 @@ extern int initdevice(), send_tcp();
# define KERNEL "/vmunix"
#endif
#if BSD < 199103
static struct proc *getproc __P((void));
#else
static struct kinfo_proc *getproc __P((void));
#endif
int kmemcpy(buf, pos, n)
char *buf;
off_t pos;
void *pos;
int n;
{
static int kfd = -1;
@ -87,7 +93,7 @@ int n;
if (kfd == -1)
kfd = open(KMEM, O_RDONLY);
if (lseek(kfd, pos, SEEK_SET) == -1)
if (lseek(kfd, (off_t)pos, SEEK_SET) == -1)
{
perror("lseek");
return -1;
@ -107,7 +113,7 @@ struct nlist names[3] = {
};
#if BSD < 199103
struct proc *getproc()
static struct proc *getproc()
{
struct proc *p;
pid_t pid = getpid();
@ -119,21 +125,20 @@ struct proc *getproc()
fprintf(stderr, "nlist(%#x) == %d\n", names, n);
return NULL;
}
if (kmemcpy((char *)&nproc, (off_t)names[1].n_value,
sizeof(nproc)) == -1)
if (KMCPY(&nproc, names[1].n_value, sizeof(nproc)) == -1)
{
fprintf(stderr, "read nproc (%#x)\n", names[1].n_value);
return NULL;
}
siz = nproc * sizeof(struct proc);
if (kmemcpy((char *)&p, (off_t)names[0].n_value, sizeof(p)) == -1)
if (KMCPY(&p, names[0].n_value, sizeof(p)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) proc\n",
names[0].n_value, &p, sizeof(p));
return NULL;
}
proc = (struct proc *)malloc(siz);
if (kmemcpy((char *)proc, (off_t)p, siz) == -1)
if (KMCPY(proc, p, siz) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) proc\n",
p, proc, siz);
@ -167,22 +172,21 @@ struct tcpiphdr *ti;
return NULL;
up = (struct user *)malloc(sizeof(*up));
if (kmemcpy((char *)up, (off_t)p->p_uarea, sizeof(*up)) == -1)
if (KMCPY(up, p->p_uarea, sizeof(*up)) == -1)
{
fprintf(stderr, "read(%#x,%#x) failed\n", p, p->p_uarea);
return NULL;
}
o = (struct file **)calloc(1, sizeof(*o) * (up->u_lastfile + 1));
if (kmemcpy((char *)o, (off_t)up->u_ofile,
(up->u_lastfile + 1) * sizeof(*o)) == -1)
if (KMCPY(o, up->u_ofile, (up->u_lastfile + 1) * sizeof(*o)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - u_ofile - failed\n",
up->u_ofile_arr, o, sizeof(*o));
return NULL;
}
f = (struct file *)calloc(1, sizeof(*f));
if (kmemcpy((char *)f, (off_t)o[fd], sizeof(*f)) == -1)
if (KMCPY(f, o[fd], sizeof(*f)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - o[fd] - failed\n",
up->u_ofile_arr[fd], f, sizeof(*f));
@ -190,7 +194,7 @@ struct tcpiphdr *ti;
}
s = (struct socket *)calloc(1, sizeof(*s));
if (kmemcpy((char *)s, (off_t)f->f_data, sizeof(*s)) == -1)
if (KMCPY(s, f->f_data, sizeof(*s)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - f_data - failed\n",
o[fd], s, sizeof(*s));
@ -198,7 +202,7 @@ struct tcpiphdr *ti;
}
i = (struct inpcb *)calloc(1, sizeof(*i));
if (kmemcpy((char *)i, (off_t)s->so_pcb, sizeof(*i)) == -1)
if (KMCPY(i, s->so_pcb, sizeof(*i)) == -1)
{
fprintf(stderr, "kvm_read(%#x,%#x,%d) - so_pcb - failed\n",
s->so_pcb, i, sizeof(*i));
@ -206,7 +210,7 @@ struct tcpiphdr *ti;
}
t = (struct tcpcb *)calloc(1, sizeof(*t));
if (kmemcpy((char *)t, (off_t)i->inp_ppcb, sizeof(*t)) == -1)
if (KMCPY(t, i->inp_ppcb, sizeof(*t)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - inp_ppcb - failed\n",
i->inp_ppcb, t, sizeof(*t));
@ -215,7 +219,7 @@ struct tcpiphdr *ti;
return (struct tcpcb *)i->inp_ppcb;
}
#else
struct kinfo_proc *getproc()
static struct kinfo_proc *getproc()
{
static struct kinfo_proc kp;
pid_t pid = getpid();
@ -251,7 +255,7 @@ struct tcpiphdr *ti;
return NULL;
fd = (struct filedesc *)malloc(sizeof(*fd));
if (kmemcpy((char *)fd, (void *)p->kp_proc.p_fd, sizeof(*fd)) == -1)
if (KMCPY(fd, p->kp_proc.p_fd, sizeof(*fd)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx) failed\n",
(u_long)p, (u_long)p->kp_proc.p_fd);
@ -259,15 +263,14 @@ struct tcpiphdr *ti;
}
o = (struct file **)calloc(1, sizeof(*o) * (fd->fd_lastfile + 1));
if (kmemcpy((char *)o, (void *)fd->fd_ofiles,
(fd->fd_lastfile + 1) * sizeof(*o)) == -1)
if (KMCPY(o, fd->fd_ofiles, (fd->fd_lastfile + 1) * sizeof(*o)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx,%d) - u_ofile - failed\n",
(u_long)fd->fd_ofiles, (u_long)o, sizeof(*o));
return NULL;
}
f = (struct file *)calloc(1, sizeof(*f));
if (kmemcpy((char *)f, (void *)o[tfd], sizeof(*f)) == -1)
if (KMCPY(f, o[tfd], sizeof(*f)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx,%d) - o[tfd] - failed\n",
(u_long)o[tfd], (u_long)f, sizeof(*f));
@ -275,7 +278,7 @@ struct tcpiphdr *ti;
}
s = (struct socket *)calloc(1, sizeof(*s));
if (kmemcpy((char *)s, (void *)f->f_data, sizeof(*s)) == -1)
if (KMCPY(s, f->f_data, sizeof(*s)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx,%d) - f_data - failed\n",
(u_long)f->f_data, (u_long)s, sizeof(*s));
@ -283,7 +286,7 @@ struct tcpiphdr *ti;
}
i = (struct inpcb *)calloc(1, sizeof(*i));
if (kmemcpy((char *)i, (void *)s->so_pcb, sizeof(*i)) == -1)
if (KMCPY(i, s->so_pcb, sizeof(*i)) == -1)
{
fprintf(stderr, "kvm_read(%#lx,%#lx,%d) - so_pcb - failed\n",
(u_long)s->so_pcb, (u_long)i, sizeof(*i));
@ -291,7 +294,7 @@ struct tcpiphdr *ti;
}
t = (struct tcpcb *)calloc(1, sizeof(*t));
if (kmemcpy((char *)t, (void *)i->inp_ppcb, sizeof(*t)) == -1)
if (KMCPY(t, i->inp_ppcb, sizeof(*t)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx,%d) - inp_ppcb - failed\n",
(u_long)i->inp_ppcb, (u_long)t, sizeof(*t));
@ -301,12 +304,11 @@ struct tcpiphdr *ti;
}
#endif /* BSD < 199301 */
int do_socket(dev, mtu, ti, gwip, flags)
int do_socket(dev, mtu, ti, gwip)
char *dev;
int mtu;
struct tcpiphdr *ti;
struct in_addr gwip;
int flags;
{
struct sockaddr_in rsin, lsin;
struct tcpcb *t, tcb;
@ -340,7 +342,7 @@ int flags;
(void) getsockname(fd, (struct sockaddr *)&lsin, &len);
ti->ti_sport = lsin.sin_port;
printf("sport %d\n", ntohs(lsin.sin_port));
nfd = initdevice(dev, ntohs(lsin.sin_port));
nfd = initdevice(dev, ntohs(lsin.sin_port), 1);
if (!(t = find_tcp(fd, ti)))
return -1;
@ -356,12 +358,12 @@ int flags;
perror("connect");
return -1;
}
kmemcpy((char*)&tcb, (void *)t, sizeof(tcb));
KMCPY(&tcb, t, sizeof(tcb));
ti->ti_win = tcb.rcv_adv;
ti->ti_seq = tcb.snd_nxt - 1;
ti->ti_ack = tcb.rcv_nxt;
if (send_tcp(nfd, mtu, ti, gwip, TH_SYN) == -1)
if (send_tcp(nfd, mtu, (ip_t *)ti, gwip) == -1)
return -1;
(void)write(fd, "Hello World\n", 12);
sleep(2);

View File

@ -12,6 +12,7 @@
#include <strings.h>
#else
#include <sys/byteorder.h>
#include <sys/file.h>
#endif
#include <sys/types.h>
#include <sys/param.h>
@ -29,43 +30,43 @@
#include <netinet/ip_icmp.h>
#include <netinet/tcpip.h>
#include <net/if.h>
#include "ip_fil.h"
#include <netdb.h>
#include <arpa/nameser.h>
#include <arpa/inet.h>
#include <resolv.h>
#include <ctype.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ipf.h"
#include "ipt.h"
#include <ctype.h>
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-1996 Darren Reed";
static char rcsid[] = "$Id: ipt.c,v 2.0.1.1 1997/01/09 15:14:44 darrenr Exp $";
static char rcsid[] = "$Id: ipt.c,v 2.0.2.4 1997/04/02 12:23:30 darrenr Exp $";
#endif
extern int fr_check();
extern char *optarg;
extern struct frentry *ipfilter[2][2];
extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex;
extern void debug(), verbose();
struct frentry *ft_in = NULL, *ft_out = NULL;
extern struct frentry *ipfilter[2][2];
extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex;
extern struct ifnet *get_unit __P((char *));
extern void init_ifp __P((void));
int opts = 0;
int main __P((int, char *[]));
int main(argc,argv)
int argc;
char *argv[];
{
struct ipread *r = &iptext;
struct frentry *f;
struct ip *ip;
u_long buf[64];
struct ifnet *ifp;
char c;
char *rules = NULL, *datain = NULL, *iface = NULL;
int fd, i, dir = 0;
while ((c = getopt(argc, argv, "bdEHi:I:Pr:STvX")) != -1)
while ((c = getopt(argc, argv, "bdEHi:I:oPr:STvX")) != -1)
switch (c)
{
case 'b' :
@ -80,6 +81,9 @@ char *argv[];
case 'I' :
iface = optarg;
break;
case 'o' :
opts |= OPT_SAVEOUT;
break;
case 'r' :
rules = optarg;
break;
@ -145,23 +149,18 @@ char *argv[];
if (!(fr = parse(line)))
continue;
f = (struct frentry *)malloc(sizeof(*f));
if (fr->fr_flags & FR_INQUE) {
if (!ft_in)
ft_in = ipfilter[0][0] = f;
else
ft_in->fr_next = f, ft_in = f;
} else if (fr->fr_flags & FR_OUTQUE) {
if (!ft_out)
ft_out = ipfilter[1][0] = f;
else
ft_out->fr_next = f, ft_out = f;
}
bcopy((char *)fr, (char *)f, sizeof(*fr));
/* fake an `ioctl' call :) */
i = iplioctl(0, SIOCADDFR, (caddr_t)fr, FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr,
"iplioctl(SIOCADDFR,%x,1) = %d\n", i);
}
(void)fclose(fp);
}
if (opts & OPT_SAVEOUT)
init_ifp();
if (datain)
fd = (*r->r_open)(datain);
else
@ -171,10 +170,12 @@ char *argv[];
exit(-1);
ip = (struct ip *)buf;
while ((i = (*r->r_readip)(buf, sizeof(buf), &iface, &dir)) > 0) {
while ((i = (*r->r_readip)((char *)buf, sizeof(buf),
&iface, &dir)) > 0) {
ifp = iface ? get_unit(iface) : NULL;
ip->ip_off = ntohs(ip->ip_off);
ip->ip_len = ntohs(ip->ip_len);
switch (fr_check(ip, ip->ip_hl << 2, iface, dir))
switch (fr_check(ip, ip->ip_hl << 2, ifp, dir, (char *)buf))
{
case -1 :
(void)printf("block");
@ -188,9 +189,11 @@ char *argv[];
}
if (!(opts & OPT_BRIEF)) {
putchar(' ');
printpacket(buf);
printpacket((struct ip *)buf);
printf("--------------");
}
if (dir && ifp && ip->ip_v)
(*ifp->if_output)(ifp, (void *)buf, NULL, 0);
putchar('\n');
dir = 0;
}

View File

@ -4,13 +4,22 @@
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* $Id: ipt.h,v 2.0.1.1 1997/01/09 15:14:44 darrenr Exp $
* $Id: ipt.h,v 2.0.2.4 1997/03/27 13:45:23 darrenr Exp $
*/
#include <fcntl.h>
#ifdef __STDC__
#include <stdarg.h>
#else
#include <varargs.h>
#endif
struct ipread {
int (*r_open)();
int (*r_close)();
int (*r_readip)();
int (*r_open) __P((char *));
int (*r_close) __P((void));
int (*r_readip) __P((char *, int, char **, int *));
};
extern void debug __P((char *, ...));
extern void verbose __P((char *, ...));

View File

@ -16,12 +16,11 @@
#include <unistd.h>
#include <fcntl.h>
#include <sys/file.h>
#define KMEM "/dev/kmem"
#include "kmem.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
static char rcsid[] = "$Id: kmem.c,v 2.0.1.1 1997/01/09 15:14:44 darrenr Exp $";
static char rcsid[] = "$Id: kmem.c,v 2.0.2.3 1997/03/10 08:10:37 darrenr Exp $";
#endif
static int kmemfd = -1;

View File

@ -4,9 +4,18 @@
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* $Id: kmem.h,v 2.0.1.1 1997/01/09 15:14:44 darrenr Exp $
* $Id: kmem.h,v 2.0.2.3 1997/03/10 08:10:38 darrenr Exp $
*/
extern int openkmem();
extern int kmemcpy();
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
extern int openkmem __P((void));
extern int kmemcpy __P((char *, long, int));
#define KMEM "/dev/kmem"

View File

@ -7,7 +7,7 @@
* responsibility and is not changed in any way.
*
* I hate legaleese, don't you ?
* $Id: linux.h,v 2.0.1.1 1997/01/09 15:14:44 darrenr Exp $
* $Id: linux.h,v 2.0.2.2 1997/02/23 10:38:08 darrenr Exp $
*/
#include <linux/config.h>

View File

@ -99,9 +99,8 @@ Flags which are recognised in fr_pass:
FR_INACTIVE 0x02000
FR_QUICK 0x04000 /* quick-match and return */
FR_FASTROUTE 0x08000
FR_CALLFUNC 0x10000
FR_CALLNOW 0x20000
FR_DUP 0x40000 /* duplicate the packet (not Solaris2)
FR_CALLNOW 0x10000
FR_DUP 0x20000 /* duplicate the packet (not Solaris2)
.fi
.PP

View File

@ -0,0 +1,7 @@
.TH IPFILTER 1
.SH NAME
IP FIlter
.SH DESCRIPTION
.PP
.SH SEE ALSO
ipf(1), ipf(1), ipf(5), ipnat(1), ipnat(5)

View File

@ -4,7 +4,7 @@ ipmon \- monitors /dev/ipl for logged packets
.SH SYNOPSIS
.B ipmon
[
.B \-sfN
.B \-asfnSN
] [
<filename>
]
@ -38,13 +38,22 @@ than pass or block.
\- packets which have been logged and which can be considered
"short".
.TP
.B \-a
Open all of the device logfiles for reading log entries from.
.TP
.B \-f
Flush the current packet log buffer. The number of bytes flushed is displayed,
even should the result be zero.
.TP
.B \-N
.B \-n
IP addresses and port numbers will be mapped, where possible, back into
hostnames and service names.
.TP
.B \-N
Treat the logfile as being composed of NAT log records.
.TP
.B \-S
Treat the logfile as being composed of state log records.
.SH DIAGNOSTICS
\fBipmon\fP expects data that it reads to be consistant with how it should be
saved and will abort if it fails an assertion which detects an anomoly in the

View File

@ -0,0 +1 @@
DF . Ä.. CVSD~MakefileDipf.1D€ipf.4D<EFBFBD>ipf.5D

View File

@ -30,20 +30,19 @@
#include <netinet/ip_icmp.h>
#include <netinet/tcpip.h>
#include <net/if.h>
#include "ip_fil.h"
#include <netdb.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ipf.h"
#include "ipt.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)misc.c 1.3 2/4/96 (C) 1995 Darren Reed";
static char rcsid[] = "$Id: misc.c,v 2.0.1.1 1997/01/09 15:14:44 darrenr Exp $";
static char rcsid[] = "$Id: misc.c,v 2.0.2.5 1997/03/31 10:05:36 darrenr Exp $";
#endif
void debug(), verbose();
extern int opts;
@ -69,17 +68,35 @@ struct ip *ip;
}
void verbose(fmt, p1, p2, p3, p4, p5, p6, p7, p8, p9)
char *fmt, *p1, *p2, *p3, *p4, *p5, *p6, *p7,*p8,*p9;
#ifdef __STDC__
void verbose(char *fmt, ...)
#else
void verbose(fmt, va_alist)
char *fmt;
va_dcl
#endif
{
va_list pvar;
va_start(pvar, fmt);
if (opts & OPT_VERBOSE)
printf(fmt, p1, p2, p3, p4, p5, p6, p7, p8, p9);
vprintf(fmt, pvar);
va_end(pvar);
}
void debug(fmt, p1, p2, p3, p4, p5, p6, p7, p8, p9)
char *fmt, *p1, *p2, *p3, *p4, *p5, *p6, *p7,*p8,*p9;
#ifdef __STDC__
void debug(char *fmt, ...)
#else
void debug(fmt, va_alist)
char *fmt;
va_dcl
#endif
{
va_list pvar;
va_start(pvar, fmt);
if (opts & OPT_DEBUG)
printf(fmt, p1, p2, p3, p4, p5, p6, p7, p8, p9);
vprintf(fmt, pvar);
va_end(pvar);
}

View File

@ -24,8 +24,18 @@
#if defined(__FreeBSD__) && (__FreeBSD__ > 1)
# include <osreldate.h>
# ifdef IPFILTER_LKM
# define ACTUALLY_LKM_NOT_KERNEL
# endif
#endif
#include <sys/systm.h>
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
# include <sys/conf.h>
# include <sys/kernel.h>
# ifdef DEVFS
# include <sys/devfsext.h>
# endif /*DEVFS*/
#endif
#include <sys/conf.h>
#include <sys/file.h>
#include <sys/stat.h>
@ -39,22 +49,30 @@
#include <sys/exec.h>
#include <sys/mbuf.h>
#if defined(__NetBSD__) || (defined(__FreeBSD_version) && \
(__FreeBSD_version >= 199607))
(__FreeBSD_version >= 199511))
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#endif
#ifndef __NetBSD__
#include <sys/sysent.h>
#endif
#include <sys/lkm.h>
#include "ipl.h"
#include "ip_compat.h"
#include "ip_fil.h"
#ifndef IPL_NAME
#define IPL_NAME "/dev/ipl"
#endif
#define IPL_NAT "/dev/ipnat"
#define IPL_STATE "/dev/ipstate"
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
#define VOP_LEASE LEASE_CHECK
#endif
@ -63,28 +81,30 @@
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
extern int lkmenodev(), lkmexists(), lkmdispatch();
extern int lkmenodev __P((void));
extern int iplattach(), iplopen(), iplclose(), iplioctl(), ipldetach();
#ifdef NETBSD_PF
#include <net/pfil.h>
#endif
#ifdef IPFILTER_LOG
extern int iplread();
#else
#ifdef NETBSD_PF
#define iplread enodev
#else
#define iplread nodev
#ifndef IPFILTER_LOG
# ifdef NETBSD_PF
# define iplread enodev
# else
# define iplread nodev
# endif
#endif
#endif
extern int iplidentify();
#ifdef NETBSD_PF
int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)) = NULL;
#endif
static int ipl_unload(), ipl_load();
static int ipl_unload __P((void));
static int ipl_load __P((void));
static int ipl_remove __P((void));
int xxxinit __P((struct lkm_table *, int, int));
#if (defined(NetBSD1_0) && (NetBSD1_0 > 1)) || \
(defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199511))
struct cdevsw ipldevsw =
@ -116,20 +136,33 @@ struct cdevsw ipldevsw =
NULL /* strategy */
};
#endif
static struct cdevsw cdev_sav;
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
int ipl_major = 0;
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
extern int vd_unuseddev();
extern struct cdevsw cdevsw[];
extern int vd_unuseddev __P((void));
extern int nchrdev;
#else
int ipl_major = CDEV_MAJOR;
static struct cdevsw ipl_cdevsw = {
iplopen, iplclose, iplread, nowrite, /* 79 */
iplioctl, nostop, noreset, nodevtotty,
noselect, nommap, nostrategy, "ipl",
NULL, -1
};
#endif
static int iplaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int i;
int i = ipl_major;
struct lkm_dev *args = lkmtp->private.lkm_dev;
int err = 0;
@ -139,6 +172,7 @@ int cmd;
if (lkmexists(lkmtp))
return EEXIST;
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
for (i = 0; i < nchrdev; i++)
if (cdevsw[i].d_open == lkmenodev ||
cdevsw[i].d_open == iplopen)
@ -150,8 +184,10 @@ int cmd;
ipl_major = i;
args->lkm_offset = i; /* slot in cdevsw[] */
#endif
printf("IP Filter: loaded into slot %d\n", ipl_major);
return ipl_load();
break;
case LKM_E_UNLOAD :
printf("IP Filter: unloaded from slot %d\n", ipl_major);
return ipl_unload();
@ -165,7 +201,7 @@ int cmd;
}
static int ipl_remove()
static int ipl_remove __P((void))
{
struct nameidata nd;
int error;
@ -176,13 +212,29 @@ static int ipl_remove()
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
VOP_LOCK(nd.ni_vp);
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
return VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, IPL_NAT, curproc);
if ((error = namei(&nd)))
return (error);
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
VOP_LOCK(nd.ni_vp);
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, IPL_STATE, curproc);
if ((error = namei(&nd)))
return (error);
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
VOP_LOCK(nd.ni_vp);
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
}
static int ipl_unload()
{
int error;
int error = 0;
error = ipldetach();
#ifdef NETBSD_PF
@ -198,7 +250,7 @@ static int ipl_load()
{
struct nameidata nd;
struct vattr vattr;
int error, fmode = S_IFCHR|0600;
int error = 0, fmode = S_IFCHR|0600;
error = iplattach();
#ifdef NETBSD_PF
@ -207,7 +259,7 @@ static int ipl_load()
if (error)
return error;
(void) ipl_remove();
error = 0;
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, IPL_NAME, curproc);
if (error = namei(&nd))
return error;
@ -225,13 +277,98 @@ static int ipl_load()
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = ipl_major<<8;
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
return VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
if (error)
return error;
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, IPL_NAT, curproc);
if (error = namei(&nd))
return error;
if (nd.ni_vp != NULL) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
if (nd.ni_dvp == nd.ni_vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
vrele(nd.ni_vp);
return (EEXIST);
}
VATTR_NULL(&vattr);
vattr.va_type = VCHR;
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipl_major<<8)|1;
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
if (error)
return error;
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, IPL_STATE, curproc);
if (error = namei(&nd))
return error;
if (nd.ni_vp != NULL) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
if (nd.ni_dvp == nd.ni_vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
vrele(nd.ni_vp);
return (EEXIST);
}
VATTR_NULL(&vattr);
vattr.va_type = VCHR;
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipl_major<<8)|2;
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
if (error)
return error;
return 0;
}
#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000)
int xxxinit(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction);
}
#else
#include <sys/exec.h>
#include <sys/sysent.h>
MOD_DECL(if_ipl);
static struct lkm_dev _module = {
LM_DEV,
LKM_VERSION,
IPL_VERSION,
CDEV_MAJOR,
LM_DT_CHAR,
(void *)&ipl_cdevsw
};
int if_ipl(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction);
}
/*
static ipl_devsw_installed = 0;
static void ipl_drvinit __P((void *unused))
{
dev_t dev;
if( ! ipl_devsw_installed ) {
dev = makedev(CDEV_MAJOR,0);
cdevsw_add(&dev, &ipl_cdevsw,NULL);
ipl_devsw_installed = 1;
}
}
SYSINIT(ipldev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipl_drvinit,NULL)
*/
#endif /* __FreeBSD__ */

View File

@ -27,25 +27,40 @@
# include <sun/openprom.h>
#endif
#include "ipl.h"
#include "ip_compat.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)mls_ipl.c 2.6 10/15/95 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: mls_ipl.c,v 2.0.1.1 1997/01/09 15:14:44 darrenr Exp $";
static char rcsid[] = "$Id: mls_ipl.c,v 2.0.2.3 1997/03/27 13:45:26 darrenr Exp $";
#endif
#ifndef IPL_NAME
#define IPL_NAME "/dev/ipl"
#endif
#define IPL_NAT "/dev/ipnat"
#define IPL_STATE "/dev/ipstate"
extern int iplattach(), iplopen(), iplclose(), iplioctl(), ipldetach();
extern int iplattach __P((void));
extern int iplopen __P((void));
extern int iplclose __P((void));
extern int iplioctl __P((void));
extern int ipldetach __P((void));
#ifdef IPFILTER_LOG
extern int iplread();
extern int iplread __P((void));
#else
#define iplread nulldev
#endif
extern int nulldev(), iplidentify(), errno;
extern int nulldev __P((void));
extern int iplidentify __P((void));
extern int errno;
extern int nodev __P((void));
static int unload __P((void));
static int ipl_attach __P((void));
int xxxinit __P((u_int, struct vddrv *, caddr_t, struct vdstat *));
static int unload(), ipl_attach();
struct cdevsw ipldevsw =
{
@ -111,27 +126,41 @@ struct vdldrv vd =
};
#endif /* sun4m */
extern int vd_unuseddev();
extern int vd_unuseddev __P((void));
extern struct cdevsw cdevsw[];
extern int nchrdev;
xxxinit(fc, vdp, vdi, vds)
xxxinit(fc, vdp, data, vds)
u_int fc;
struct vddrv *vdp;
caddr_t vdi;
caddr_t data;
struct vdstat *vds;
{
struct vdioctl_load *vdi = (struct vdioctl_load *)data;
switch (fc)
{
case VDLOAD:
while (ipl_major < nchrdev &&
cdevsw[ipl_major].d_open != vd_unuseddev)
ipl_major++;
if (ipl_major == nchrdev)
return ENODEV;
vd.Drv_charmajor = ipl_major;
{
struct vdconf *vdc;
if (vdi && vdi->vdi_userconf)
for (vdc = vdi->vdi_userconf; vdc->vdc_type; vdc++)
if (vdc->vdc_type == VDCCHARMAJOR) {
ipl_major = vdc->vdc_data;
break;
}
if (!ipl_major) {
while (ipl_major < nchrdev &&
cdevsw[ipl_major].d_open != vd_unuseddev)
ipl_major++;
if (ipl_major == nchrdev)
return ENODEV;
}
vdp->vdd_vdtab = (struct vdlinkage *)&vd;
vd.Drv_charmajor = ipl_major;
return ipl_attach();
}
case VDUNLOAD:
return unload();
case VDSTAT:
@ -168,6 +197,26 @@ static int ipl_attach()
vattr.va_rdev = ipl_major<<8;
error = vn_create(IPL_NAME, UIO_SYSSPACE, &vattr, EXCL, 0, &vp);
if (error == 0)
VN_RELE(vp);
(void) vn_remove(IPL_NAT, UIO_SYSSPACE, FILE);
vattr_null(&vattr);
vattr.va_type = MFTOVT(fmode);
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipl_major<<8)|1;
error = vn_create(IPL_NAT, UIO_SYSSPACE, &vattr, EXCL, 0, &vp);
if (error == 0)
VN_RELE(vp);
(void) vn_remove(IPL_STATE, UIO_SYSSPACE, FILE);
vattr_null(&vattr);
vattr.va_type = MFTOVT(fmode);
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipl_major<<8)|2;
error = vn_create(IPL_STATE, UIO_SYSSPACE, &vattr, EXCL, 0, &vp);
if (error == 0)
VN_RELE(vp);
return error;

View File

@ -22,7 +22,7 @@
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)opt.c 1.8 4/10/96 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: opt.c,v 2.0.1.1 1997/01/09 15:14:44 darrenr Exp $";
static char rcsid[] = "$Id: opt.c,v 2.0.2.3 1997/03/10 08:10:40 darrenr Exp $";
#endif
extern int opts;
@ -63,6 +63,7 @@ struct ipopt_names secclass[] = {
{ 0, 0, 0, NULL } /* must be last */
};
static u_char seclevel __P((char *));
static u_char seclevel(slevel)
char *slevel;

View File

@ -23,30 +23,41 @@
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/if.h>
#include "ip_fil.h"
#include <netdb.h>
#include <arpa/nameser.h>
#include <arpa/inet.h>
#include <resolv.h>
#include "ipf.h"
#include <ctype.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ipf.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] ="@(#)parse.c 1.44 6/5/96 (C) 1993-1996 Darren Reed";
static char rcsid[] = "$Id: parse.c,v 2.0.1.2 1997/02/17 13:59:44 darrenr Exp $";
static char rcsid[] = "$Id: parse.c,v 2.0.2.5 1997/03/31 10:05:38 darrenr Exp $";
#endif
extern struct ipopt_names ionames[], secclass[];
extern int opts;
extern int gethostname();
u_long hostnum(), optname();
u_short portnum();
u_char tcp_flags();
struct frentry *parse();
void binprint(), printfr();
int addicmp(), extras(), hostmask(), ports(), icmpcode(), addkeep();
int to_interface();
u_short portnum __P((char *));
u_char tcp_flags __P((char *, u_char *));
int addicmp __P((char ***, struct frentry *));
int extras __P((char ***, struct frentry *));
char ***seg;
u_long *sa, *msk;
u_short *pp, *tp;
u_char *cp;
int hostmask __P((char ***, u_long *, u_long *, u_short *, u_char *,
u_short *));
int ports __P((char ***, u_short *, u_char *, u_short *));
int icmpcode __P((char *)), addkeep __P((char ***, struct frentry *));
int to_interface __P((frdest_t *, char *));
void print_toif __P((char *, frdest_t *));
void optprint __P((u_short, u_short, u_long, u_long));
int countbits __P((u_long));
char *portname __P((int, int));
char *proto = NULL;
@ -100,7 +111,7 @@ char *line;
cpp = cps;
if (**cpp == '@')
fil.fr_hits = atoi(*cpp++ + 1) + 1;
fil.fr_hits = (U_QUAD_T)atoi(*cpp++ + 1) + 1;
if (!strcasecmp("block", *cpp)) {
fil.fr_flags = FR_BLOCK;
@ -143,8 +154,10 @@ char *line;
}
cpp++;
if (!strcasecmp("in", *cpp)) {
if (!strcasecmp("in", *cpp))
fil.fr_flags |= FR_INQUE;
else if (!strcasecmp("out", *cpp)) {
fil.fr_flags |= FR_OUTQUE;
if (fil.fr_flags & FR_RETICMP) {
(void)fprintf(stderr,
"Can only use return-icmp with 'in'\n");
@ -154,9 +167,7 @@ char *line;
"Can only use return-rst with 'in'\n");
return NULL;
}
} else if (!strcasecmp("out", *cpp))
fil.fr_flags |= FR_OUTQUE;
else {
} else {
(void)fprintf(stderr,
"missing 'in'/'out' keyword (%s)\n", *cpp);
return NULL;
@ -314,8 +325,9 @@ char *line;
return NULL;
}
ch = 0;
if (hostmask(&cpp, &fil.fr_src, &fil.fr_smsk,
&fil.fr_sport, &ch, &fil.fr_stop)) {
if (hostmask(&cpp, (u_long *)&fil.fr_src,
(u_long *)&fil.fr_smsk, &fil.fr_sport, &ch,
&fil.fr_stop)) {
(void)fprintf(stderr, "bad host (%s)\n", *cpp);
return NULL;
}
@ -338,8 +350,9 @@ char *line;
return NULL;
}
ch = 0;
if (hostmask(&cpp, &fil.fr_dst, &fil.fr_dmsk,
&fil.fr_dport, &ch, &fil.fr_dtop)) {
if (hostmask(&cpp, (u_long *)&fil.fr_dst,
(u_long *)&fil.fr_dmsk, &fil.fr_dport, &ch,
&fil.fr_dtop)) {
(void)fprintf(stderr, "bad host (%s)\n", *cpp);
return NULL;
}
@ -870,6 +883,9 @@ u_long optmsk, optbits;
(!secmsk && !secbits)) {
printf("%s%s", s, io->on_name);
s = ",";
if (io->on_value ==
IPOPT_SECURITY)
io++;
} else
io++;
}
@ -925,8 +941,11 @@ struct frentry *fp;
if (!strcasecmp(*t, **cp))
break;
}
if (i == -1)
if (i == -1) {
(void)fprintf(stderr,
"Invalid icmp-type (%s) specified\n", **cp);
return -1;
}
}
fp->fr_icmp = (u_short)(i << 8);
fp->fr_icmpm = (u_short)0xff00;

View File

@ -4,7 +4,7 @@
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* $Id: pcap.h,v 2.0.1.1 1997/01/09 15:14:45 darrenr Exp $
* $Id: pcap.h,v 2.0.2.2 1997/02/23 10:38:17 darrenr Exp $
*/
/*
* This header file is constructed to match the version described by

View File

@ -9,6 +9,7 @@
#include <stdio.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/errno.h>
#include <sys/syslog.h>
#include <sys/ioctl.h>

View File

@ -0,0 +1,5 @@
WÆ . Ä..'& CVSWÜ example.1WÝ
example.10WÞ
example.11Wß
example.12Wà
example.13Wá example.2Wâ example.3Wã example.4Wä example.5Wå example.6Wæ example.7Wç example.8Wè example.9Wé

View File

@ -8,7 +8,7 @@
/*
* written to comply with the RFC (1761) from Sun.
* $Id: snoop.h,v 2.0.1.1 1997/01/09 15:14:45 darrenr Exp $
* $Id: snoop.h,v 2.0.2.2 1997/02/23 10:38:19 darrenr Exp $
*/
struct snoophdr {
char s_id[8];

View File

@ -6,7 +6,7 @@
* to the original author and the contributors.
*/
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
#pragma ident "$Id: solaris.c,v 2.0.1.4 1997/02/08 06:38:30 darrenr Exp $";
#pragma ident "$Id: solaris.c,v 2.0.2.3 1997/03/27 13:45:28 darrenr Exp $";
#include <sys/systm.h>
#include <sys/types.h>
@ -39,20 +39,19 @@
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ipl.h"
#include "ip_fil.h"
#include "ip_compat.h"
#include <sys/ddi.h>
#include <sys/sunddi.h>
#include <inet/ip_ire.h>
#include "ip_compat.h"
#include "ipl.h"
#include "ip_fil.h"
char _depends_on[] = "drv/ip";
extern int iplopen(), iplclose(), iplread(), iplioctl();
extern int iplattach(), ipldetach();
extern void copyout_mblk(), copyin_mblk();
extern void copyout_mblk __P((mblk_t *, int, char *, int));
extern void copyin_mblk __P((mblk_t *, int, char *, int));
int solattach(), soldetach();
int solattach __P((void));
int soldetach __P((void));
extern struct filterstats frstats[];
extern kmutex_t ipl_mutex, ipf_mutex, ipfs_mutex;
@ -60,8 +59,22 @@ extern int fr_flags;
static qif_t *qif_head = NULL;
static int ipl_getinfo(), ipl_probe(), ipl_identify(), ipl_attach();
static int ipl_detach();
static int ipl_getinfo __P((dev_info_t *, ddi_info_cmd_t,
void *, void **));
static int ipl_probe __P((dev_info_t *));
static int ipl_identify __P((dev_info_t *));
static int ipl_attach __P((dev_info_t *, ddi_attach_cmd_t));
static int ipl_detach __P((dev_info_t *, ddi_detach_cmd_t));
static qif_t *qif_from_queue __P((queue_t *));
static int fr_qin __P((queue_t *, mblk_t *));
static int fr_qout __P((queue_t *, mblk_t *));
static void fr_donotip __P((int, qif_t *, queue_t *, mblk_t *,
mblk_t *, ip_t *, int));
void printire __P((ire_t *));
int ipfr_fastroute __P((qif_t *, ip_t *, mblk_t *, mblk_t **,
fr_info_t *, frdest_t *));
int fr_precheck __P((mblk_t **, queue_t *, qif_t *, int));
static struct cb_ops ipl_cb_ops = {
iplopen,
@ -149,7 +162,9 @@ static int ipl_identify(dev_info_t *dip)
}
static int ipl_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
static int ipl_attach(dip, cmd)
dev_info_t *dip;
ddi_attach_cmd_t cmd;
{
int instance;
@ -167,6 +182,16 @@ static int ipl_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
ddi_remove_minor_node(dip, NULL);
goto attach_failed;
}
if (ddi_create_minor_node(dip, "ipnat", S_IFCHR, instance,
DDI_PSEUDO, 1) == DDI_FAILURE) {
ddi_remove_minor_node(dip, NULL);
goto attach_failed;
}
if (ddi_create_minor_node(dip, "ipstate", S_IFCHR, instance,
DDI_PSEUDO, 2) == DDI_FAILURE) {
ddi_remove_minor_node(dip, NULL);
goto attach_failed;
}
ipf_dev_info = dip;
sync();
/*
@ -249,7 +274,7 @@ void *arg, **result;
/*
* find the filter structure setup for this queue
*/
qif_t *qif_from_queue(q)
static qif_t *qif_from_queue(q)
queue_t *q;
{
qif_t *qif;
@ -380,7 +405,7 @@ int out;
*/
if (!OK_32PTR(ip)) {
len = MIN(mlen, sizeof(ip_t));
copyout_mblk(m, 0, lbuf, len);
copyout_mblk(m, 0, (char *)lbuf, len);
frstats[out].fr_pull[0]++;
ip = (ip_t *)lbuf;
} else
@ -426,7 +451,7 @@ int out;
if ((hlen > len)) {
len = MIN(hlen, sizeof(lbuf));
len = MIN(mlen, len);
copyout_mblk(m, 0, lbuf, len);
copyout_mblk(m, 0, (char *)lbuf, len);
frstats[out].fr_pull[0]++;
ip = (ip_t *)lbuf;
}
@ -450,7 +475,8 @@ int out;
qif->qf_m = m;
qif->qf_len = len;
err = fr_check(ip, iphlen, qif->qf_ill, out, qif, q, mp);
err = fr_check(ip, iphlen, (struct ifnet *)qif->qf_ill, out, qif,
q, mp);
/*
* Copy back the ip header data if it was changed, we haven't yet
* freed the message and we aren't going to drop the packet.
@ -463,7 +489,7 @@ int out;
#endif
if (err == 1) {
if (*mp && (ip == (ip_t *)lbuf)) {
copyin_mblk(m, 0, lbuf, len);
copyin_mblk(m, 0, (char *)lbuf, len);
frstats[out].fr_pull[1]++;
}
err = 0;
@ -473,11 +499,11 @@ int out;
}
int fr_qin(q, mb)
static int fr_qin(q, mb)
queue_t *q;
mblk_t *mb;
{
int (*pnext)(), type, synced = 0;
int (*pnext) __P((queue_t *, mblk_t *)), type, synced = 0;
qif_t qfb, *qif;
again:
@ -543,11 +569,11 @@ mblk_t *mb;
}
int fr_qout(q, mb)
static int fr_qout(q, mb)
queue_t *q;
mblk_t *mb;
{
int (*pnext)(), type, synced = 0;
int (*pnext) __P((queue_t *, mblk_t *)), type, synced = 0;
qif_t qfb, *qif;
again:
@ -658,7 +684,7 @@ int solattach()
il, in->q_ptr, out->q_ptr, in->q_qinfo->qi_putp,
out->q_qinfo->qi_putp, out->q_qinfo, in->q_qinfo);
#endif
qif = (qif_t *)KMALLOC(sizeof(*qif));
KMALLOC(qif, qif_t *, sizeof(*qif));
if (in->q_qinfo->qi_putp == fr_qin) {
for (qf2 = qif_head; qf2; qf2 = qf2->qf_next)
@ -845,7 +871,7 @@ int soldetach()
}
printire(ire)
void printire(ire)
ire_t *ire;
{
printf("ire: ll_hdr_mp %x rfq %x stq %x src_addr %x max_frag %d\n",
@ -897,7 +923,7 @@ frdest_t *fdp;
#endif
if (ip != (ip_t *)mb->b_rptr) {
copyin_mblk(mb, 0, ip, qf->qf_len);
copyin_mblk(mb, 0, (char *)ip, qf->qf_len);
frstats[fin->fin_out].fr_pull[1]++;
}

View File

View File

@ -0,0 +1,6 @@
Ç . Ä..0þ CVSGexpected0ÇinputDG$regress

.cvsignore
!Makefile
"dotest
#hextest

View File

@ -1,4 +1,6 @@
* automatically use the interface's IP# for NAT rather than any specific IP#
- Done. Use "0/32" as destination address/mask. Uses first interface IP#
set for an interface.
* use fr_tcpstate() with NAT code for increased NAT usage security or even
fr_checkstate()
@ -17,3 +19,9 @@ time permitting:
* modular application proxying
* invesitgate making logging better
* add reverse nat (similar to rdr) to map addresses going in both directions
* add 'tail' switch to ipmon
(this might just be some changes to rdr). In 1:1 relationships maybe make
it an option.