mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-12 09:58:36 +00:00
Code Issues Releases Activity

* Someone imported a lot of files with the wrong CVS tag, so lots of files need

Browse Source 
that fixed in them....
* Keep unnecessary files out of the non-vendor part of this CVS repository.
This commit is contained in:
Darren Reed 2005-04-25 18:20:15 +00:00
parent d607092b37
commit 750e88322f
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=145519
259 changed files with 836 additions and 17244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

707
contrib/ipfilter/FWTK/fwtk-2.1-transparency.txt
View File

@ -1,707 +0,0 @@
diff -c -r ./ftp-gw/ftp-gw.c ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c
*** ./ftp-gw/ftp-gw.c Thu Feb 5 19:05:43 1998
--- ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c Thu May 21 17:36:09 1998
***************
*** 44,49 ****
--- 44,51 ----
extern char *optarg;
+ char *getdsthost();
+
#include "firewall.h"
***************
*** 88,93 ****
--- 90,97 ----
static int cmdcnt = 0;
static int timeout = PROXY_TIMEOUT;
+ static int do_transparent = 0;
+
static int cmd_user();
static int cmd_authorize();
***************
*** 101,106 ****
--- 105,111 ----
static int cmd_passthru();
static void saveline();
static void flushsaved();
+ static int connectdest();
#define OP_CONN 001 /* only valid if connected */
#define OP_WCON 002 /* writethrough if connected */
***************
*** 173,178 ****
--- 178,184 ----
char xuf[1024];
char huf[512];
char *passuser = (char *)0; /* passed user as av */
+ char *psychic, *hotline;
#ifndef LOG_DAEMON
openlog("ftp-gw",LOG_PID);
***************
*** 317,322 ****
--- 323,332 ----
} else
timeout = PROXY_TIMEOUT;
+ psychic = getdsthost(0, NULL);
+ if (psychic)
+ do_transparent++;
+
/* display a welcome file or message */
if(passuser == (char *)0) {
if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
***************
*** 324,329 ****
--- 334,345 ----
syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
exit(1);
}
+ if (do_transparent) {
+ if (sayfile2(0, cf->argv[0], 220)) {
+ syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]);
+ exit(1);
+ }
+ } else
if(sayfile(0,cf->argv[0],220)) {
syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]);
exit(1);
***************
*** 336,341 ****
--- 352,360 ----
if(say(0,"220-Proxy first requires authentication"))
exit(1);
+ if (do_transparent)
+ sprintf(xuf, "220-%s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR);
+ else
sprintf(xuf, "220 %s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR);
if(say(0,xuf))
exit(1);
***************
*** 357,362 ****
--- 376,384 ----
exit(1);
}
+ if (do_transparent)
+ connectdest(psychic, 21);
+
/* main loop */
while(1) {
FD_ZERO(&rdy);
***************
*** 653,658 ****
--- 675,696 ----
return(sayn(0,noad,sizeof(noad)-1));
}
+ if (do_transparent) {
+ if((rfd == (-1)) && (x = connectdest(dest,port)))
+ return x;
+
+ sprintf(buf,"USER %s",user);
+
+ if (say(rfd, buf))
+ return(1);
+
+ x = getresp(rfd, buf, sizeof(buf), 1);
+ if (sendsaved(0, x))
+ return(1);
+
+ return(say(0, buf));
+ }
+
if(*dest == '\0')
dest = "localhost";
***************
*** 694,705 ****
char ebuf[512];
strcpy(ebuf,buf);
! sprintf(buf,"521 %s: %s",dest,ebuf);
rfd = -1;
return(say(0,buf));
}
! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
! saveline(buf);
/* we are now connected and need to try the autologin thing */
x = getresp(rfd,buf,sizeof(buf),1);
--- 732,748 ----
char ebuf[512];
strcpy(ebuf,buf);
! if (do_transparent)
! sprintf(buf, "521 %s,%d: %s", dest, ntohs(port), ebuf);
! else
! sprintf(buf,"521 %s: %s",dest,ebuf);
rfd = -1;
return(say(0,buf));
}
! if (!do_transparent) {
! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
! saveline(buf);
! }
/* we are now connected and need to try the autologin thing */
x = getresp(rfd,buf,sizeof(buf),1);
***************
*** 1889,1891 ****
--- 1932,2050 ----
dup(nread);
}
#endif
+
+ static int connectdest(dest, port)
+ char *dest;
+ short port;
+ {
+ char buf[1024], mbuf[512];
+ int msg_int, x;
+
+ if(*dest == '\0')
+ dest = "localhost";
+
+ if(validests != (char **)0) {
+ char **xp;
+ int x;
+
+ for(xp = validests; *xp != (char *)0; xp++) {
+ if(**xp == '!' && hostmatch(*xp + 1,dest)) {
+ return(baddest(0,dest));
+ } else {
+ if(hostmatch(*xp,dest))
+ break;
+ }
+ }
+ if(*xp == (char *)0)
+ return(baddest(0,dest));
+ }
+
+ /* Extended permissions processing goes in here for destination */
+ if(extendperm) {
+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
+ if(msg_int == 1) {
+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
+ say(0,mbuf);
+ return(1);
+ } else {
+ if(msg_int == -1) {
+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
+ say(0,mbuf);
+ return(1);
+ }
+ }
+ }
+
+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
+
+ if((rfd = conn_server(dest,port,0,buf)) < 0) {
+ char ebuf[512];
+
+ strcpy(ebuf,buf);
+ if (do_transparent)
+ sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
+ else
+ sprintf(buf,"521 %s: %s",dest,ebuf);
+ rfd = -1;
+ return(say(0,buf));
+ }
+ if (!do_transparent) {
+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
+ saveline(buf);
+ }
+
+ /* we are now connected and need to try the autologin thing */
+ x = getresp(rfd,buf,sizeof(buf),1);
+ if(x / 100 != COMPLETE) {
+ sendsaved(0,-1);
+ return(say(0,buf));
+ }
+ saveline(buf);
+
+ sendsaved(0,-1);
+ return 0;
+ }
+
+ /* quick hack */
+ sayfile2(fd,fn,code)
+ int fd;
+ char *fn;
+ int code;
+ {
+ FILE *f;
+ char buf[BUFSIZ];
+ char yuf[BUFSIZ];
+ char *c;
+ int x;
+ int saidsomething = 0;
+
+ if((f = fopen(fn,"r")) == (FILE *)0)
+ return(1);
+ while(fgets(buf,sizeof(buf),f) != (char *)0) {
+ if((c = index(buf,'\n')) != (char *)0)
+ *c = '\0';
+ x = fgetc(f);
+ if(feof(f))
+ sprintf(yuf,"%3.3d-%s",code,buf);
+ else {
+ sprintf(yuf,"%3.3d-%s",code,buf);
+ ungetc(x,f);
+ }
+ if(say(fd,yuf)) {
+ fclose(f);
+ return(1);
+ }
+ saidsomething++;
+ }
+ fclose(f);
+ if (!saidsomething) {
+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
+ sprintf(yuf, "%3.3d The file to display is empty",code);
+ if(say(fd,yuf)) {
+ fclose(f);
+ return(1);
+ }
+ }
+ return(0);
+ }
diff -c -r ./http-gw/http-gw.c ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c
*** ./http-gw/http-gw.c Fri Feb 6 18:32:25 1998
--- ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c Thu May 21 17:00:47 1998
***************
*** 27,32 ****
--- 27,35 ----
static char http_buffer[8192];
static char reason[8192];
static int checkBrowserType = 1;
+ static int do_transparent = 0;
+
+ char * getdsthost();
static void do_logging()
{ char *proto = "GOPHER";
***************
*** 473,478 ****
--- 476,490 ----
/*(NOT A SPECIAL FORM)*/
if((rem_type & TYPE_LOCAL)== 0){
+ char * psychic = getdsthost(sockfd, &def_port);
+ if (psychic) {
+ if (strlen(psychic) <= MAXHOSTNAMELEN) {
+ do_transparent ++;
+ strncpy(def_httpd, psychic, strlen(psychic));
+ strncpy(def_server, psychic, strlen(psychic));
+ }
+ }
+
/* See if it can be forwarded */
if( can_forward(buf)){
***************
*** 1564,1570 ****
parse_vec[0],
parse_vec[1],
ourname, ourport);
! }else{
sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
parse_vec[0], parse_vec[2],
parse_vec[3], chk_type_ch,
--- 1576,1589 ----
parse_vec[0],
parse_vec[1],
ourname, ourport);
! }
! else
! if (do_transparent) {
! sprintf(new_reply, "%s\t%s\t%s\t%s",
! parse_vec[0], parse_vec[1],
! parse_vec[2],parse_vec[3]);
! }
! else {
sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
parse_vec[0], parse_vec[2],
parse_vec[3], chk_type_ch,
diff -c -r ./lib/hnam.c ../../fwtk-2.1-violated/fwtk/lib/hnam.c
*** ./lib/hnam.c Tue Dec 10 13:08:48 1996
--- ../../fwtk-2.1-violated/fwtk/lib/hnam.c Thu May 21 17:10:00 1998
***************
*** 23,28 ****
--- 23,33 ----
#include "firewall.h"
+ #ifdef __FreeBSD__ /* or OpenBSD, NetBSD, BSDI, etc. Fix this for your system. */
+ #include <net/if.h>
+ #include "ip_nat.h"
+ #endif /* __FreeBSD__ */
+
char *
maphostname(name)
***************
*** 49,52 ****
--- 54,132 ----
}
bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
return(inet_ntoa(sin.sin_addr));
+ }
+
+ char *getdsthost(fd, ptr)
+ int fd;
+ int *ptr;
+ {
+ struct sockaddr_in sin;
+ struct hostent * hp;
+ int sl = sizeof(struct sockaddr_in), err = 0, local_h = 0, i = 0;
+ char buf[255], hostbuf[255];
+ #ifdef __FreeBSD__
+ struct sockaddr_in rsin;
+ struct natlookup natlookup;
+ #endif
+
+ #ifdef linux
+ if (!(err = getsockname(0, &sin, &sl))) {
+ if(ptr)
+ * ptr = ntohs(sin.sin_port);
+
+ sprintf(buf, "%s", inet_ntoa(sin.sin_addr));
+ gethostname(hostbuf, 254);
+ hp = gethostbyname(hostbuf);
+ while (hp->h_addr_list[i]) {
+ bzero(&sin, &sl);
+ memcpy(&sin.sin_addr, hp->h_addr_list[i++],
+ sizeof(hp->h_addr_list[i++]));
+
+ if (!strcmp(buf, inet_ntoa(sin.sin_addr)))
+ local_h++;
+ }
+
+ if(local_h)
+ return(NULL);
+ else
+ return(buf);
+ }
+ #endif
+
+ #ifdef __FreeBSD__
+ /* The basis for this block of code is Darren Reed's
+ * patches to the TIS ftwk's ftp-gw.
+ */
+ bzero((char*)&sin, sizeof(sin));
+ bzero((char*)&rsin, sizeof(rsin));
+
+ if (getsockname(fd, (struct sockaddr*)&sin, &sl) < 0)
+ return NULL;
+
+ sl = sizeof(rsin);
+
+ if(getpeername(fd, (struct sockaddr*)&rsin, &sl) < 0)
+ return NULL;
+
+ natlookup.nl_inport=sin.sin_port;
+ natlookup.nl_outport=rsin.sin_port;
+ natlookup.nl_inip=sin.sin_addr;
+ natlookup.nl_outip=rsin.sin_addr;
+
+ if ((natfd = open("/dev/ipl",O_RDONLY)) < 0)
+ return NULL;
+
+ if (ioctl(natfd, SIOCGNATL,&natlookup) == (-1))
+ return NULL;
+
+ close(natfd);
+
+ if (ptr)
+ *ptr = ntohs(natlookup.nl_inport);
+
+ sprintf(buf, "%s", inet_ntoa(natlookup.nl_inip));
+ #endif
+
+ /* No transparent proxy support */
+ return(NULL);
}
diff -c -r ./plug-gw/plug-gw.c ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c
*** ./plug-gw/plug-gw.c Thu Feb 5 19:07:35 1998
--- ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c Thu May 21 17:29:01 1998
***************
*** 43,48 ****
--- 43,50 ----
static char **validdests = (char **)0;
static int net_write();
+ static int do_transparent = 0;
+
main(ac,av)
int ac;
char *av[];
***************
*** 198,206 ****
--- 200,220 ----
char *ptr;
int state = 0;
int ssl_plug = 0;
+ char * getdsthost();
+ int pport = 0;
struct timeval timo;
+ /* Transparent plug-gw is probably a bad idea, but then, plug-gw is a bad
+ * idea ..
+ */
+ dhost = getdsthost(0, &pport);
+ if (dhost) {
+ do_transparent++;
+ portid = pport;
+ }
+
+
if(c->flags & PERM_DENY) {
if (p == -1)
syslog(LLEV,"deny host=%.512s/%.20s port=any",rhost,raddr);
***************
*** 220,226 ****
syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
exit (1);
}
! dhost = av[x];
continue;
}
--- 234,241 ----
syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
exit (1);
}
! if (!dhost)
! dhost = av[x];
continue;
}
diff -c -r ./rlogin-gw/rlogin-gw.c ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c
*** ./rlogin-gw/rlogin-gw.c Thu Feb 5 19:08:38 1998
--- ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c Thu May 21 17:20:25 1998
***************
*** 103,108 ****
--- 103,111 ----
static int trusted = 0;
static int doX = 0;
static char *prompt;
+ static int do_transparent = 0;
+
+ char * getdsthost();
main(ac,av)
int ac;
***************
*** 123,128 ****
--- 126,132 ----
static char *tokav[56];
int tokac;
struct timeval timo;
+ char * psychic;
#ifndef LOG_NDELAY
openlog("rlogin-gw",LOG_PID);
***************
*** 188,194 ****
xforwarder = cf->argv[0];
}
!
if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
if(cf->argc != 1) {
--- 192,203 ----
xforwarder = cf->argv[0];
}
! psychic = getdsthost(0, NULL);
! if (psychic) {
! do_transparent++;
! strncpy(dest, psychic, 511);
! dest[511] = '\0';
! }
if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
if(cf->argc != 1) {
***************
*** 266,271 ****
--- 275,281 ----
if((p = index(rusername,'@')) != (char *)0) {
char *namp;
+ dest[0] = '\0';
*p++ = '\0';
if(*p == '\0')
p = "localhost";
***************
*** 297,302 ****
--- 307,326 ----
if(dest[0] != '\0') {
/* Setup connection directly to remote machine */
+ if ((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
+ if (cf->argc != 1) {
+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
+ exit(1);
+ }
+
+ if (sayfile(0, cf->argv[0])) {
+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
+ exit(1);
+ }
+ }
+
+ /* Hey fwtk developer people -- this connect_dest thing is *nasty!* */
+
sprintf(buf,"connect %.1000s",dest);
tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf));
if (cmd_connect(tokac, tokav, buf) != 2)
***************
*** 535,548 ****
char ebuf[512];
syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp);
! if(strlen(namp) > 20)
! namp[20] = '\0';
! if(rusername[0] != '\0')
! sprintf(ebuf,"Trying %s@%s...",rusername,namp);
! else
! sprintf(ebuf,"Trying %s...",namp);
! if(say(0,ebuf))
! return(1);
} else
syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]);
if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
--- 559,574 ----
char ebuf[512];
syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp);
! if (!do_transparent) {
! if(strlen(namp) > 20)
! namp[20] = '\0';
! if(rusername[0] != '\0')
! sprintf(ebuf,"Trying %s@%s...",rusername,namp);
! else
! sprintf(ebuf,"Trying %s...",namp);
! if(say(0,ebuf))
! return(1);
! }
} else
syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]);
if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
diff -c -r ./tn-gw/tn-gw.c ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c
*** ./tn-gw/tn-gw.c Thu Feb 5 19:11:36 1998
--- ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c Thu May 21 17:25:06 1998
***************
*** 91,96 ****
--- 91,100 ----
static int cmd_xforward();
static int cmd_timeout();
+ char * getdsthost();
+
+ static int do_transparent = 0;
+
static int tn3270 = 1; /* don't do tn3270 stuff */
static int doX;
***************
*** 144,149 ****
--- 148,155 ----
char tokbuf[BSIZ];
char *tokav[56];
int tokac;
+ int port;
+ char * psychic;
#ifndef LOG_DAEMON
openlog("tn-gw",LOG_PID);
***************
*** 325,330 ****
--- 331,362 ----
}
}
+ psychic = getdsthost(0, &port);
+ if (psychic) {
+ if ((strlen(psychic) + 10) < 510) {
+ do_transparent++;
+ if (port)
+ sprintf(dest, "%s:%d", psychic, port);
+ else
+ sprintf(dest, "%s", psychic);
+
+ if (!welcomedone)
+ if ((cf = cfg_get("welcome-msg", confp)) != (Cfg *)0) {
+ if (cf->argc != 1) {
+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
+ exit(1);
+ }
+
+ if (sayfile(0, cf->argv[0])) {
+ syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
+ exit(1);
+ }
+
+ welcomedone = 1;
+ }
+ }
+ }
+
while (argc > 1) {
argc--;
argv++;
***************
*** 947,955 ****
char ebuf[512];
syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp);
! sprintf(ebuf,"Trying %.100s port %d...",namp,port);
! if(say(0,ebuf))
! return(1);
} else
syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
--- 979,989 ----
char ebuf[512];
syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp);
! if (!do_transparent) {
! sprintf(ebuf,"Trying %.100s port %d...",namp,port);
! if(say(0,ebuf))
! return(1);
! }
} else
syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
***************
*** 991,998 ****
syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
strncpy(dest,av[1], 511);
! sprintf(buf, "Connected to %.512s.", dest);
! say(0, buf);
return(2);
}
--- 1025,1034 ----
syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
strncpy(dest,av[1], 511);
! if (!do_transparent) {
! sprintf(buf, "Connected to %.512s.", dest);
! say(0, buf);
! }
return(2);
}

82
contrib/ipfilter/FWTK/tproxy.diff
View File

@ -1,82 +0,0 @@
*** tproxy.c.orig Fri Dec 20 10:53:24 1996
--- tproxy.c Sun Jan 3 11:33:55 1999
***************
*** 135,140 ****
--- 135,144 ----
#include <netinet/in.h>
#include <sys/signal.h>
#include <syslog.h>
+ #include <unistd.h>
+ #include <fcntl.h>
+ #include <sys/ioctl.h>
+ #include <net/if.h>
#include "tproxy.h"
#ifdef AIX
***************
*** 147,152 ****
--- 151,159 ----
#define bzero(buf,size) memset(buf, '\0', size);
#endif /* SYSV */
+ #include "ip_compat.h"
+ #include "ip_fil.h"
+ #include "ip_nat.h"
/* socket to audio server */
***************
*** 324,329 ****
--- 331,369 ----
char localbuf[2048];
void timeout();
extern int errno;
+ /*
+ * IP-Filter block
+ */
+ struct sockaddr_in laddr, faddr;
+ struct natlookup natlookup;
+ int slen, natfd;
+
+ bzero((char *)&laddr, sizeof(laddr));
+ bzero((char *)&faddr, sizeof(faddr));
+ slen = sizeof(laddr);
+ if (getsockname(0, (struct sockaddr *)&laddr, &slen) < 0)
+ return -1;
+ slen = sizeof(faddr);
+ if (getpeername(0, (struct sockaddr *)&faddr, &slen) < 0)
+ return -1;
+ natlookup.nl_inport = laddr.sin_port;
+ natlookup.nl_outport = faddr.sin_port;
+ natlookup.nl_inip = laddr.sin_addr;
+ natlookup.nl_outip = faddr.sin_addr;
+ natlookup.nl_flags = IPN_TCP;
+ if ((natfd = open(IPL_NAT, O_RDONLY)) < 0)
+ return -1;
+ if (ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
+ syslog(LOG_ERR, "SIOCGNATL failed: %m\n");
+ close(natfd);
+ return -1;
+ }
+ close(natfd);
+ strcpy(hostname, inet_ntoa(natlookup.nl_realip));
+ serverport = ntohs(natlookup.nl_realport);
+ /*
+ * End of IP-Filter block
+ */
/* setup a timeout in case dialog doesn't finish */
signal(SIGALRM, timeout);
***************
*** 337,344 ****
--- 377,386 ----
* and modify the call to (and subroutine) serverconnect() as
* appropriate.
*/
+ #if 0
strcpy(hostname, "randomhostname");
serverport = 7070;
+ #endif
/* Can we connect to the server */
if ( (serverfd = serverconnect(hostname, serverport)) < 0 ) {
/* errno may still be set from previous call */

24
contrib/ipfilter/FreeBSD-4.0/INST.FreeBSD-4
View File

@ -1,24 +0,0 @@
To build a kernel with the IP filter, follow these seven steps:
1. do "make freebsd4"
2. do "make install-bsd"
(probably has to be done as root)
3. run "FreeBSD-4.0/kinstall" as root
4. build a new kernel
5. install the new kernel
6. If not using DEVFS, create devices for IP Filter as follows:
mknod /dev/ipl c 79 0
mknod /dev/ipnat c 79 1
mknod /dev/ipstate c 79 2
mknod /dev/ipauth c 79 3
7. reboot
Darren Reed
darrenr@pobox.com

2
contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0
View File

@ -1,4 +1,4 @@
.\" $NetBSD$
.\" $FreeBSD$
.\"
*** ip6_input.c.orig Sun Feb 13 14:32:01 2000
--- ip6_input.c Wed Apr 26 22:31:34 2000

2
contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1
View File

@ -1,4 +1,4 @@
.\" $NetBSD$
.\" $FreeBSD$
.\"
*** ip6_input.c.orig Sat Jul 15 07:14:34 2000
--- ip6_input.c Thu Oct 19 17:14:37 2000

2
contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2
View File

@ -1,4 +1,4 @@
.\" $NetBSD$
.\" $FreeBSD$
.\"
*** ip6_input.c.orig Sat Jul 15 07:14:34 2000
--- ip6_input.c Thu Oct 19 17:14:37 2000

2
contrib/ipfilter/INST.FreeBSD-2.2
View File

@ -1,4 +1,4 @@
.\" $NetBSD$
.\" $FreeBSD$
.\"
To build a kernel for use with the loadable kernel module, follow these

332
contrib/ipfilter/Makefile
View File

@ -1,24 +1,28 @@
#
# Copyright (C) 1993-2001 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
# Redistribution and use in source and binary forms are permitted
# provided that this notice is preserved and due credit is given
# to the original author and the contributors.
#
# $FreeBSD$
# $Id: Makefile,v 2.11.2.15 2002/12/02 04:22:56 darrenr Exp $
# Id: Makefile,v 2.76.2.13 2004/11/08 18:42:40 darrenr Exp
#
SHELL=/bin/sh
BINDEST=/usr/local/bin
SBINDEST=/sbin
MANDIR=/usr/local/man
#To test prototyping
CC=gcc -Wstrict-prototypes -Wmissing-prototypes
#CC=gcc -Wstrict-prototypes -Wmissing-prototypes
# -Wunused -Wuninitialized
#CC=gcc
#CC=cc -Dconst=
DEBUG=-g
TOP=../..
CFLAGS=-I$$(TOP)
# -O
CFLAGS=-I$$(TOP) -D_BSD_SOURCE
CPU=`uname -m`
CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`
IPFILKERN=`/bin/ls -1tr /usr/src/sys/compile | grep -v .bak | tail -1`
OBJ=.
#
# To enable this to work as a Loadable Kernel Module...
#
@ -28,14 +32,53 @@ IPFLKM=-DIPFILTER_LKM
#
IPFLOG=-DIPFILTER_LOG
#
# To enable loading filter rules compiled to C code...
#
#COMPIPF=-DIPFILTER_COMPILED
#
# To enable synchronisation between IPFilter hosts
#
#SYNC=-DIPFILTER_SYNC
#
# To enable extended IPFilter functionality
#
LOOKUP=-DIPFILTER_LOOKUP -DIPFILTER_SCAN
#
# The facility you wish to log messages from ipmon to syslogd with.
#
LOGFAC=-DLOGFAC=LOG_SECURITY
#
# To enable rules to be written with BPF syntax, uncomment these two lines.
#
# WARNING: If you're building a commercial product based on IPFilter, using
# this options *may* infringe at least one patent held by CheckPoint
# (5,606,668.)
#
#IPFBPF=-DIPFILTER_BPF -I/usr/local/include
#LIBBPF=-L/usr/local/lib -lpcap
#
# HP-UX and Solaris require this uncommented for BPF.
#
#BPFILTER=bpf_filter.o
#
# LINUXKERNEL is the path to the top of your Linux kernel source tree.
# By default IPFilter looks for /usr/src/linux, but you may have to change
# it to /usr/src/linux-2.4 or similar.
#
LINUXKERNEL=/usr/src/linux
LINUX=`uname -r | awk -F. ' { printf"%d",$$1;for(i=1;i<NF&&i<3;i++){printf("%02d",$$(i+1));}}'`
#
# All of the compile-time options are here, used for compiling the userland
# tools for regression testing. Well, all except for IPFILTER_LKM, of course.
#
ALLOPTS=-DIPFILTER_LOG -DIPFILTER_LOOKUP \
-DIPFILTER_SCAN -DIPFILTER_SYNC -DIPFILTER_CKSUM
#
# Uncomment the next 3 lines if you want to view the state table a la top(1)
# (requires that you have installed ncurses).
STATETOP_CFLAGS=-DSTATETOP
#STATETOP_CFLAGS=-DSTATETOP
#
# Where to find the ncurses include files (if not in default path),
#
@ -44,7 +87,7 @@ STATETOP_CFLAGS=-DSTATETOP
#
# How to link the ncurses library
#
STATETOP_LIB=-lcurses
#STATETOP_LIB=-lncurses
#STATETOP_LIB=-L/usr/local/lib -lncurses
#
@ -60,14 +103,16 @@ STATETOP_LIB=-lcurses
#
POLICY=-DIPF_DEFAULT_PASS=FR_PASS
#
MFLAGS1='CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2) $(INET6) $(IPFLOG)' \
MFLAGS1='CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2) $(SGIREV) $(INET6)' \
"IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
"CPUDIR=$(CPUDIR)" 'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' \
"LIBBPF=$(LIBBPF)" "CPUDIR=$(CPUDIR)" "IPFBPF=$(IPFBPF)" \
'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' "BPFILTER=$(BPFILTER)" \
'STATETOP_INC=$(STATETOP_INC)' 'STATETOP_LIB=$(STATETOP_LIB)' \
"BITS=$(BITS)" "OBJ=$(OBJ)"
DEST="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)"
"BITS=$(BITS)" "OBJ=$(OBJ)" "LOOKUP=$(LOOKUP)" "COMPIPF=$(COMPIPF)" \
'SYNC=$(SYNC)' 'ALLOPTS=$(ALLOPTS)' 'LIBBPF=$(LIBBPF)'
MFLAGS=$(MFLAGS1) "IPFLKM=$(IPFLKM)"
MACHASSERT=`/bin/ls -1 /usr/sys/*/mach_assert.h | head -1`
#
SHELL=/bin/sh
#
@ -89,227 +134,248 @@ all:
@echo "freebsd22 - compile for FreeBSD-2.2 or greater"
@echo "freebsd3 - compile for FreeBSD-3.x"
@echo "freebsd4 - compile for FreeBSD-4.x"
@echo "freebsd5 - compile for FreeBSD-5.x"
@echo "bsd - compile for generic 4.4BSD systems"
@echo "bsdi - compile for BSD/OS"
@echo "irix - compile for SGI IRIX"
@echo "hpux - compile for HP-UX 11.00"
@echo "osf - compile for OSF/Tru64 5.1"
@echo ""
tests:
@if [ -d test ]; then (cd test; make) \
else echo test directory not present, sorry; fi
retest:
@if [ -d test ]; then (cd test; make clean && make) \
else echo test directory not present, sorry; fi
include:
if [ ! -f netinet/done ] ; then \
(cd netinet; ln -s ../*.h .; ln -s ../ip_*_pxy.c .; ); \
(cd netinet; ln -s ../*.h .; ln -s ../ip_*_pxy.c .;); \
(cd netinet; ln -s ../ipsend/tcpip.h tcpip.h); \
touch netinet/done; \
fi
-(cd netinet; ln -s ../ip_rules.h ip_rules.h)
if [ ! -f net/done ] ; then \
(cd net; ln -s ../radix_ipf.h .; ); \
touch net/done; \
fi
sunos solaris: include
CC="$(CC)" ./buildsunos
MAKE="$(MAKE)" MAKEFLAGS="$(MAKEFLAGS)" BPFILTER=$(BPFILTER) \
CC="$(CC)" DEBUG="$(DEBUG)" ./buildsunos
freebsd22: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
-rm -f BSD/$(CPUDIR)/ioconf.h
@if [ -n $(IPFILKERN) ] ; then \
-if [ x$(IPFILKERN) != x ] ; then \
if [ -f /sys/compile/$(IPFILKERN)/ioconf.h ] ; then \
ln -s /sys/compile/$(IPFILKERN)/ioconf.h BSD/$(CPUDIR); \
ln -s /sys/compile/$(IPFILKERN)/ioconf.h BSD/$$y; \
else \
ln -s /sys/$(IPFILKERN)/ioconf.h BSD/$(CPUDIR); \
ln -s /sys/$(IPFILKERN)/ioconf.h BSD/$$y; \
fi \
elif [ ! -f `uname -v|sed -e 's@^.*:\(/[^: ]*\).*@\1@'`/ioconf.h ] ; then \
echo -n "Can't find ioconf.h in "; \
echo `uname -v|sed -e 's@^.*:\(/[^: ]*\).*@\1@'`; \
exit 1;\
else \
ln -s `uname -v|sed -e 's@^.*:\(/[^: ]*\).*@\1@'`/ioconf.h BSD/$(CPU) ; \
x=`uname -v|sed -e 's@^.*:\(/[^: ]*\).*$$@\1/ioconf.h@'`; \
y=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`; \
if [ ! -f $$x ] ; then \
echo -n "Can't find ioconf.h at $$x "; \
exit 1;\
else \
ln -s $$x BSD/$$y ; \
fi \
fi
make freebsd20
freebsd4: include
if [ x$INET6 = x ] ; then \
freebsd5: include
if [ x$(INET6) = x ] ; then \
echo "#undef INET6" > opt_inet6.h; \
else \
echo "#define INET6" > opt_inet6.h; \
fi
if [ x$(ENABLE_PFIL) = x ] ; then \
echo "#undef PFIL_HOOKS" > opt_pfil.h; \
else \
echo "#define PFIL_HOOKS" > opt_pfil.h; \
fi
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko.5" "LKMR=ipfrule.ko.5" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
freebsd4 : include
if [ x$(INET6) = x ] ; then \
echo "#undef INET6" > opt_inet6.h; \
else \
echo "#define INET6" > opt_inet6.h; \
fi
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko" "DLKM=-DKLD_MODULE -I/sys"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS1); cd ..)
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko" "LKMR=ipfrule.ko" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
freebsd3 freebsd30: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS1) "ML=mlf_ipl.c" LKM= ; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS1); cd ..)
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS1) "ML=mlf_ipl.c" "MLR=mlf_rule.o" LKM= LKMR=; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
netbsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" LKMR= "MLR=mln_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
openbsd openbsd21: include
openbsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mlo_ipl.c" LKMR= "MLR=mlo_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
freebsd20 freebsd21: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlf_ipl.c"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlf_ipl.c" "MLR=mlf_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
osf tru64: null include
make setup "TARGOS=OSF" "CPUDIR=`OSF/cpurev`"
(cd OSF/`OSF/cpurev`; make build TRU64=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "MACHASSERT=$(MACHASSERT)" "OSREV=`../cpurev`"; cd ..)
(cd OSF/`OSF/cpurev`; make -f Makefile.ipsend build TRU64=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..)
bsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS); cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" "MLR=mln_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
bsdi bsdos: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build "CC=$(CC)" TOP=../.. $(MFLAGS) LKM= ; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend "CC=$(CC)" TOP=../.. $(MFLAGS); cd ..)
(cd BSD/$(CPUDIR); make build "CC=$(CC)" TOP=../.. $(MFLAGS) LKM= LKMR= ; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build "CC=$(CC)" TOP=../.. $(MFLAGS); cd ..)
irix IRIX: include
make setup "TARGOS=IRIX" "CPUDIR=$(CPUDIR)"
-(cd IRIX/$(CPUDIR); if [ $(MAKE) = make ] ; then make -f Makefile.std build TOP=../.. $(DEST) SGI=`../getrev` $(MFLAGS); else smake build SGI=`../getrev` TOP=../.. $(DEST) $(MFLAGS); fi;)
-(cd IRIX/$(CPUDIR); if [ $(MAKE) = make ] ; then make -f Makefile.ipsend.std SGI=`../getrev` TOP=../.. $(DEST) $(MFLAGS); else smake -f Makefile.ipsend SGI=`../getrev` TOP=../.. $(DEST) $(MFLAGS); fi)
linux: include
make setup "TARGOS=Linux" "CPUDIR=$(CPUDIR)"
./buildlinux
linuxrev:
(cd Linux/$(CPUDIR); make build TOP=../.. $(DEST) $(MFLAGS) LKM= ; cd ..)
(cd Linux/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(DEST) $(MFLAGS); cd ..)
make setup TARGOS=IRIX CPUDIR=`IRIX/cpurev`
if [ "x${SGIREV}" = "x" ] ; then \
make irix "SGIREV=-D_KMEMUSER -DIRIX=`IRIX/getrev`"; \
else \
(cd IRIX/`IRIX/cpurev`; smake -l -J 1 build TOP=../.. $(DEST) $(MFLAGS) IRIX=`../getrev` SGI=$$(IRIX) CPUDIR=`../cpurev`; cd ..); \
(cd IRIX/`IRIX/cpurev`; make -f Makefile.ipsend build TOP=../.. $(DEST) $(MFLAGS) IRIX=`../getrev` SGI=$$(IRIX) CPUDIR=`../cpurev`; cd ..); \
fi
setup:
-if [ ! -d $(TARGOS)/$(CPUDIR) ] ; then mkdir $(TARGOS)/$(CPUDIR); fi
-rm -f $(TARGOS)/$(CPUDIR)/Makefile $(TARGOS)/$(CPUDIR)/Makefile.ipsend
-ln -s ../Makefile $(TARGOS)/$(CPUDIR)/Makefile
-if [ ! -f $(TARGOS)/$(CPUDIR)/Makefile.std -a \
-f $(TARGOS)/Makefile.std ] ; then \
ln -s ../Makefile.std $(TARGOS)/$(CPUDIR)/Makefile.std; \
fi
-if [ ! -f $(TARGOS)/$(CPUDIR)/Makefile.ipsend.std -a \
-f $(TARGOS)/Makefile.ipsend.std ] ; then \
ln -s ../Makefile.ipsend.std $(TARGOS)/$(CPUDIR)/Makefile.ipsend.std; \
fi
-ln -s ../Makefile.ipsend $(TARGOS)/$(CPUDIR)/Makefile.ipsend
-if [ -f $(TARGOS)/Makefile.common ] ; then \
rm -f $(TARGOS)/$(CPUDIR)/Makefile.common; \
ln -s ../Makefile.common $(TARGOS)/$(CPUDIR)/Makefile.common;\
fi
clean: clean-include
/bin/rm -rf h y.output
${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl \
vnode_if.h $(LKM) *~
${RM} -rf sparcv7 sparcv9
(cd SunOS4; make clean)
(cd SunOS5; make clean)
(cd BSD; make clean)
(cd Linux; make clean)
if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; make clean); fi
[ -d test ] && (cd test; make clean)
(cd ipsend; make clean)
/bin/rm -rf sparcv7 sparcv9 mdbgen_build
(cd SunOS4; $(MAKE) TOP=.. clean)
-(cd SunOS5; $(MAKE) TOP=.. clean)
(cd BSD; $(MAKE) TOP=.. clean)
(cd HPUX; $(MAKE) BITS=32 TOP=.. clean)
(cd Linux; $(MAKE) TOP=.. clean)
(cd OSF; $(MAKE) TOP=.. clean)
if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; $(MAKE) clean); fi
[ -d test ] && (cd test; $(MAKE) clean)
(cd ipsend; $(MAKE) clean)
clean-include:
sh -c 'cd netinet; for i in *; do if [ -h $$i ] ; then /bin/rm -f $$i; fi; done'
${RM} -f netinet/done
sh -c 'if [ -d netinet ] ; then cd netinet; for i in *; do if [ -h $$i ] ; then /bin/rm -f $$i; fi; done fi'
sh -c 'if [ -d net ] ; then cd net; for i in *; do if [ -h $$i ] ; then /bin/rm -f $$i; fi; done fi'
${RM} -f netinet/done net/done
clean-bsd: clean-include
(cd BSD; make clean)
(cd BSD; make TOP=.. clean)
clean-hpux: clean-include
(cd HPUX; $(MAKE) BITS=32 clean)
clean-osf: clean-include
(cd OSF; make clean)
clean-linux: clean-include
(cd Linux; make clean)
clean-sunos4: clean-include
(cd SunOS4; make clean)
clean-sunos5: clean-include
(cd SunOS5; make clean)
(cd SunOS5; $(MAKE) clean)
/bin/rm -rf sparcv?
clean-irix: clean-include
(cd IRIX; make clean)
(cd IRIX; $(MAKE) clean)
clean-linux: clean-include
(cd Linux; make clean)
h/xti.h:
mkdir -p h
ln -s /usr/include/sys/xti.h h
get:
-@for i in ipf.c ipt.h solaris.c ipf.h kmem.c ipft_ef.c linux.h \
ipft_pc.c fil.c ipft_sn.c mln_ipl.c fils.c ipft_td.c \
mls_ipl.c ip_compat.h ipl.h opt.c ip_fil.c ipl_ldev.c \
parse.c ip_fil.h ipmon.c pcap.h ip_sfil.c ipt.c snoop.h \
ip_state.c ip_state.h ip_nat.c ip_nat.h ip_frag.c \
ip_frag.h ip_sfil.c misc.c; do \
if [ ! -f $$i ] ; then \
echo "getting $$i"; \
sccs get $$i; \
fi \
done
hpux: include h/xti.h
make setup CPUDIR=`HPUX/cpurev` TARGOS=HPUX
(cd HPUX/`HPUX/cpurev`; $(MAKE) build TOP=../.. $(DEST) $(MFLAGS) "BITS=`getconf KERNEL_BITS`" `../makeargs`; cd ..)
(cd HPUX/`HPUX/cpurev`; $(MAKE) -f Makefile.ipsend build TOP=../.. $(DEST) $(MFLAGS) "BITS=`getconf KERNEL_BITS`" `../makeargs`; cd ..)
sunos4 solaris1: null
sunos4 solaris1:
(cd SunOS4; make build TOP=.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
(cd SunOS4; make -f Makefile.ipsend "CC=$(CC)" TOP=.. $(DEST) $(MFLAGS); cd ..)
(cd SunOS4; make -f Makefile.ipsend build "CC=$(CC)" TOP=.. $(DEST) $(MFLAGS); cd ..)
sunos5 solaris2: null
(cd SunOS5/$(CPUDIR); make build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Dsparc -D__sparc__"; cd ..)
(cd SunOS5/$(CPUDIR); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
(cd SunOS5/$(CPUDIR); $(MAKE) build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Dsparc -D__sparc__"; cd ..)
(cd SunOS5/$(CPUDIR); $(MAKE) -f Makefile.ipsend build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
sunos5x86 solaris2x86: null
(cd SunOS5/$(CPUDIR); make build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Di86pc -Di386 -D__i386__"; cd ..)
(cd SunOS5/$(CPUDIR); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
(cd SunOS5/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
install-linux:
(cd Linux/$(CPUDIR); make install "TOP=../.." $(DEST) $(MFLAGS); cd ..)
(cd Linux/$(CPUDIR); make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(DEST) $(MFLAGS); cd ..)
linux: include
(cd Linux; make build LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) LINUXKERNEL=$(LINUXKERNEL); cd ..)
(cd Linux; make ipflkm LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) LINUXKERNEL=$(LINUXKERNEL) WORKDIR=`pwd`; cd ..)
# (cd Linux; make -f Makefile.ipsend build LINUX=$(LINUX) TOP=.. "CC=$(CC)" $(MFLAGS); cd ..)
install-linux: linux
(cd Linux/; make LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) install ; cd ..)
install-bsd:
(cd BSD/$(CPUDIR); make install "TOP=../.." $(MFLAGS); cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..)
install-sunos4: solaris
(cd SunOS4; $(MAKE) "CPU=$(CPU)" "TOP=.." install)
(cd SunOS4; $(MAKE) CPU=$(CPU) TOP=.. install)
install-sunos5: solaris
(cd SunOS5; $(MAKE) "CPUDIR=`uname -p`-`uname -r`" "CPU=$(CPU) TOP=.." install)
install-sunos5: solaris null
(cd SunOS5; $(MAKE) CPU=$(CPU) TOP=.. install)
install-hpux: hpux
(cd HPUX/`HPUX/cpurev`; $(MAKE) CPU=$(CPU) TOP=../.. "BITS=`getconf KERNEL_BITS`" install)
install-irix: irix
(cd IRIX; smake install "CPU=$(CPU) TOP=.." $(DEST) $(MFLAGS))
(cd IRIX; smake install CPU=$(CPU) TOP=.. $(DEST) $(MFLAGS) CPUDIR=`./cpurev`)
rcsget:
-@for i in ipf.c ipt.h solaris.c ipf.h kmem.c ipft_ef.c linux.h \
ipft_pc.c fil.c ipft_sn.c mln_ipl.c fils.c ipft_td.c \
mls_ipl.c ip_compat.h ipl.h opt.c ip_fil.c ipl_ldev.c \
parse.c ip_fil.h ipmon.c pcap.h ip_sfil.c ipt.c snoop.h \
ip_state.c ip_state.h ip_nat.c ip_nat.h ip_frag.c \
ip_frag.h ip_sfil.c misc.c; do \
if [ ! -f $$i ] ; then \
echo "getting $$i"; \
co $$i; \
fi \
done
install-osf install-tru64:
(cd OSF/`OSF/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..)
(cd OSF/`OSF/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..)
do-cvs:
find . -type d -name CVS -print | xargs /bin/rm -rf
find . -type f -name .cvsignore -print | xargs /bin/rm -f
/bin/rm -f ip_msnrpc_pxy.c ip_sunrpc_pxy.c
ip_rules.c ip_rules.h: rules/ip_rules tools/ipfcomp.c
-./ipf -n -cc -f rules/ip_rules 2>/dev/null 1>&2
null:
-@if [ "`$(MAKE) -v 2>&1 | sed -ne 's/GNU.*/GNU/p'`" = "GNU" ] ; then \
@if [ "`$(MAKE) -v 2>&1 | sed -ne 's/GNU.*/GNU/p'`" = "GNU" ] ; then \
echo 'Do not use GNU make (gmake) to compile IPFilter'; \
exit 1; \
fi
-@echo make ok
test-solaris test-sunos4 test-sunos5: solaris
(cd test && make clean && make)
test-freebsd: freebsd
(cd test && make clean && make)
test-freebsd22: freebsd22
(cd test && make clean && make)
test-freebsd3: freebsd3
(cd test && make clean && make)
test-freebsd4: freebsd4
(cd test && make clean && make)
test-netbsd: netbsd
(cd test && make clean && make)
test-openbsd: openbsd
(cd test && make clean && make)
test-irix: irix
(cd test && make clean && make)
mdb:
/bin/rm -rf mdbgen_build
mdbgen -D_KERNEL -DIPFILTER_LOG -DIPFILTER_LOOKUP -DSUNDDI \
-DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \
-I/home/dr146992/pfil -I/home/dr146992/ipf -f \
/usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h

10
contrib/ipfilter/UPGRADE_NOTICE
View File

@ -1,10 +0,0 @@
NOTE: To all those upgrading from versions prior to 3.2.11 who used NAT
AND setup ACL's to allow untranslated address through from outside,
THIS HAS BEEN FIXED
so your ACL's will now be `broken'. Please correct your ACL's to
match the the untranslated addresses (the way it was meant to work).
Darren

2
contrib/ipfilter/bpf-ipf.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*-
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997

450
contrib/ipfilter/bpf.h
View File

@ -1,450 +0,0 @@
/*-
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* This code is derived from the Stanford/CMU enet packet filter,
* (net/enet.c) distributed as part of 4.3BSD, and code contributed
* to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
* Berkeley Laboratory.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
*
* @(#) $Header: /devel/CVS/IP-Filter/Attic/bpf.h,v 1.1.2.1 2002/11/07 13:18:35 darrenr Exp $ (LBL)
*/
#ifndef BPF_MAJOR_VERSION
#ifdef __cplusplus
extern "C" {
#endif
/* BSD style release date */
#define BPF_RELEASE 199606
typedef int bpf_int32;
typedef u_int bpf_u_int32;
/*
* Alignment macros. BPF_WORDALIGN rounds up to the next
* even multiple of BPF_ALIGNMENT.
*/
#ifndef __NetBSD__
#define BPF_ALIGNMENT sizeof(bpf_int32)
#else
#define BPF_ALIGNMENT sizeof(long)
#endif
#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
#define BPF_MAXINSNS 512
#define BPF_MAXBUFSIZE 0x8000
#define BPF_MINBUFSIZE 32
/*
* Structure for BIOCSETF.
*/
struct bpf_program {
u_int bf_len;
struct bpf_insn *bf_insns;
};
/*
* Struct returned by BIOCGSTATS.
*/
struct bpf_stat {
u_int bs_recv; /* number of packets received */
u_int bs_drop; /* number of packets dropped */
};
/*
* Struct return by BIOCVERSION. This represents the version number of
* the filter language described by the instruction encodings below.
* bpf understands a program iff kernel_major == filter_major &&
* kernel_minor >= filter_minor, that is, if the value returned by the
* running kernel has the same major number and a minor number equal
* equal to or less than the filter being downloaded. Otherwise, the
* results are undefined, meaning an error may be returned or packets
* may be accepted haphazardly.
* It has nothing to do with the source code version.
*/
struct bpf_version {
u_short bv_major;
u_short bv_minor;
};
/* Current version number of filter architecture. */
#define BPF_MAJOR_VERSION 1
#define BPF_MINOR_VERSION 1
/*
* BPF ioctls
*
* The first set is for compatibility with Sun's pcc style
* header files. If your using gcc, we assume that you
* have run fixincludes so the latter set should work.
*/
#if (defined(sun) || defined(ibm032)) && !defined(__GNUC__)
#define BIOCGBLEN _IOR(B,102, u_int)
#define BIOCSBLEN _IOWR(B,102, u_int)
#define BIOCSETF _IOW(B,103, struct bpf_program)
#define BIOCFLUSH _IO(B,104)
#define BIOCPROMISC _IO(B,105)
#define BIOCGDLT _IOR(B,106, u_int)
#define BIOCGETIF _IOR(B,107, struct ifreq)
#define BIOCSETIF _IOW(B,108, struct ifreq)
#define BIOCSRTIMEOUT _IOW(B,109, struct timeval)
#define BIOCGRTIMEOUT _IOR(B,110, struct timeval)
#define BIOCGSTATS _IOR(B,111, struct bpf_stat)
#define BIOCIMMEDIATE _IOW(B,112, u_int)
#define BIOCVERSION _IOR(B,113, struct bpf_version)
#define BIOCSTCPF _IOW(B,114, struct bpf_program)
#define BIOCSUDPF _IOW(B,115, struct bpf_program)
#else
#define BIOCGBLEN _IOR('B',102, u_int)
#define BIOCSBLEN _IOWR('B',102, u_int)
#define BIOCSETF _IOW('B',103, struct bpf_program)
#define BIOCFLUSH _IO('B',104)
#define BIOCPROMISC _IO('B',105)
#define BIOCGDLT _IOR('B',106, u_int)
#define BIOCGETIF _IOR('B',107, struct ifreq)
#define BIOCSETIF _IOW('B',108, struct ifreq)
#define BIOCSRTIMEOUT _IOW('B',109, struct timeval)
#define BIOCGRTIMEOUT _IOR('B',110, struct timeval)
#define BIOCGSTATS _IOR('B',111, struct bpf_stat)
#define BIOCIMMEDIATE _IOW('B',112, u_int)
#define BIOCVERSION _IOR('B',113, struct bpf_version)
#define BIOCSTCPF _IOW('B',114, struct bpf_program)
#define BIOCSUDPF _IOW('B',115, struct bpf_program)
#endif
/*
* Structure prepended to each packet.
*/
struct bpf_hdr {
struct timeval bh_tstamp; /* time stamp */
bpf_u_int32 bh_caplen; /* length of captured portion */
bpf_u_int32 bh_datalen; /* original length of packet */
u_short bh_hdrlen; /* length of bpf header (this struct
plus alignment padding) */
};
/*
* Because the structure above is not a multiple of 4 bytes, some compilers
* will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work.
* Only the kernel needs to know about it; applications use bh_hdrlen.
*/
#if defined(KERNEL) || defined(_KERNEL)
#define SIZEOF_BPF_HDR 18
#endif
/*
* Data-link level type codes.
*/
/*
* These are the types that are the same on all platforms; on other
* platforms, a <net/bpf.h> should be supplied that defines the additional
* DLT_* codes appropriately for that platform (the BSDs, for example,
* should not just pick up this version of "bpf.h"; they should also define
* the additional DLT_* codes used by their kernels, as well as the values
* defined here - and, if the values they use for particular DLT_ types
* differ from those here, they should use their values, not the ones
* here).
*/
#define DLT_NULL 0 /* no link-layer encapsulation */
#define DLT_EN10MB 1 /* Ethernet (10Mb) */
#define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */
#define DLT_AX25 3 /* Amateur Radio AX.25 */
#define DLT_PRONET 4 /* Proteon ProNET Token Ring */
#define DLT_CHAOS 5 /* Chaos */
#define DLT_IEEE802 6 /* IEEE 802 Networks */
#define DLT_ARCNET 7 /* ARCNET */
#define DLT_SLIP 8 /* Serial Line IP */
#define DLT_PPP 9 /* Point-to-point Protocol */
#define DLT_FDDI 10 /* FDDI */
/*
* These are values from the traditional libpcap "bpf.h".
* Ports of this to particular platforms should replace these definitions
* with the ones appropriate to that platform, if the values are
* different on that platform.
*/
#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
#define DLT_RAW 12 /* raw IP */
/*
* These are values from BSD/OS's "bpf.h".
* These are not the same as the values from the traditional libpcap
* "bpf.h"; however, these values shouldn't be generated by any
* OS other than BSD/OS, so the correct values to use here are the
* BSD/OS values.
*
* Platforms that have already assigned these values to other
* DLT_ codes, however, should give these codes the values
* from that platform, so that programs that use these codes will
* continue to compile - even though they won't correctly read
* files of these types.
*/
#ifdef __NetBSD__
#ifndef DLT_SLIP_BSDOS
#define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */
#endif
#else
#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
#endif
#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
/*
* These values are defined by NetBSD; other platforms should refrain from
* using them for other purposes, so that NetBSD savefiles with link
* types of 50 or 51 can be read as this type on all platforms.
*/
#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */
#define DLT_PPP_ETHER 51 /* PPP over Ethernet */
/*
* Values between 100 and 103 are used in capture file headers as
* link-layer types corresponding to DLT_ types that differ
* between platforms; don't use those values for new DLT_ new types.
*/
/*
* This value was defined by libpcap 0.5; platforms that have defined
* it with a different value should define it here with that value -
* a link type of 104 in a save file will be mapped to DLT_C_HDLC,
* whatever value that happens to be, so programs will correctly
* handle files with that link type regardless of the value of
* DLT_C_HDLC.
*
* The name DLT_C_HDLC was used by BSD/OS; we use that name for source
* compatibility with programs written for BSD/OS.
*
* libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
* for source compatibility with programs written for libpcap 0.5.
*/
#define DLT_C_HDLC 104 /* Cisco HDLC */
#define DLT_CHDLC DLT_C_HDLC
#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
/*
* Values between 106 and 107 are used in capture file headers as
* link-layer types corresponding to DLT_ types that might differ
* between platforms; don't use those values for new DLT_ new types.
*/
/*
* OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
* that the AF_ type in the link-layer header is in network byte order.
*
* OpenBSD defines it as 12, but that collides with DLT_RAW, so we
* define it as 108 here. If OpenBSD picks up this file, it should
* define DLT_LOOP as 12 in its version, as per the comment above -
* and should not use 108 as a DLT_ value.
*/
#define DLT_LOOP 108
/*
* Values between 109 and 112 are used in capture file headers as
* link-layer types corresponding to DLT_ types that might differ
* between platforms; don't use those values for new DLT_ types
* other than the corresponding DLT_ types.
*/
/*
* This is for Linux cooked sockets.
*/
#define DLT_LINUX_SLL 113
/*
* Apple LocalTalk hardware.
*/
#define DLT_LTALK 114
/*
* Acorn Econet.
*/
#define DLT_ECONET 115
/*
* Reserved for use with OpenBSD ipfilter.
*/
#define DLT_IPFILTER 116
/*
* Reserved for use in capture-file headers as a link-layer type
* corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD,
* but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it
* in capture-file headers.
*/
#define DLT_PFLOG 117
/*
* Registered for Cisco-internal use.
*/
#define DLT_CISCO_IOS 118
/*
* Reserved for 802.11 cards using the Prism II chips, with a link-layer
* header including Prism monitor mode information plus an 802.11
* header.
*/
#define DLT_PRISM_HEADER 119
/*
* Reserved for Aironet 802.11 cards, with an Aironet link-layer header
* (see Doug Ambrisko's FreeBSD patches).
*/
#define DLT_AIRONET_HEADER 120
/*
* Reserved for Siemens HiPath HDLC.
*/
#define DLT_HHDLC 121
/*
* Reserved for RFC 2625 IP-over-Fibre Channel, as per a request from
* Don Lee <donlee@cray.com>.
*
* This is not for use with raw Fibre Channel, where the link-layer
* header starts with a Fibre Channel frame header; it's for IP-over-FC,
* where the link-layer header starts with an RFC 2625 Network_Header
* field.
*/
#define DLT_IP_OVER_FC 122
/*
* The instruction encodings.
*/
/* instruction classes */
#define BPF_CLASS(code) ((code) & 0x07)
#define BPF_LD 0x00
#define BPF_LDX 0x01
#define BPF_ST 0x02
#define BPF_STX 0x03
#define BPF_ALU 0x04
#define BPF_JMP 0x05
#define BPF_RET 0x06
#define BPF_MISC 0x07
/* ld/ldx fields */
#define BPF_SIZE(code) ((code) & 0x18)
#define BPF_W 0x00
#define BPF_H 0x08
#define BPF_B 0x10
#define BPF_MODE(code) ((code) & 0xe0)
#define BPF_IMM 0x00
#define BPF_ABS 0x20
#define BPF_IND 0x40
#define BPF_MEM 0x60
#define BPF_LEN 0x80
#define BPF_MSH 0xa0
/* alu/jmp fields */
#define BPF_OP(code) ((code) & 0xf0)
#define BPF_ADD 0x00
#define BPF_SUB 0x10
#define BPF_MUL 0x20
#define BPF_DIV 0x30
#define BPF_OR 0x40
#define BPF_AND 0x50
#define BPF_LSH 0x60
#define BPF_RSH 0x70
#define BPF_NEG 0x80
#define BPF_JA 0x00
#define BPF_JEQ 0x10
#define BPF_JGT 0x20
#define BPF_JGE 0x30
#define BPF_JSET 0x40
#define BPF_SRC(code) ((code) & 0x08)
#define BPF_K 0x00
#define BPF_X 0x08
/* ret - BPF_K and BPF_X also apply */
#define BPF_RVAL(code) ((code) & 0x18)
#define BPF_A 0x10
/* misc */
#define BPF_MISCOP(code) ((code) & 0xf8)
#define BPF_TAX 0x00
#define BPF_TXA 0x80
/*
* The instruction data structure.
*/
struct bpf_insn {
u_short code;
u_char jt;
u_char jf;
bpf_int32 k;
};
/*
* Macros for insn array initializers.
*/
#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
#if defined(BSD) && (defined(KERNEL) || defined(_KERNEL))
/*
* Systems based on non-BSD kernels don't have ifnet's (or they don't mean
* anything if it is in <net/if.h>) and won't work like this.
*/
# if __STDC__
extern void bpf_tap(struct ifnet *, u_char *, u_int);
extern void bpf_mtap(struct ifnet *, struct mbuf *);
extern void bpfattach(struct ifnet *, u_int, u_int);
extern void bpfilterattach(int);
# else
extern void bpf_tap();
extern void bpf_mtap();
extern void bpfattach();
extern void bpfilterattach();
# endif /* __STDC__ */
#endif /* BSD && (_KERNEL || KERNEL) */
#if __STDC__ || defined(__cplusplus)
extern int bpf_validate(struct bpf_insn *, int);
extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
#else
extern int bpf_validate();
extern u_int bpf_filter();
#endif
/*
* Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
*/
#define BPF_MEMWORDS 16
#ifdef __cplusplus
}
#endif
#endif

2
contrib/ipfilter/bpf_filter.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*-
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997

610
contrib/ipfilter/common.c
View File

@ -1,610 +0,0 @@
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
#include <strings.h>
#else
#include <sys/byteorder.h>
#endif
#include <sys/param.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/if.h>
#if __FreeBSD_version >= 300000
# include <net/if_var.h>
#endif
#include <stdio.h>
#include <string.h>
#include <limits.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <netdb.h>
#include <arpa/nameser.h>
#include <arpa/inet.h>
#include <resolv.h>
#include <ctype.h>
#include <syslog.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ipf.h"
#include "facpri.h"
#if !defined(lint)
static const char sccsid[] = "@(#)parse.c 1.44 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$IPFilter: parse.c,v 2.8 1999/12/28 10:49:46 darrenr Exp $";
#endif
extern struct ipopt_names ionames[], secclass[];
extern int opts;
extern int use_inet6;
char *proto = NULL;
char flagset[] = "FSRPAUEC";
u_char flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, TH_ACK, TH_URG,
TH_ECN, TH_CWR };
void fill6bits __P((int, u_32_t *));
int count6bits __P((u_32_t *));
static char thishost[MAXHOSTNAMELEN];
void initparse()
{
gethostname(thishost, sizeof(thishost));
thishost[sizeof(thishost) - 1] = '\0';
}
int genmask(msk, mskp)
char *msk;
u_32_t *mskp;
{
char *endptr = NULL;
#ifdef USE_INET6
u_32_t addr;
#endif
int bits;
if (index(msk, '.') || index(msk, 'x') || index(msk, ':')) {
/* possibly of the form xxx.xxx.xxx.xxx
* or 0xYYYYYYYY */
#ifdef USE_INET6
if (use_inet6) {
if (inet_pton(AF_INET6, msk, &addr) != 1)
return -1;
} else
#endif
if (inet_aton(msk, (struct in_addr *)mskp) == 0)
return -1;
} else {
/*
* set x most significant bits
*/
bits = (int)strtol(msk, &endptr, 0);
if ((*endptr != '\0') ||
((bits > 32) && !use_inet6) || (bits < 0) ||
((bits > 128) && use_inet6))
return -1;
if (use_inet6)
fill6bits(bits, mskp);
else {
if (bits == 0)
*mskp = 0;
else
*mskp = htonl(0xffffffff << (32 - bits));
}
}
return 0;
}
void fill6bits(bits, msk)
int bits;
u_32_t *msk;
{
int i;
for (i = 0; bits >= 32 && i < 4 ; ++i, bits -= 32)
msk[i] = 0xffffffff;
if (bits > 0 && i < 4)
msk[i++] = htonl(0xffffffff << (32 - bits));
while (i < 4)
msk[i++] = 0;
}
/*
* returns -1 if neither "hostmask/num" or "hostmask mask addr" are
* found in the line segments, there is an error processing this information,
* or there is an error processing ports information.
*/
int hostmask(seg, sa, msk, pp, cp, tp, linenum)
char ***seg;
u_32_t *sa, *msk;
u_short *pp, *tp;
int *cp;
int linenum;
{
struct in_addr maskaddr;
char *s;
/*
* is it possibly hostname/num ?
*/
if ((s = index(**seg, '/')) ||
((s = index(**seg, ':')) && !index(s + 1, ':'))) {
*s++ = '\0';
if (genmask(s, msk) == -1) {
fprintf(stderr, "%d: bad mask (%s)\n", linenum, s);
return -1;
}
if (hostnum(sa, **seg, linenum) == -1) {
fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg);
return -1;
}
*sa &= *msk;
(*seg)++;
return ports(seg, pp, cp, tp, linenum);
}
/*
* look for extra segments if "mask" found in right spot
*/
if (*(*seg+1) && *(*seg+2) && !strcasecmp(*(*seg+1), "mask")) {
if (hostnum(sa, **seg, linenum) == -1) {
fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg);
return -1;
}
(*seg)++;
(*seg)++;
if (inet_aton(**seg, &maskaddr) == 0) {
fprintf(stderr, "%d: bad mask (%s)\n", linenum, **seg);
return -1;
}
*msk = maskaddr.s_addr;
(*seg)++;
*sa &= *msk;
return ports(seg, pp, cp, tp, linenum);
}
if (**seg) {
if (hostnum(sa, **seg, linenum) == -1) {
fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg);
return -1;
}
(*seg)++;
if (use_inet6) {
u_32_t k = 0;
if (sa[0] || sa[1] || sa[2] || sa[3])
k = 0xffffffff;
msk[0] = msk[1] = msk[2] = msk[3] = k;
}
else
*msk = *sa ? 0xffffffff : 0;
return ports(seg, pp, cp, tp, linenum);
}
fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg);
return -1;
}
/*
* returns an ip address as a long var as a result of either a DNS lookup or
* straight inet_addr() call
*/
int hostnum(ipa, host, linenum)
u_32_t *ipa;
char *host;
int linenum;
{
struct hostent *hp;
struct netent *np;
struct in_addr ip;
if (!strcasecmp("any", host))
return 0;
#ifdef USE_INET6
if (use_inet6) {
if (inet_pton(AF_INET6, host, ipa) == 1)
return 0;
else
return -1;
}
#endif
if (isdigit(*host) && inet_aton(host, &ip)) {
*ipa = ip.s_addr;
return 0;
}
if (!strcasecmp("<thishost>", host))
host = thishost;
if (!(hp = gethostbyname(host))) {
if (!(np = getnetbyname(host))) {
fprintf(stderr, "%d: can't resolve hostname: %s\n",
linenum, host);
return -1;
}
*ipa = htonl(np->n_net);
return 0;
}
*ipa = *(u_32_t *)hp->h_addr;
return 0;
}
/*
* check for possible presence of the port fields in the line
*/
int ports(seg, pp, cp, tp, linenum)
char ***seg;
u_short *pp, *tp;
int *cp;
int linenum;
{
int comp = -1;
if (!*seg || !**seg || !***seg)
return 0;
if (!strcasecmp(**seg, "port") && *(*seg + 1) && *(*seg + 2)) {
(*seg)++;
if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq"))
comp = FR_EQUAL;
else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne"))
comp = FR_NEQUAL;
else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt"))
comp = FR_LESST;
else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt"))
comp = FR_GREATERT;
else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le"))
comp = FR_LESSTE;
else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge"))
comp = FR_GREATERTE;
else if (isalnum(***seg) && *(*seg + 2)) {
if (portnum(**seg, pp, linenum) == 0)
return -1;
(*seg)++;
if (!strcmp(**seg, "<>"))
comp = FR_OUTRANGE;
else if (!strcmp(**seg, "><"))
comp = FR_INRANGE;
else {
fprintf(stderr,
"%d: unknown range operator (%s)\n",
linenum, **seg);
return -1;
}
(*seg)++;
if (**seg == NULL) {
fprintf(stderr, "%d: missing 2nd port value\n",
linenum);
return -1;
}
if (portnum(**seg, tp, linenum) == 0)
return -1;
} else {
fprintf(stderr, "%d: unknown comparator (%s)\n",
linenum, **seg);
return -1;
}
if (comp != FR_OUTRANGE && comp != FR_INRANGE) {
(*seg)++;
if (portnum(**seg, pp, linenum) == 0)
return -1;
}
*cp = comp;
(*seg)++;
}
return 0;
}
/*
* find the port number given by the name, either from getservbyname() or
* straight atoi(). Return 1 on success, 0 on failure
*/
int portnum(name, port, linenum)
char *name;
u_short *port;
int linenum;
{
struct servent *sp, *sp2;
u_short p1 = 0;
int i;
if (isdigit(*name)) {
if (ratoi(name, &i, 0, USHRT_MAX)) {
*port = (u_short)i;
return 1;
}
fprintf(stderr, "%d: unknown port \"%s\"\n", linenum, name);
return 0;
}
if (proto != NULL && strcasecmp(proto, "tcp/udp") != 0) {
sp = getservbyname(name, proto);
if (sp) {
*port = ntohs(sp->s_port);
return 1;
}
fprintf(stderr, "%d: unknown service \"%s\".\n", linenum, name);
return 0;
}
sp = getservbyname(name, "tcp");
if (sp)
p1 = sp->s_port;
sp2 = getservbyname(name, "udp");
if (!sp || !sp2) {
fprintf(stderr, "%d: unknown tcp/udp service \"%s\".\n",
linenum, name);
return 0;
}
if (p1 != sp2->s_port) {
fprintf(stderr, "%d: %s %d/tcp is a different port to ",
linenum, name, p1);
fprintf(stderr, "%d: %s %d/udp\n", linenum, name, sp->s_port);
return 0;
}
*port = ntohs(p1);
return 1;
}
u_char tcp_flags(flgs, mask, linenum)
char *flgs;
u_char *mask;
int linenum;
{
u_char tcpf = 0, tcpfm = 0, *fp = &tcpf;
char *s, *t;
if (*flgs == '0') {
s = strchr(flgs, '/');
if (s)
*s++ = '\0';
tcpf = strtol(flgs, NULL, 0);
fp = &tcpfm;
} else
s = flgs;
for (; *s; s++) {
if (*s == '/' && fp == &tcpf) {
fp = &tcpfm;
if (*(s + 1) == '0')
break;
continue;
}
if (!(t = index(flagset, *s))) {
fprintf(stderr, "%d: unknown flag (%c)\n", linenum, *s);
return 0;
}
*fp |= flags[t - flagset];
}
if (s && *s == '0')
tcpfm = strtol(s, NULL, 0);
if (!tcpfm) {
if (tcpf == TH_SYN)
tcpfm = 0xff & ~(TH_ECN|TH_CWR);
else
tcpfm = 0xff & ~(TH_ECN);
}
*mask = tcpfm;
return tcpf;
}
/*
* count consecutive 1's in bit mask. If the mask generated by counting
* consecutive 1's is different to that passed, return -1, else return #
* of bits.
*/
int countbits(ip)
u_32_t ip;
{
u_32_t ipn;
int cnt = 0, i, j;
ip = ipn = ntohl(ip);
for (i = 32; i; i--, ipn *= 2)
if (ipn & 0x80000000)
cnt++;
else
break;
ipn = 0;
for (i = 32, j = cnt; i; i--, j--) {
ipn *= 2;
if (j > 0)
ipn++;
}
if (ipn == ip)
return cnt;
return -1;
}
int count6bits(msk)
u_32_t *msk;
{
int i = 0, k;
u_32_t j;
for (k = 3; k >= 0; k--)
if (msk[k] == 0xffffffff)
i += 32;
else {
for (j = msk[k]; j; j <<= 1)
if (j & 0x80000000)
i++;
}
return i;
}
char *portname(pr, port)
int pr, port;
{
static char buf[32];
struct protoent *p = NULL;
struct servent *sv = NULL, *sv1 = NULL;
if (pr == -1) {
if ((sv = getservbyport(htons(port), "tcp"))) {
strncpy(buf, sv->s_name, sizeof(buf)-1);
buf[sizeof(buf)-1] = '\0';
sv1 = getservbyport(htons(port), "udp");
sv = strncasecmp(buf, sv->s_name, strlen(buf)) ?
NULL : sv1;
}
if (sv)
return buf;
} else if (pr && (p = getprotobynumber(pr))) {
if ((sv = getservbyport(htons(port), p->p_name))) {
strncpy(buf, sv->s_name, sizeof(buf)-1);
buf[sizeof(buf)-1] = '\0';
return buf;
}
}
(void) sprintf(buf, "%d", port);
return buf;
}
int ratoi(ps, pi, min, max)
char *ps;
int *pi, min, max;
{
int i;
char *pe;
i = (int)strtol(ps, &pe, 0);
if (*pe != '\0' || i < min || i > max)
return 0;
*pi = i;
return 1;
}
int ratoui(ps, pi, min, max)
char *ps;
u_int *pi, min, max;
{
u_int i;
char *pe;
i = (u_int)strtol(ps, &pe, 0);
if (*pe != '\0' || i < min || i > max)
return 0;
*pi = i;
return 1;
}
void printhostmask(v, addr, mask)
int v;
u_32_t *addr, *mask;
{
struct in_addr ipa;
int ones;
#ifdef USE_INET6
if (v == 6) {
ones = count6bits(mask);
if (ones == 0 && !addr[0] && !addr[1] && !addr[2] && !addr[3])
printf("any");
else {
char ipbuf[64];
printf("%s/%d",
inet_ntop(AF_INET6, addr, ipbuf, sizeof(ipbuf)),
ones);
}
}
else
#endif
if (!*addr && !*mask)
printf("any");
else {
ipa.s_addr = *addr;
printf("%s", inet_ntoa(ipa));
if ((ones = countbits(*mask)) == -1) {
ipa.s_addr = *mask;
printf("/%s", inet_ntoa(ipa));
} else
printf("/%d", ones);
}
}
void printportcmp(pr, frp)
int pr;
frpcmp_t *frp;
{
static char *pcmp1[] = { "*", "=", "!=", "<", ">", "<=", ">=",
"<>", "><"};
if (frp->frp_cmp == FR_INRANGE || frp->frp_cmp == FR_OUTRANGE)
printf(" port %d %s %d", frp->frp_port,
pcmp1[frp->frp_cmp], frp->frp_top);
else
printf(" port %s %s", pcmp1[frp->frp_cmp],
portname(pr, frp->frp_port));
}
void printbuf(buf, len, zend)
char *buf;
int len, zend;
{
char *s, c;
int i;
for (s = buf, i = len; i; i--) {
c = *s++;
if (isprint(c))
putchar(c);
else
printf("\\%03o", c);
if ((c == '\0') && zend)
break;
}
}
char *hostname(v, ip)
int v;
void *ip;
{
#ifdef USE_INET6
static char hostbuf[MAXHOSTNAMELEN+1];
#endif
struct in_addr ipa;
if (v == 4) {
ipa.s_addr = *(u_32_t *)ip;
return inet_ntoa(ipa);
}
#ifdef USE_INET6
(void) inet_ntop(AF_INET6, ip, hostbuf, sizeof(hostbuf) - 1);
hostbuf[MAXHOSTNAMELEN] = '\0';
return hostbuf;
#else
return "IPv6";
#endif
}

151
contrib/ipfilter/facpri.c
View File

@ -1,151 +0,0 @@
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <string.h>
#include <limits.h>
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
#include <strings.h>
#endif
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <syslog.h>
#include "facpri.h"
#ifndef __STDC__
# define const
#endif
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: facpri.c,v 1.3.2.4 2001/07/15 22:06:12 darrenr Exp $";
#endif
typedef struct table {
char *name;
int value;
} table_t;
table_t facs[] = {
{ "kern", LOG_KERN }, { "user", LOG_USER },
{ "mail", LOG_MAIL }, { "daemon", LOG_DAEMON },
{ "auth", LOG_AUTH }, { "syslog", LOG_SYSLOG },
{ "lpr", LOG_LPR }, { "news", LOG_NEWS },
{ "uucp", LOG_UUCP },
#if LOG_CRON == LOG_CRON2
{ "cron2", LOG_CRON1 },
#else
{ "cron", LOG_CRON1 },
#endif
#ifdef LOG_FTP
{ "ftp", LOG_FTP },
#endif
#ifdef LOG_AUTHPRIV
{ "authpriv", LOG_AUTHPRIV },
#endif
#ifdef LOG_AUDIT
{ "audit", LOG_AUDIT },
#endif
#ifdef LOG_LFMT
{ "logalert", LOG_LFMT },
#endif
#if LOG_CRON == LOG_CRON1
{ "cron", LOG_CRON2 },
#else
{ "cron2", LOG_CRON2 },
#endif
#ifdef LOG_SECURITY
{ "security", LOG_SECURITY },
#endif
{ "local0", LOG_LOCAL0 }, { "local1", LOG_LOCAL1 },
{ "local2", LOG_LOCAL2 }, { "local3", LOG_LOCAL3 },
{ "local4", LOG_LOCAL4 }, { "local5", LOG_LOCAL5 },
{ "local6", LOG_LOCAL6 }, { "local7", LOG_LOCAL7 },
{ NULL, 0 }
};
/*
* map a facility number to its name
*/
char *
fac_toname(facpri)
int facpri;
{
int i, j, fac;
fac = facpri & LOG_FACMASK;
j = fac >> 3;
if (j < 24) {
if (facs[j].value == fac)
return facs[j].name;
for (i = 0; facs[i].name; i++)
if (fac == facs[i].value)
return facs[i].name;
}
return NULL;
}
/*
* map a facility name to its number
*/
int
fac_findname(name)
char *name;
{
int i;
for (i = 0; facs[i].name; i++)
if (!strcmp(facs[i].name, name))
return facs[i].value;
return -1;
}
table_t pris[] = {
{ "emerg", LOG_EMERG }, { "alert", LOG_ALERT },
{ "crit", LOG_CRIT }, { "err", LOG_ERR },
{ "warn", LOG_WARNING }, { "notice", LOG_NOTICE },
{ "info", LOG_INFO }, { "debug", LOG_DEBUG },
{ NULL, 0 }
};
/*
* map a priority name to its number
*/
int
pri_findname(name)
char *name;
{
int i;
for (i = 0; pris[i].name; i++)
if (!strcmp(pris[i].name, name))
return pris[i].value;
return -1;
}
/*
* map a priority number to its name
*/
char *
pri_toname(facpri)
int facpri;
{
int i, pri;
pri = facpri & LOG_PRIMASK;
if (pris[pri].value == pri)
return pris[pri].name;
for (i = 0; pris[i].name; i++)
if (pri == pris[i].value)
return pris[i].name;
return NULL;
}

40
contrib/ipfilter/facpri.h
View File

@ -1,40 +0,0 @@
/*
* Copyright (C) 1999-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
* $Id: facpri.h,v 1.3.2.1 2001/06/26 10:43:11 darrenr Exp $
*/
#ifndef __FACPRI_H__
#define __FACPRI_H__
#ifndef __P
# define P_DEF
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
extern char *fac_toname __P((int));
extern int fac_findname __P((char *));
extern char *pri_toname __P((int));
extern int pri_findname __P((char *));
#ifdef P_DEF
# undef __P
# undef P_DEF
#endif
#if LOG_CRON == (9<<3)
# define LOG_CRON1 LOG_CRON
# define LOG_CRON2 (15<<3)
#endif
#if LOG_CRON == (15<<3)
# define LOG_CRON1 (9<<3)
# define LOG_CRON2 LOG_CRON
#endif
#endif /* __FACPRI_H__ */

1536
contrib/ipfilter/fils.c
View File

File diff suppressed because it is too large Load Diff

199
contrib/ipfilter/inet_addr.c
View File

@ -1,199 +0,0 @@
/*
* ++Copyright++ 1983, 1990, 1993
* -
* Copyright (c) 1983, 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* -
* Portions Copyright (c) 1993 by Digital Equipment Corporation.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies, and that
* the name of Digital Equipment Corporation not be used in advertising or
* publicity pertaining to distribution of the document or software without
* specific, written prior permission.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
* WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
* CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
* -
* --Copyright--
*/
#ifdef __STDC__
# ifndef __P
# define __P(x) x
# endif
#else
# undef __P
# define __P(x) ()
# undef const
# define const
#endif
#if !defined(lint)
static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1.4.2 2002/02/22 15:32:46 darrenr Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <ctype.h>
int inet_aton __P((const char *, struct in_addr *));
/*
* Check whether "cp" is a valid ascii representation
* of an Internet address and convert to a binary address.
* Returns 1 if the address is valid, 0 if not.
* This replaces inet_addr, the return value from which
* cannot distinguish between failure and a local broadcast address.
*/
int
inet_aton(cp, addr)
register const char *cp;
struct in_addr *addr;
{
register u_long val;
register int base, n;
register char c;
u_int parts[4];
register u_int *pp = parts;
c = *cp;
for (;;) {
/*
* Collect number up to ``.''.
* Values are specified as for C:
* 0x=hex, 0=octal, isdigit=decimal.
*/
if (!isdigit(c))
return (0);
val = 0; base = 10;
if (c == '0') {
c = *++cp;
if (c == 'x' || c == 'X')
base = 16, c = *++cp;
else
base = 8;
}
for (;;) {
if (isascii(c) && isdigit(c)) {
val = (val * base) + (c - '0');
c = *++cp;
} else if (base == 16 && isascii(c) && isxdigit(c)) {
val = (val << 4) |
(c + 10 - (islower(c) ? 'a' : 'A'));
c = *++cp;
} else
break;
}
if (c == '.') {
/*
* Internet format:
* a.b.c.d
* a.b.c (with c treated as 16 bits)
* a.b (with b treated as 24 bits)
*/
if (pp >= parts + 3)
return (0);
*pp++ = val;
c = *++cp;
} else
break;
}
/*
* Check for trailing characters.
*/
if (c != '\0' && (!isascii(c) || !isspace(c)))
return (0);
/*
* Concoct the address according to
* the number of parts specified.
*/
n = pp - parts + 1;
switch (n) {
case 0:
return (0); /* initial nondigit */
case 1: /* a -- 32 bits */
break;
case 2: /* a.b -- 8.24 bits */
if (val > 0xffffff)
return (0);
val |= parts[0] << 24;
break;
case 3: /* a.b.c -- 8.8.16 bits */
if (val > 0xffff)
return (0);
val |= (parts[0] << 24) | (parts[1] << 16);
break;
case 4: /* a.b.c.d -- 8.8.8.8 bits */
if (val > 0xff)
return (0);
val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8);
break;
}
if (addr)
addr->s_addr = htonl(val);
return (1);
}
/* these are compatibility routines, not needed on recent BSD releases */
/*
* Ascii internet address interpretation routine.
* The value returned is in network order.
*/
#if (defined(SOLARIS2) && (SOLARIS2 > 5)) || \
(defined(IRIX) && (IRIX >= 605))
in_addr_t
#else
u_long
#endif
inet_addr(cp)
register const char *cp;
{
struct in_addr val;
if (inet_aton(cp, &val))
return (val.s_addr);
return (0xffffffff);
}

2
contrib/ipfilter/ip_fil_freebsd.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2003 by Darren Reed.

2
contrib/ipfilter/ip_htable.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001, 2003 by Darren Reed.

2
contrib/ipfilter/ip_htable.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
#ifndef __IP_HTABLE_H__
#define __IP_HTABLE_H__

2
contrib/ipfilter/ip_irc_pxy.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2003 Darren Reed

975
contrib/ipfilter/ip_lfil.c
View File

@ -1,975 +0,0 @@
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.5 2002/10/03 13:47:19 darrenr Exp $";
#endif
#if defined(KERNEL) && !defined(_KERNEL)
# define _KERNEL
#endif
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <sys/dir.h>
#include <sys/socket.h>
#ifndef _KERNEL
# include <stdio.h>
# include <string.h>
# include <stdlib.h>
# include <ctype.h>
#else
# include <linux/module.h>
#endif
#include <net/if.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#ifndef _KERNEL
# include <syslog.h>
#endif
#include "netinet/ip_compat.h"
#include <netinet/tcpip.h>
#include "netinet/ip_fil.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_proxy.h"
#include "netinet/ip_frag.h"
#include "netinet/ip_state.h"
#include "netinet/ip_auth.h"
#ifdef _KERNEL
#include <net/ip_forward.h>
#endif
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
#ifndef _KERNEL
# include "ipt.h"
static struct ifnet **ifneta = NULL;
static int nifs = 0;
#endif
int fr_running = 0;
int ipl_unreach = ICMP_UNREACH_FILTER;
u_long ipl_frouteok[2] = {0, 0};
static int frzerostats __P((caddr_t));
static void frsync __P((void));
#if defined(__NetBSD__) || defined(__OpenBSD__)
static int frrequest __P((int, u_long, caddr_t, int));
#else
static int frrequest __P((int, u_long, caddr_t, int));
#endif
#ifdef _KERNEL
static int (*fr_savep) __P((ip_t *, int, void *, int, mb_t **));
#else
int ipllog __P((void));
void init_ifp __P((void));
static int no_output __P((mb_t *, struct ifnet *));
static int write_output __P((mb_t *, struct ifnet *));
#endif
#ifdef _KERNEL
int fr_precheck(struct iphdr *ip, struct device *dev, int out, struct device **ifp)
{
int hlen = ip->ihl << 2;
return fr_check((ip_t *)ip, hlen, dev, out, (mb_t **)ifp);
}
int iplattach()
{
char *defpass;
int s;
if (fr_running || (fr_checkp == fr_precheck)) {
printk("IP Filter: already initialized\n");
return EBUSY;
}
fr_running = 1;
bzero((char *)frcache, sizeof(frcache));
bzero((char *)nat_table, sizeof(nat_table));
fr_savep = fr_checkp;
fr_checkp = fr_precheck;
# ifdef IPFILTER_LOG
ipflog_init();
# endif
if (fr_pass & FR_PASS)
defpass = "pass";
else if (fr_pass & FR_BLOCK)
defpass = "block";
else
defpass = "no-match -> block";
printk("IP Filter: initialized. Default = %s all, Logging = %s\n",
defpass,
# ifdef IPFILTER_LOG
"enabled");
# else
"disabled");
# endif
return 0;
}
/*
* Disable the filter by removing the hooks from the IP input/output
* stream.
*/
int ipldetach()
{
int s, i = FR_INQUE|FR_OUTQUE;
if (!fr_running)
{
printk("IP Filter: not initialized\n");
return 0;
}
fr_checkp = fr_savep;
i = frflush(IPL_LOGIPF, i);
fr_running = 0;
ipfr_unload();
ip_natunload();
fr_stateunload();
fr_authunload();
printk("IP Filter: unloaded\n");
return 0;
}
#endif /* _KERNEL */
static int frzerostats(data)
caddr_t data;
{
struct friostat fio;
int error;
bcopy((char *)frstats, (char *)fio.f_st,
sizeof(struct filterstats) * 2);
fio.f_fin[0] = ipfilter[0][0];
fio.f_fin[1] = ipfilter[0][1];
fio.f_fout[0] = ipfilter[1][0];
fio.f_fout[1] = ipfilter[1][1];
fio.f_acctin[0] = ipacct[0][0];
fio.f_acctin[1] = ipacct[0][1];
fio.f_acctout[0] = ipacct[1][0];
fio.f_acctout[1] = ipacct[1][1];
fio.f_active = fr_active;
fio.f_froute[0] = ipl_frouteok[0];
fio.f_froute[1] = ipl_frouteok[1];
error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio));
if (!error)
bzero((char *)frstats, sizeof(*frstats) * 2);
return error;
}
/*
* Filter ioctl interface.
*/
#if defined(_KERNEL)
int iplioctl(struct inode *inode, struct file *file, u_int cmd, u_long arg)
{
int s;
caddr_t data = (caddr_t)arg;
int mode = file->f_mode;
#else
int iplioctl(dev_t dev, int cmd, caddr_t data, int mode)
{
#endif
int error = 0, unit = 0, tmp;
#ifdef _KERNEL
unit = GET_MINOR(inode->i_rdev);
if ((IPL_LOGMAX < unit) || (unit < 0))
return ENXIO;
#endif
if (unit == IPL_LOGNAT) {
error = nat_ioctl(data, cmd, mode);
return error;
}
if (unit == IPL_LOGSTATE) {
error = fr_state_ioctl(data, cmd, mode);
return error;
}
switch (cmd) {
case FIONREAD :
#ifdef IPFILTER_LOG
error = IWCOPY((caddr_t)&iplused[IPL_LOGIPF], data,
sizeof(iplused[IPL_LOGIPF]));
#endif
break;
#if !defined(IPFILTER_LKM) && defined(_KERNEL)
case SIOCFRENB :
{
u_int enable;
if (!(mode & FWRITE))
error = EPERM;
else {
error = IRCOPY(data, (caddr_t)&enable, sizeof(enable));
if (error)
break;
if (enable)
error = iplattach();
else
error = ipldetach();
}
break;
}
#endif
case SIOCSETFF :
if (!(mode & FWRITE))
error = EPERM;
else
error = IRCOPY(data, (caddr_t)&fr_flags,
sizeof(fr_flags));
break;
case SIOCGETFF :
error = IWCOPY((caddr_t)&fr_flags, data, sizeof(fr_flags));
break;
case SIOCINAFR :
case SIOCRMAFR :
case SIOCADAFR :
case SIOCZRLST :
if (!(mode & FWRITE))
error = EPERM;
else
error = frrequest(unit, cmd, data, fr_active);
break;
case SIOCINIFR :
case SIOCRMIFR :
case SIOCADIFR :
if (!(mode & FWRITE))
error = EPERM;
else
error = frrequest(unit, cmd, data, 1 - fr_active);
break;
case SIOCSWAPA :
if (!(mode & FWRITE))
error = EPERM;
else {
bzero((char *)frcache, sizeof(frcache[0]) * 2);
*(u_int *)data = fr_active;
fr_active = 1 - fr_active;
}
break;
case SIOCGETFS :
{
struct friostat fio;
bcopy((char *)frstats, (char *)fio.f_st,
sizeof(struct filterstats) * 2);
fio.f_fin[0] = ipfilter[0][0];
fio.f_fin[1] = ipfilter[0][1];
fio.f_fout[0] = ipfilter[1][0];
fio.f_fout[1] = ipfilter[1][1];
fio.f_acctin[0] = ipacct[0][0];
fio.f_acctin[1] = ipacct[0][1];
fio.f_acctout[0] = ipacct[1][0];
fio.f_acctout[1] = ipacct[1][1];
fio.f_auth = ipauth;
fio.f_active = fr_active;
fio.f_froute[0] = ipl_frouteok[0];
fio.f_froute[1] = ipl_frouteok[1];
error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio));
break;
}
case SIOCFRZST :
if (!(mode & FWRITE))
error = EPERM;
else
error = frzerostats(data);
break;
case SIOCIPFFL :
if (!(mode & FWRITE))
error = EPERM;
else {
error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
if (!error) {
tmp = frflush(unit, tmp);
error = IWCOPY((caddr_t)&tmp, data,
sizeof(tmp));
}
}
break;
#ifdef IPFILTER_LOG
case SIOCIPFFB :
if (!(mode & FWRITE))
error = EPERM;
else
*(int *)data = ipflog_clear(unit);
break;
#endif /* IPFILTER_LOG */
case SIOCGFRST :
error = IWCOPYPTR((caddr_t)ipfr_fragstats(), data,
sizeof(ipfrstat_t));
break;
case SIOCFRSYN :
if (!(mode & FWRITE))
error = EPERM;
else {
#if defined(_KERNEL) && defined(__sgi)
ipfsync();
#endif
frsync();
}
break;
default :
error = EINVAL;
break;
}
return error;
}
static void frsync()
{
#ifdef _KERNEL
struct device *dev;
for (dev = dev_base; dev; dev = dev->next)
ip_natsync(dev);
#endif
}
static int frrequest(unit, req, data, set)
int unit;
u_long req;
int set;
caddr_t data;
{
register frentry_t *fp, *f, **fprev;
register frentry_t **ftail;
frentry_t frd;
frdest_t *fdp;
frgroup_t *fg = NULL;
int error = 0, in;
u_int group;
fp = &frd;
error = IRCOPYPTR(data, (caddr_t)fp, sizeof(*fp));
if (error)
return error;
/*
* Check that the group number does exist and that if a head group
* has been specified, doesn't exist.
*/
if (fp->fr_grhead &&
fr_findgroup((u_int)fp->fr_grhead, fp->fr_flags, unit, set, NULL))
return EEXIST;
if (fp->fr_group &&
!fr_findgroup((u_int)fp->fr_group, fp->fr_flags, unit, set, NULL))
return ESRCH;
in = (fp->fr_flags & FR_INQUE) ? 0 : 1;
if (unit == IPL_LOGAUTH)
ftail = fprev = &ipauth;
else if (fp->fr_flags & FR_ACCOUNT)
ftail = fprev = &ipacct[in][set];
else if (fp->fr_flags & (FR_OUTQUE|FR_INQUE))
ftail = fprev = &ipfilter[in][set];
else
return ESRCH;
if ((group = fp->fr_group)) {
if (!(fg = fr_findgroup(group, fp->fr_flags, unit, set, NULL)))
return ESRCH;
ftail = fprev = fg->fg_start;
}
bzero((char *)frcache, sizeof(frcache[0]) * 2);
if (*fp->fr_ifname) {
fp->fr_ifa = GETUNIT(fp->fr_ifname, fp->fr_ip.fi_v);
if (!fp->fr_ifa)
fp->fr_ifa = (void *)-1;
}
fdp = &fp->fr_dif;
fp->fr_flags &= ~FR_DUP;
if (*fdp->fd_ifname) {
fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fp->fr_ip.fi_v);
if (!fdp->fd_ifp)
fdp->fd_ifp = (struct ifnet *)-1;
else
fp->fr_flags |= FR_DUP;
}
fdp = &fp->fr_tif;
if (*fdp->fd_ifname) {
fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fp->fr_ip.fi_v);
if (!fdp->fd_ifp)
fdp->fd_ifp = (struct ifnet *)-1;
}
/*
* Look for a matching filter rule, but don't include the next or
* interface pointer in the comparison (fr_next, fr_ifa).
*/
for (; (f = *ftail); ftail = &f->fr_next)
if (bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip,
FR_CMPSIZ) == 0)
break;
/*
* If zero'ing statistics, copy current to caller and zero.
*/
if (req == SIOCZRLST) {
if (!f)
return ESRCH;
error = IWCOPYPTR((caddr_t)f, data, sizeof(*f));
if (error)
return error;
f->fr_hits = 0;
f->fr_bytes = 0;
return 0;
}
if (!f) {
if (req == SIOCINAFR || req == SIOCINIFR) {
ftail = fprev;
if (fp->fr_hits) {
while (--fp->fr_hits && (f = *ftail)) {
ftail = &f->fr_next;
}
}
}
f = NULL;
}
if (req == SIOCRMAFR || req == SIOCRMIFR) {
if (!f)
error = ESRCH;
else {
if (f->fr_ref > 1)
return EBUSY;
if (fg && fg->fg_head)
fg->fg_head->fr_ref--;
if (unit == IPL_LOGAUTH)
return fr_auth_ioctl(data, mode, req, f, ftail);
if (f->fr_grhead)
fr_delgroup((u_int)f->fr_grhead, fp->fr_flags,
unit, set);
fixskip(fprev, f, -1);
*ftail = f->fr_next;
KFREE(f);
}
} else {
if (f)
error = EEXIST;
else {
if (unit == IPL_LOGAUTH)
return fr_auth_ioctl(data, mode, req, f, ftail);
KMALLOC(f, frentry_t *);
if (f != NULL) {
if (fg && fg->fg_head)
fg->fg_head->fr_ref++;
bcopy((char *)fp, (char *)f, sizeof(*f));
f->fr_ref = 1;
f->fr_hits = 0;
f->fr_next = *ftail;
*ftail = f;
if (req == SIOCINIFR || req == SIOCINAFR)
fixskip(fprev, f, 1);
f->fr_grp = NULL;
if ((group = f->fr_grhead))
fg = fr_addgroup(group, f, unit, set);
} else
error = ENOMEM;
}
}
return (error);
}
#ifdef _KERNEL
/*
* routines below for saving IP headers to buffer
*/
int iplopen(struct inode *inode, struct file *file)
{
u_int min = GET_MINOR(inode->i_rdev);
if (IPL_LOGMAX < min)
min = ENXIO;
else {
MOD_INC_USE_COUNT;
min = 0;
}
return min;
}
void iplclose(struct inode *inode, struct file *file)
{
u_int min = GET_MINOR(inode->i_rdev);
if (IPL_LOGMAX >= min) {
MOD_DEC_USE_COUNT;
}
}
/*
* iplread/ipllog
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
int iplread(struct inode *inode, struct file *file, char *buf, int nbytes)
{
struct uio uiob, *uio = &uiob;
uio->uio_buf = buf;
uio->uio_resid = nbytes;
# ifdef IPFILTER_LOG
return ipflog_read(GET_MINOR(inode->i_rdev), uio);
# else
return ENXIO;
# endif
}
/*
* send_reset - this could conceivably be a call to tcp_respond(), but that
* requires a large amount of setting up and isn't any more efficient.
*/
int send_reset(ti, ifp)
struct tcpiphdr *ti;
struct ifnet *ifp;
{
tcphdr_t *tcp;
int tlen = 0;
ip_t *ip;
mb_t *m;
if (ti->ti_flags & TH_RST)
return -1; /* feedback loop */
m = alloc_skb(sizeof(tcpiphdr_t), GFP_ATOMIC);
if (m == NULL)
return -1;
if (ti->ti_flags & TH_SYN)
tlen = 1;
m->dev = ifp;
m->csum = 0;
ip = mtod(m, ip_t *);
m->h.iph = ip;
m->ip_hdr = NULL;
m->m_len = sizeof(tcpiphdr_t);
tcp = (tcphdr_t *)((char *)ip + sizeof(ip_t));
bzero((char *)ip, sizeof(tcpiphdr_t));
ip->ip_v = IPVERSION;
ip->ip_hl = sizeof(ip_t) >> 2;
ip->ip_tos = ((ip_t *)ti)->ip_tos;
ip->ip_p = ((ip_t *)ti)->ip_p;
ip->ip_id = ((ip_t *)ti)->ip_id;
ip->ip_len = htons(sizeof(tcpiphdr_t));
ip->ip_ttl = 127;
ip->ip_src.s_addr = ti->ti_dst.s_addr;
ip->ip_dst.s_addr = ti->ti_src.s_addr;
tcp->th_dport = ti->ti_sport;
tcp->th_sport = ti->ti_dport;
tcp->th_ack = htonl(ntohl(ti->ti_seq) + tlen);
tcp->th_off = sizeof(tcphdr_t) >> 2;
tcp->th_flags = TH_RST|TH_ACK;
ip->ip_sum = 0;
ip->ip_sum = ipf_cksum((u_short *)ip, sizeof(ip_t));
tcp->th_sum = fr_tcpsum(m, ip, tcp);
return ip_forward(m, NULL, IPFWD_NOTTLDEC, ip->ip_dst.s_addr);
}
size_t mbufchainlen(m0)
register mb_t *m0;
{
register size_t len = 0;
for (; m0; m0 = m0->m_next)
len += m0->m_len;
return len;
}
void ipfr_fastroute(m0, fin, fdp)
mb_t *m0;
fr_info_t *fin;
frdest_t *fdp;
{
#if notyet
register ip_t *ip, *mhip;
register mb_t *m = m0;
register struct route *ro;
struct ifnet *ifp = fdp->fd_ifp;
int len, off, error = 0;
int hlen = fin->fin_hlen;
struct route iproute;
struct sockaddr_in *dst;
ip = mtod(m0, ip_t *);
/*
* Route packet.
*/
ro = &iproute;
bzero((caddr_t)ro, sizeof (*ro));
dst = (struct sockaddr_in *)&ro->ro_dst;
dst->sin_family = AF_INET;
dst->sin_addr = fdp->fd_ip.s_addr ? fdp->fd_ip : ip->ip_dst;
/*
* XXX -allocate route here
*/
if (!ifp) {
if (!(fin->fin_fr->fr_flags & FR_FASTROUTE)) {
error = -2;
goto bad;
}
if (ro->ro_rt == 0 || (ifp = ro->ro_rt->rt_ifp) == 0) {
if (in_localaddr(ip->ip_dst))
error = EHOSTUNREACH;
else
error = ENETUNREACH;
goto bad;
}
if (ro->ro_rt->rt_flags & RTF_GATEWAY)
dst = (struct sockaddr_in *)&ro->ro_rt->rt_gateway;
}
ro->ro_rt->rt_use++;
/*
* For input packets which are being "fastrouted", they won't
* go back through output filtering and miss their chance to get
* NAT'd.
*/
(void) ip_natout(ip, hlen, fin);
if (fin->fin_out)
ip->ip_sum = 0;
/*
* If small enough for interface, can just send directly.
*/
if (ip->ip_len <= ifp->if_mtu) {
# ifndef sparc
ip->ip_id = htons(ip->ip_id);
ip->ip_len = htons(ip->ip_len);
ip->ip_off = htons(ip->ip_off);
# endif
if (!ip->ip_sum)
ip->ip_sum = in_cksum(m, hlen);
error = (*ifp->hard_start_xmit)(m, ifp, m);
goto done;
}
/*
* Too large for interface; fragment if possible.
* Must be able to put at least 8 bytes per fragment.
*/
if (ip->ip_off & IP_DF) {
error = EMSGSIZE;
goto bad;
}
len = (ifp->if_mtu - hlen) &~ 7;
if (len < 8) {
error = EMSGSIZE;
goto bad;
}
{
int mhlen, firstlen = len;
mb_t **mnext = &m->m_act;
/*
* Loop through length of segment after first fragment,
* make new header and copy data of each part and link onto chain.
*/
m0 = m;
mhlen = sizeof (struct ip);
for (off = hlen + len; off < ip->ip_len; off += len) {
MGET(m, M_DONTWAIT, MT_HEADER);
if (m == 0) {
error = ENOBUFS;
goto bad;
}
m->m_data += max_linkhdr;
mhip = mtod(m, struct ip *);
bcopy((char *)ip, (char *)mhip, sizeof(*ip));
if (hlen > sizeof (struct ip)) {
mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip);
mhip->ip_hl = mhlen >> 2;
}
m->m_len = mhlen;
mhip->ip_off = ((off - hlen) >> 3) + (ip->ip_off & ~IP_MF);
if (ip->ip_off & IP_MF)
mhip->ip_off |= IP_MF;
if (off + len >= ip->ip_len)
len = ip->ip_len - off;
else
mhip->ip_off |= IP_MF;
mhip->ip_len = htons((u_short)(len + mhlen));
m->m_next = m_copy(m0, off, len);
if (m->m_next == 0) {
error = ENOBUFS; /* ??? */
goto sendorfree;
}
# ifndef sparc
mhip->ip_off = htons((u_short)mhip->ip_off);
# endif
mhip->ip_sum = 0;
mhip->ip_sum = in_cksum(m, mhlen);
*mnext = m;
mnext = &m->m_act;
}
/*
* Update first fragment by trimming what's been copied out
* and updating header, then send each fragment (in order).
*/
m_adj(m0, hlen + firstlen - ip->ip_len);
ip->ip_len = htons((u_short)(hlen + firstlen));
ip->ip_off = htons((u_short)(ip->ip_off | IP_MF));
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m0, hlen);
sendorfree:
for (m = m0; m; m = m0) {
m0 = m->m_act;
m->m_act = 0;
if (error == 0)
error = (*ifp->if_output)(ifp, m,
(struct sockaddr *)dst);
else
m_freem(m);
}
}
done:
if (!error)
ipl_frouteok[0]++;
else
ipl_frouteok[1]++;
if (ro->ro_rt) {
RTFREE(ro->ro_rt);
}
return;
bad:
m_freem(m);
goto done;
# endif
}
/*
* Fake BSD uiomove() call.
*/
int uiomove(caddr_t src, size_t ssize, int rw, struct uio *uio)
{
int error;
size_t mv = MIN(ssize, uio->uio_resid);
if (rw == UIO_READ) {
error = IWCOPY(src, (caddr_t)uio->uio_buf, mv);
} else if (rw == UIO_WRITE) {
error = IRCOPY((caddr_t)uio->uio_buf, src, mv);
} else
error = EINVAL;
if (!error) {
uio->uio_resid -= mv;
uio->uio_buf += mv;
}
return error;
}
# ifdef IPFILTER_LKM
# ifndef IPL_MAJOR
# define IPL_MAJOR 95
# endif
# ifndef IPL_NAME
# define IPL_NAME "/dev/ipl"
# endif
static struct file_operations ipl_fops = {
NULL, /* lseek */
iplread, /* read */
NULL, /* write */
NULL, /* readdir */
NULL, /* select */
iplioctl, /* ioctl */
NULL, /* mmap */
iplopen, /* open */
iplclose, /* release */
NULL, /* fsync */
NULL, /* fasync */
NULL, /* check_media_change */
NULL, /* revalidate */
};
int init_module(void)
{
int error = 0, major;
if (register_chrdev(IPL_MAJOR, "ipf", &ipl_fops)) {
printk("ipf: unable to get major number: %d\n", IPL_MAJOR);
return -EIO;
}
error = iplattach();
if (!error)
register_symtab(0);
return -error;
}
void cleanup_module(void)
{
unregister_chrdev(IPL_MAJOR, "ipf");
(void) ipldetach();
}
# endif /* IPFILTER_LKM */
#else /* #ifdef _KERNEL */
static int no_output __P((mb_t *m, struct ifnet *ifp))
{
return 0;
}
static int write_output __P((mb_t *m, struct ifnet *ifp))
{
FILE *fp;
char fname[32];
ip_t *ip;
ip = mtod(m, ip_t *);
sprintf(fname, "/tmp/%s", ifp->name);
if ((fp = fopen(fname, "a"))) {
fwrite((char *)ip, ntohs(ip->ip_len), 1, fp);
fclose(fp);
}
return 0;
}
struct ifnet *get_unit(name, v)
char *name;
int v;
{
struct ifnet *ifp, **ifa;
char ifname[32], *s;
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
(void) sprintf(ifname, "%s", ifp->name);
if (!strcmp(name, ifname))
return ifp;
}
if (!ifneta) {
ifneta = (struct ifnet **)malloc(sizeof(ifp) * 2);
ifneta[1] = NULL;
ifneta[0] = (struct ifnet *)calloc(1, sizeof(*ifp));
nifs = 1;
} else {
nifs++;
ifneta = (struct ifnet **)realloc(ifneta,
(nifs + 1) * sizeof(*ifa));
ifneta[nifs] = NULL;
ifneta[nifs - 1] = (struct ifnet *)malloc(sizeof(*ifp));
}
ifp = ifneta[nifs - 1];
for (s = name; *s && !isdigit(*s); s++)
;
if (*s && isdigit(*s)) {
ifp->name = (char *)malloc(s - name + 1);
strncpy(ifp->name, name, s - name);
ifp->name[s - name] = '\0';
} else {
ifp->name = strdup(name);
}
ifp->hard_start_xmit = no_output;
return ifp;
}
void init_ifp()
{
FILE *fp;
struct ifnet *ifp, **ifa;
char fname[32];
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->hard_start_xmit = write_output;
sprintf(fname, "/tmp/%s", ifp->name);
if ((fp = fopen(fname, "w")))
fclose(fp);
}
}
void ipfr_fastroute(ip, fin, fdp)
ip_t *ip;
fr_info_t *fin;
frdest_t *fdp;
{
struct ifnet *ifp = fdp->fd_ifp;
if (!ifp)
return; /* no routing table out here */
ip->ip_len = htons((u_short)ip->ip_len);
ip->ip_off = htons((u_short)(ip->ip_off | IP_MF));
ip->ip_sum = 0;
(*ifp->hard_start_xmit)((mb_t *)ip, ifp);
}
int ipllog __P((void))
{
verbose("l");
return 0;
}
int send_reset(ip, ifp)
ip_t *ip;
struct ifnet *ifp;
{
verbose("- TCP RST sent\n");
return 0;
}
int icmp_error(ip, ifp)
ip_t *ip;
struct ifnet *ifp;
{
verbose("- TCP RST sent\n");
return 0;
}
#endif /* _KERNEL */

2
contrib/ipfilter/ip_lookup.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 2002-2003 by Darren Reed.

2
contrib/ipfilter/ip_lookup.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
#ifndef __IP_LOOKUP_H__

2
contrib/ipfilter/ip_msnrpc_pxy.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2003 by Darren Reed

2
contrib/ipfilter/ip_pool.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001, 2003 by Darren Reed.

2
contrib/ipfilter/ip_pool.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001, 2003 by Darren Reed.

2
contrib/ipfilter/ip_pptp_pxy.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 2002-2003 by Darren Reed

2
contrib/ipfilter/ip_rpcb_pxy.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 2002-2003 by Ryan Beasley <ryanb@goddamnbastard.org>

2
contrib/ipfilter/ip_scan.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1995-2001 by Darren Reed.

2
contrib/ipfilter/ip_scan.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.

991
contrib/ipfilter/ip_sfil.c
View File

@ -1,991 +0,0 @@
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* I hate legaleese, don't you ?
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.27 2003/06/12 16:03:14 darrenr Exp $";
#endif
#include <sys/types.h>
#include <sys/errno.h>
#include <sys/param.h>
#include <sys/cpuvar.h>
#include <sys/open.h>
#include <sys/ioctl.h>
#include <sys/filio.h>
#include <sys/systm.h>
#include <sys/cred.h>
#include <sys/ddi.h>
#include <sys/sunddi.h>
#include <sys/ksynch.h>
#include <sys/kmem.h>
#include <sys/mkdev.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/dditypes.h>
#include <sys/cmn_err.h>
#include <net/if.h>
#include <net/af.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_compat.h"
#ifdef USE_INET6
# include <netinet/icmp6.h>
#endif
#include "ip_fil.h"
#include "ip_state.h"
#include "ip_nat.h"
#include "ip_frag.h"
#include "ip_auth.h"
#include "ip_proxy.h"
#include <inet/ip_ire.h>
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
extern fr_flags, fr_active;
int fr_running = 0;
int ipl_unreach = ICMP_UNREACH_HOST;
u_long ipl_frouteok[2] = {0, 0};
static int frzerostats __P((caddr_t));
#if SOLARIS2 >= 7
static u_int *ip_ttl_ptr;
static u_int *ip_mtudisc;
#else
static u_long *ip_ttl_ptr;
static u_long *ip_mtudisc;
#endif
static int frrequest __P((minor_t, int, caddr_t, int));
static int send_ip __P((fr_info_t *fin, mblk_t *m));
kmutex_t ipl_mutex, ipf_authmx, ipf_rw;
KRWLOCK_T ipf_mutex, ipfs_mutex, ipf_solaris;
KRWLOCK_T ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth;
kcondvar_t iplwait, ipfauthwait;
int ipldetach()
{
int i;
#ifdef IPFDEBUG
cmn_err(CE_CONT, "ipldetach()\n");
#endif
#ifdef IPFILTER_LOG
for (i = IPL_LOGMAX; i >= 0; i--)
ipflog_clear(i);
#endif
i = frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE);
i += frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE);
ipfr_unload();
fr_stateunload();
ip_natunload();
cv_destroy(&iplwait);
cv_destroy(&ipfauthwait);
mutex_destroy(&ipf_authmx);
mutex_destroy(&ipl_mutex);
mutex_destroy(&ipf_rw);
RW_DESTROY(&ipf_mutex);
RW_DESTROY(&ipf_frag);
RW_DESTROY(&ipf_state);
RW_DESTROY(&ipf_natfrag);
RW_DESTROY(&ipf_nat);
RW_DESTROY(&ipf_auth);
RW_DESTROY(&ipfs_mutex);
/* NOTE: This lock is acquired in ipf_detach */
RWLOCK_EXIT(&ipf_solaris);
RW_DESTROY(&ipf_solaris);
return 0;
}
int iplattach __P((void))
{
int i;
#ifdef IPFDEBUG
cmn_err(CE_CONT, "iplattach()\n");
#endif
bzero((char *)frcache, sizeof(frcache));
mutex_init(&ipf_rw, "ipf rw mutex", MUTEX_DRIVER, NULL);
mutex_init(&ipl_mutex, "ipf log mutex", MUTEX_DRIVER, NULL);
mutex_init(&ipf_authmx, "ipf auth log mutex", MUTEX_DRIVER, NULL);
RWLOCK_INIT(&ipf_solaris, "ipf filter load/unload mutex", NULL);
RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock", NULL);
RWLOCK_INIT(&ipfs_mutex, "ipf solaris mutex", NULL);
RWLOCK_INIT(&ipf_frag, "ipf fragment rwlock", NULL);
RWLOCK_INIT(&ipf_state, "ipf IP state rwlock", NULL);
RWLOCK_INIT(&ipf_nat, "ipf IP NAT rwlock", NULL);
RWLOCK_INIT(&ipf_natfrag, "ipf IP NAT-Frag rwlock", NULL);
RWLOCK_INIT(&ipf_auth, "ipf IP User-Auth rwlock", NULL);
cv_init(&iplwait, "ipl condvar", CV_DRIVER, NULL);
cv_init(&ipfauthwait, "ipf auth condvar", CV_DRIVER, NULL);
#ifdef IPFILTER_LOG
ipflog_init();
#endif
if (nat_init() == -1)
return -1;
if (fr_stateinit() == -1)
return -1;
if (appr_init() == -1)
return -1;
ip_ttl_ptr = NULL;
ip_mtudisc = NULL;
/*
* XXX - There is no terminator for this array, so it is not possible
* to tell if what we are looking for is missing and go off the end
* of the array.
*/
for (i = 0; ; i++) {
if (strcmp(ip_param_arr[i].ip_param_name, "ip_def_ttl") == 0) {
ip_ttl_ptr = &ip_param_arr[i].ip_param_value;
} else if (strcmp(ip_param_arr[i].ip_param_name,
"ip_path_mtu_discovery") == 0) {
ip_mtudisc = &ip_param_arr[i].ip_param_value;
}
if (ip_mtudisc != NULL && ip_ttl_ptr != NULL)
break;
}
return 0;
}
static int frzerostats(data)
caddr_t data;
{
friostat_t fio;
int error;
fr_getstat(&fio);
error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio));
if (error)
return error;
bzero((char *)frstats, sizeof(*frstats) * 2);
return 0;
}
/*
* Filter ioctl interface.
*/
int iplioctl(dev, cmd, data, mode, cp, rp)
dev_t dev;
int cmd;
#if SOLARIS2 >= 7
intptr_t data;
#else
int *data;
#endif
int mode;
cred_t *cp;
int *rp;
{
int error = 0, tmp;
minor_t unit;
#ifdef IPFDEBUG
cmn_err(CE_CONT, "iplioctl(%x,%x,%x,%d,%x,%d)\n",
dev, cmd, data, mode, cp, rp);
#endif
unit = getminor(dev);
if (IPL_LOGMAX < unit)
return ENXIO;
if (fr_running == 0 && (cmd != SIOCFRENB || unit != IPL_LOGIPF))
return ENODEV;
if (fr_running <= 0)
return 0;
READ_ENTER(&ipf_solaris);
if (unit == IPL_LOGNAT) {
error = nat_ioctl((caddr_t)data, cmd, mode);
RWLOCK_EXIT(&ipf_solaris);
return error;
}
if (unit == IPL_LOGSTATE) {
error = fr_state_ioctl((caddr_t)data, cmd, mode);
RWLOCK_EXIT(&ipf_solaris);
return error;
}
if (unit == IPL_LOGAUTH) {
if ((cmd == SIOCADAFR) || (cmd == SIOCRMAFR)) {
if (!(mode & FWRITE)) {
error = EPERM;
} else {
error = frrequest(unit, cmd, (caddr_t)data,
fr_active);
}
} else {
error = fr_auth_ioctl((caddr_t)data, mode, cmd);
}
RWLOCK_EXIT(&ipf_solaris);
return error;
}
switch (cmd) {
case SIOCFRENB :
{
u_int enable;
if (!(mode & FWRITE))
error = EPERM;
else
error = IRCOPY((caddr_t)data, (caddr_t)&enable,
sizeof(enable));
break;
}
case SIOCSETFF :
if (!(mode & FWRITE))
error = EPERM;
else {
WRITE_ENTER(&ipf_mutex);
error = IRCOPY((caddr_t)data, (caddr_t)&fr_flags,
sizeof(fr_flags));
RWLOCK_EXIT(&ipf_mutex);
}
break;
case SIOCGETFF :
error = IWCOPY((caddr_t)&fr_flags, (caddr_t)data,
sizeof(fr_flags));
if (error)
error = EFAULT;
break;
case SIOCINAFR :
case SIOCRMAFR :
case SIOCADAFR :
case SIOCZRLST :
if (!(mode & FWRITE))
error = EPERM;
else
error = frrequest(unit, cmd, (caddr_t)data, fr_active);
break;
case SIOCINIFR :
case SIOCRMIFR :
case SIOCADIFR :
if (!(mode & FWRITE))
error = EPERM;
else
error = frrequest(unit, cmd, (caddr_t)data,
1 - fr_active);
break;
case SIOCSWAPA :
if (!(mode & FWRITE))
error = EPERM;
else {
WRITE_ENTER(&ipf_mutex);
bzero((char *)frcache, sizeof(frcache[0]) * 2);
error = IWCOPY((caddr_t)&fr_active, (caddr_t)data,
sizeof(fr_active));
if (error)
error = EFAULT;
fr_active = 1 - fr_active;
RWLOCK_EXIT(&ipf_mutex);
}
break;
case SIOCGETFS :
{
friostat_t fio;
READ_ENTER(&ipf_mutex);
fr_getstat(&fio);
RWLOCK_EXIT(&ipf_mutex);
error = IWCOPYPTR((caddr_t)&fio, (caddr_t)data, sizeof(fio));
if (error)
error = EFAULT;
break;
}
case SIOCFRZST :
if (!(mode & FWRITE))
error = EPERM;
else
error = frzerostats((caddr_t)data);
break;
case SIOCIPFFL :
if (!(mode & FWRITE))
error = EPERM;
else {
error = IRCOPY((caddr_t)data, (caddr_t)&tmp,
sizeof(tmp));
if (!error) {
tmp = frflush(unit, 4, tmp);
error = IWCOPY((caddr_t)&tmp, (caddr_t)data,
sizeof(tmp));
if (error)
error = EFAULT;
}
}
break;
#ifdef USE_INET6
case SIOCIPFL6 :
if (!(mode & FWRITE))
error = EPERM;
else {
error = IRCOPY((caddr_t)data, (caddr_t)&tmp,
sizeof(tmp));
if (!error) {
tmp = frflush(unit, 6, tmp);
error = IWCOPY((caddr_t)&tmp, (caddr_t)data,
sizeof(tmp));
if (error)
error = EFAULT;
}
}
break;
#endif
case SIOCSTLCK :
error = IRCOPY((caddr_t)data, (caddr_t)&tmp, sizeof(tmp));
if (!error) {
fr_state_lock = tmp;
fr_nat_lock = tmp;
fr_frag_lock = tmp;
fr_auth_lock = tmp;
} else
error = EFAULT;
break;
#ifdef IPFILTER_LOG
case SIOCIPFFB :
if (!(mode & FWRITE))
error = EPERM;
else {
tmp = ipflog_clear(unit);
error = IWCOPY((caddr_t)&tmp, (caddr_t)data,
sizeof(tmp));
if (error)
error = EFAULT;
}
break;
#endif /* IPFILTER_LOG */
case SIOCFRSYN :
if (!(mode & FWRITE))
error = EPERM;
else
error = ipfsync();
break;
case SIOCGFRST :
error = IWCOPYPTR((caddr_t)ipfr_fragstats(), (caddr_t)data,
sizeof(ipfrstat_t));
break;
case FIONREAD :
{
#ifdef IPFILTER_LOG
int copy = (int)iplused[IPL_LOGIPF];
error = IWCOPY((caddr_t)&copy, (caddr_t)data, sizeof(copy));
if (error)
error = EFAULT;
#endif
break;
}
default :
error = EINVAL;
break;
}
RWLOCK_EXIT(&ipf_solaris);
return error;
}
ill_t *get_unit(name, v)
char *name;
int v;
{
size_t len = strlen(name) + 1; /* includes \0 */
ill_t *il;
#if SOLARIS2 >= 10
ill_walk_context_t ctx;
#endif
int sap;
if (v == 4)
sap = 0x0800;
else if (v == 6)
sap = 0x86dd;
else
return NULL;
#if SOLARIS2 >= 10
for (il = ILL_START_WALK_ALL(&ctx); il; il = ill_next(&ctx, il))
#else
for (il = ill_g_head; il; il = il->ill_next)
#endif
if ((len == il->ill_name_length) && (il->ill_sap == sap) &&
!strncmp(il->ill_name, name, len))
return il;
return NULL;
}
static int frrequest(unit, req, data, set)
minor_t unit;
int req, set;
caddr_t data;
{
register frentry_t *fp, *f, **fprev;
register frentry_t **ftail;
frgroup_t *fg = NULL;
int error = 0, in, i;
u_int *p, *pp;
frdest_t *fdp;
frentry_t fr;
u_32_t group;
ipif_t *ipif;
ill_t *ill;
ire_t *ire;
fp = &fr;
error = IRCOPYPTR(data, (caddr_t)fp, sizeof(*fp));
if (error)
return EFAULT;
fp->fr_ref = 0;
#if SOLARIS2 >= 8
if (fp->fr_v == 4)
fp->fr_sap = IP_DL_SAP;
else if (fp->fr_v == 6)
fp->fr_sap = IP6_DL_SAP;
else
return EINVAL;
#else
fp->fr_sap = 0;
#endif
WRITE_ENTER(&ipf_mutex);
/*
* Check that the group number does exist and that if a head group
* has been specified, doesn't exist.
*/
if ((req != SIOCZRLST) && ((req == SIOCINAFR) || (req == SIOCINIFR) ||
(req == SIOCADAFR) || (req == SIOCADIFR)) && fp->fr_grhead &&
fr_findgroup(fp->fr_grhead, fp->fr_flags, unit, set, NULL)) {
error = EEXIST;
goto out;
}
if ((req != SIOCZRLST) && fp->fr_group &&
!fr_findgroup(fp->fr_group, fp->fr_flags, unit, set, NULL)) {
error = ESRCH;
goto out;
}
in = (fp->fr_flags & FR_INQUE) ? 0 : 1;
if (unit == IPL_LOGAUTH)
ftail = fprev = &ipauth;
else if ((fp->fr_flags & FR_ACCOUNT) && (fp->fr_v == 4))
ftail = fprev = &ipacct[in][set];
else if ((fp->fr_flags & (FR_OUTQUE|FR_INQUE)) && (fp->fr_v == 4))
ftail = fprev = &ipfilter[in][set];
#ifdef USE_INET6
else if ((fp->fr_flags & FR_ACCOUNT) && (fp->fr_v == 6))
ftail = fprev = &ipacct6[in][set];
else if ((fp->fr_flags & (FR_OUTQUE|FR_INQUE)) && (fp->fr_v == 6))
ftail = fprev = &ipfilter6[in][set];
#endif
else {
error = ESRCH;
goto out;
}
group = fp->fr_group;
if (group != 0) {
fg = fr_findgroup(group, fp->fr_flags, unit, set, NULL);
if (fg == NULL) {
error = ESRCH;
goto out;
}
ftail = fprev = fg->fg_start;
}
bzero((char *)frcache, sizeof(frcache[0]) * 2);
for (i = 0; i < 4; i++) {
if ((fp->fr_ifnames[i][1] == '\0') &&
((fp->fr_ifnames[i][0] == '-') ||
(fp->fr_ifnames[i][0] == '*'))) {
fp->fr_ifas[i] = NULL;
} else if (*fp->fr_ifnames[i]) {
fp->fr_ifas[i] = GETUNIT(fp->fr_ifnames[i], fp->fr_v);
if (!fp->fr_ifas[i])
fp->fr_ifas[i] = (void *)-1;
}
}
fdp = &fp->fr_dif;
fdp->fd_mp = NULL;
fp->fr_flags &= ~FR_DUP;
if (*fdp->fd_ifname) {
ill = get_unit(fdp->fd_ifname, (int)fp->fr_v);
if (!ill)
ire = (ire_t *)-1;
else if ((ipif = ill->ill_ipif) && (fp->fr_v == 4)) {
#if SOLARIS2 > 5
ire = ire_ctable_lookup(ipif->ipif_local_addr, 0,
IRE_LOCAL, NULL, NULL,
MATCH_IRE_TYPE);
#else
ire = ire_lookup_myaddr(ipif->ipif_local_addr);
#endif
if (!ire)
ire = (ire_t *)-1;
else
fp->fr_flags |= FR_DUP;
}
#ifdef USE_INET6
else if ((ipif = ill->ill_ipif) && (fp->fr_v == 6)) {
ire = ire_ctable_lookup_v6(&ipif->ipif_v6lcl_addr, 0,
IRE_LOCAL, NULL, NULL,
MATCH_IRE_TYPE);
if (!ire)
ire = (ire_t *)-1;
else
fp->fr_flags |= FR_DUP;
}
#endif
fdp->fd_ifp = (struct ifnet *)ire;
}
fdp = &fp->fr_tif;
fdp->fd_mp = NULL;
if (*fdp->fd_ifname) {
ill = get_unit(fdp->fd_ifname, (int)fp->fr_v);
if (!ill)
ire = (ire_t *)-1;
else if ((ipif = ill->ill_ipif) && (fp->fr_v == 4)) {
#if SOLARIS2 > 5
ire = ire_ctable_lookup(ipif->ipif_local_addr, 0,
IRE_LOCAL, NULL, NULL,
MATCH_IRE_TYPE);
#else
ire = ire_lookup_myaddr(ipif->ipif_local_addr);
#endif
if (!ire)
ire = (ire_t *)-1;
}
#ifdef USE_INET6
else if ((ipif = ill->ill_ipif) && (fp->fr_v == 6)) {
ire = ire_ctable_lookup_v6(&ipif->ipif_v6lcl_addr, 0,
IRE_LOCAL, NULL, NULL,
MATCH_IRE_TYPE);
if (!ire)
ire = (ire_t *)-1;
}
#endif
fdp->fd_ifp = (struct ifnet *)ire;
}
/*
* Look for a matching filter rule, but don't include the next or
* interface pointer in the comparison (fr_next, fr_ifa).
*/
for (fp->fr_cksum = 0, p = (u_int *)&fp->fr_ip, pp = &fp->fr_cksum;
p < pp; p++)
fp->fr_cksum += *p;
for (; (f = *ftail); ftail = &f->fr_next)
if ((fp->fr_cksum == f->fr_cksum) &&
!bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip, FR_CMPSIZ))
break;
/*
* If zero'ing statistics, copy current to caller and zero.
*/
if (req == SIOCZRLST) {
if (!f) {
error = ESRCH;
goto out;
}
MUTEX_DOWNGRADE(&ipf_mutex);
error = IWCOPYPTR((caddr_t)f, data, sizeof(*f));
if (error)
goto out;
f->fr_hits = 0;
f->fr_bytes = 0;
goto out;
}
if (!f) {
if (req != SIOCINAFR && req != SIOCINIFR)
while ((f = *ftail))
ftail = &f->fr_next;
else {
ftail = fprev;
if (fp->fr_hits) {
while (--fp->fr_hits && (f = *ftail))
ftail = &f->fr_next;
}
f = NULL;
}
}
if (req == SIOCRMAFR || req == SIOCRMIFR) {
if (!f)
error = ESRCH;
else {
/*
* Only return EBUSY if there is a group list, else
* it's probably just state information referencing
* the rule.
*/
if ((f->fr_ref > 1) && f->fr_grp) {
error = EBUSY;
goto out;
}
if (fg && fg->fg_head)
fg->fg_head->fr_ref--;
if (unit == IPL_LOGAUTH) {
return fr_preauthcmd(req, f, ftail);
}
if (f->fr_grhead)
fr_delgroup(f->fr_grhead, fp->fr_flags,
unit, set);
fixskip(fprev, f, -1);
*ftail = f->fr_next;
f->fr_next = NULL;
f->fr_ref--;
if (f->fr_ref == 0)
KFREE(f);
}
} else {
if (f) {
error = EEXIST;
} else {
if (unit == IPL_LOGAUTH) {
return fr_preauthcmd(req, fp, ftail);
}
KMALLOC(f, frentry_t *);
if (f != NULL) {
if (fg && fg->fg_head)
fg->fg_head->fr_ref++;
bcopy((char *)fp, (char *)f, sizeof(*f));
f->fr_ref = 1;
f->fr_hits = 0;
f->fr_next = *ftail;
*ftail = f;
if (req == SIOCINIFR || req == SIOCINAFR)
fixskip(fprev, f, 1);
f->fr_grp = NULL;
group = f->fr_grhead;
if (group != 0)
fg = fr_addgroup(group, f, unit, set);
} else
error = ENOMEM;
}
}
out:
RWLOCK_EXIT(&ipf_mutex);
return (error);
}
/*
* routines below for saving IP headers to buffer
*/
int iplopen(devp, flags, otype, cred)
dev_t *devp;
int flags, otype;
cred_t *cred;
{
minor_t min = getminor(*devp);
#ifdef IPFDEBUG
cmn_err(CE_CONT, "iplopen(%x,%x,%x,%x)\n", devp, flags, otype, cred);
#endif
if ((fr_running <= 0) || !(otype & OTYP_CHR))
return ENXIO;
min = (IPL_LOGMAX < min) ? ENXIO : 0;
return min;
}
int iplclose(dev, flags, otype, cred)
dev_t dev;
int flags, otype;
cred_t *cred;
{
minor_t min = getminor(dev);
#ifdef IPFDEBUG
cmn_err(CE_CONT, "iplclose(%x,%x,%x,%x)\n", dev, flags, otype, cred);
#endif
min = (IPL_LOGMAX < min) ? ENXIO : 0;
return min;
}
#ifdef IPFILTER_LOG
/*
* iplread/ipllog
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
int iplread(dev, uio, cp)
dev_t dev;
register struct uio *uio;
cred_t *cp;
{
#ifdef IPFDEBUG
cmn_err(CE_CONT, "iplread(%x,%x,%x)\n", dev, uio, cp);
#endif
return ipflog_read(getminor(dev), uio);
}
#endif /* IPFILTER_LOG */
/*
* send_reset - this could conceivably be a call to tcp_respond(), but that
* requires a large amount of setting up and isn't any more efficient.
*/
int send_reset(oip, fin)
ip_t *oip;
fr_info_t *fin;
{
tcphdr_t *tcp, *tcp2;
int tlen, hlen;
mblk_t *m;
#ifdef USE_INET6
ip6_t *ip6, *oip6 = (ip6_t *)oip;
#endif
ip_t *ip;
tcp = (struct tcphdr *)fin->fin_dp;
if (tcp->th_flags & TH_RST)
return -1;
tlen = (tcp->th_flags & (TH_SYN|TH_FIN)) ? 1 : 0;
#ifdef USE_INET6
if (fin->fin_v == 6)
hlen = sizeof(ip6_t);
else
#endif
hlen = sizeof(ip_t);
hlen += sizeof(*tcp2);
if ((m = (mblk_t *)allocb(hlen + 16, BPRI_HI)) == NULL)
return -1;
m->b_rptr += 16;
MTYPE(m) = M_DATA;
m->b_wptr = m->b_rptr + hlen;
bzero((char *)m->b_rptr, hlen);
tcp2 = (struct tcphdr *)(m->b_rptr + hlen - sizeof(*tcp2));
tcp2->th_dport = tcp->th_sport;
tcp2->th_sport = tcp->th_dport;
if (tcp->th_flags & TH_ACK) {
tcp2->th_seq = tcp->th_ack;
tcp2->th_flags = TH_RST;
} else {
tcp2->th_ack = ntohl(tcp->th_seq);
tcp2->th_ack += tlen;
tcp2->th_ack = htonl(tcp2->th_ack);
tcp2->th_flags = TH_RST|TH_ACK;
}
tcp2->th_off = sizeof(struct tcphdr) >> 2;
/*
* This is to get around a bug in the Solaris 2.4/2.5 TCP checksum
* computation that is done by their put routine.
*/
tcp2->th_sum = htons(0x14);
#ifdef USE_INET6
if (fin->fin_v == 6) {
ip6 = (ip6_t *)m->b_rptr;
ip6->ip6_src = oip6->ip6_dst;
ip6->ip6_dst = oip6->ip6_src;
ip6->ip6_plen = htons(sizeof(*tcp));
ip6->ip6_nxt = IPPROTO_TCP;
} else
#endif
{
ip = (ip_t *)m->b_rptr;
ip->ip_src.s_addr = oip->ip_dst.s_addr;
ip->ip_dst.s_addr = oip->ip_src.s_addr;
ip->ip_hl = sizeof(*ip) >> 2;
ip->ip_p = IPPROTO_TCP;
ip->ip_len = htons(sizeof(*ip) + sizeof(*tcp));
ip->ip_tos = oip->ip_tos;
}
return send_ip(fin, m);
}
int static send_ip(fin, m)
fr_info_t *fin;
mblk_t *m;
{
RWLOCK_EXIT(&ipfs_mutex);
RWLOCK_EXIT(&ipf_solaris);
#ifdef USE_INET6
if (fin->fin_v == 6) {
extern void ip_wput_v6 __P((queue_t *, mblk_t *));
ip6_t *ip6;
ip6 = (ip6_t *)m->b_rptr;
ip6->ip6_flow = 0;
ip6->ip6_vfc = 0x60;
ip6->ip6_hlim = 127;
ip_wput_v6(((qif_t *)fin->fin_qif)->qf_ill->ill_wq, m);
} else
#endif
{
ip_t *ip;
ip = (ip_t *)m->b_rptr;
ip->ip_v = IPVERSION;
ip->ip_ttl = (u_char)(*ip_ttl_ptr);
ip->ip_off = htons(*ip_mtudisc ? IP_DF : 0);
ip_wput(((qif_t *)fin->fin_qif)->qf_ill->ill_wq, m);
}
READ_ENTER(&ipf_solaris);
READ_ENTER(&ipfs_mutex);
return 0;
}
int send_icmp_err(oip, type, fin, dst)
ip_t *oip;
int type;
fr_info_t *fin;
int dst;
{
struct in_addr dst4;
struct icmp *icmp;
mblk_t *m, *mb;
int hlen, code;
qif_t *qif;
u_short sz;
ill_t *il;
#ifdef USE_INET6
ip6_t *ip6, *oip6;
#endif
ip_t *ip;
if ((type < 0) || (type > ICMP_MAXTYPE))
return -1;
code = fin->fin_icode;
#ifdef USE_INET6
if ((code < 0) || (code > sizeof(icmptoicmp6unreach)/sizeof(int)))
return -1;
#endif
qif = fin->fin_qif;
m = fin->fin_qfm;
#ifdef USE_INET6
if (oip->ip_v == 6) {
oip6 = (ip6_t *)oip;
sz = sizeof(ip6_t);
sz += MIN(m->b_wptr - m->b_rptr, 512);
hlen = sizeof(ip6_t);
type = icmptoicmp6types[type];
if (type == ICMP6_DST_UNREACH)
code = icmptoicmp6unreach[code];
} else
#endif
{
if ((oip->ip_p == IPPROTO_ICMP) &&
!(fin->fin_fi.fi_fl & FI_SHORT))
switch (ntohs(fin->fin_data[0]) >> 8)
{
case ICMP_ECHO :
case ICMP_TSTAMP :
case ICMP_IREQ :
case ICMP_MASKREQ :
break;
default :
return 0;
}
sz = sizeof(ip_t) * 2;
sz += 8; /* 64 bits of data */
hlen = sz;
}
sz += offsetof(struct icmp, icmp_ip);
if ((mb = (mblk_t *)allocb((size_t)sz + 16, BPRI_HI)) == NULL)
return -1;
MTYPE(mb) = M_DATA;
mb->b_rptr += 16;
mb->b_wptr = mb->b_rptr + sz;
bzero((char *)mb->b_rptr, (size_t)sz);
icmp = (struct icmp *)(mb->b_rptr + sizeof(*ip));
icmp->icmp_type = type;
icmp->icmp_code = code;
icmp->icmp_cksum = 0;
#ifdef icmp_nextmtu
if (type == ICMP_UNREACH && (il = qif->qf_ill) &&
fin->fin_icode == ICMP_UNREACH_NEEDFRAG)
icmp->icmp_nextmtu = htons(il->ill_max_frag);
#endif
#ifdef USE_INET6
if (oip->ip_v == 6) {
struct in6_addr dst6;
int csz;
if (dst == 0) {
if (fr_ifpaddr(6, ((qif_t *)fin->fin_qif)->qf_ill,
(struct in_addr *)&dst6) == -1)
return -1;
} else
dst6 = oip6->ip6_dst;
csz = sz;
sz -= sizeof(ip6_t);
ip6 = (ip6_t *)mb->b_rptr;
ip6->ip6_flow = 0;
ip6->ip6_vfc = 0x60;
ip6->ip6_hlim = 127;
ip6->ip6_plen = htons(sz);
ip6->ip6_nxt = IPPROTO_ICMPV6;
ip6->ip6_src = dst6;
ip6->ip6_dst = oip6->ip6_src;
sz -= offsetof(struct icmp, icmp_ip);
bcopy((char *)m->b_rptr, (char *)&icmp->icmp_ip, sz);
icmp->icmp_cksum = csz - sizeof(ip6_t);
} else
#endif
{
ip = (ip_t *)mb->b_rptr;
ip->ip_v = IPVERSION;
ip->ip_hl = (sizeof(*ip) >> 2);
ip->ip_p = IPPROTO_ICMP;
ip->ip_id = oip->ip_id;
ip->ip_sum = 0;
ip->ip_ttl = (u_char)(*ip_ttl_ptr);
ip->ip_tos = oip->ip_tos;
ip->ip_len = (u_short)htons(sz);
if (dst == 0) {
if (fr_ifpaddr(4, ((qif_t *)fin->fin_qif)->qf_ill,
&dst4) == -1)
return -1;
} else
dst4 = oip->ip_dst;
ip->ip_src = dst4;
ip->ip_dst = oip->ip_src;
bcopy((char *)oip, (char *)&icmp->icmp_ip, sizeof(*oip));
bcopy((char *)oip + (oip->ip_hl << 2),
(char *)&icmp->icmp_ip + sizeof(*oip), 8);
icmp->icmp_cksum = ipf_cksum((u_short *)icmp,
sizeof(*icmp) + 8);
}
/*
* Need to exit out of these so we don't recursively call rw_enter
* from fr_qout.
*/
return send_ip(fin, mb);
}

2
contrib/ipfilter/ip_sync.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1995-1998 by Darren Reed.

2
contrib/ipfilter/ip_sync.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.

764
contrib/ipfilter/ipf.c
View File

@ -1,764 +0,0 @@
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>
#include <errno.h>
#if !defined(__SVR4) && !defined(__GNUC__)
#include <strings.h>
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/file.h>
#include <stdlib.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <sys/time.h>
#include <net/if.h>
#if __FreeBSD_version >= 300000
# include <net/if_var.h>
#endif
#include <netinet/ip.h>
#include <netdb.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_nat.h"
#include "ip_state.h"
#include "ipf.h"
#include "ipl.h"
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.23 2003/06/27 14:39:13 darrenr Exp $";
#endif
#if SOLARIS
static void blockunknown __P((void));
#endif
#if !defined(__SVR4) && defined(__GNUC__)
extern char *index __P((const char *, int));
#endif
extern char *optarg;
extern int optind;
void frsync __P((void));
void zerostats __P((void));
int main __P((int, char *[]));
int opts = 0;
int use_inet6 = 0;
static int fd = -1;
static void procfile __P((char *, char *)), flushfilter __P((char *));
static int set_state __P((u_int));
static void showstats __P((friostat_t *));
static void packetlogon __P((char *)), swapactive __P((void));
static int opendevice __P((char *));
static void closedevice __P((void));
static char *getline __P((char *, size_t, FILE *, int *));
static char *ipfname = IPL_NAME;
static void usage __P((char *));
static int showversion __P((void));
static int get_flags __P((int *));
#if SOLARIS
# define OPTS "6AdDEf:F:Il:noPrsUvVyzZ"
#else
# define OPTS "6AdDEf:F:Il:noPrsvVyzZ"
#endif
static void usage(name)
char *name;
{
fprintf(stderr, "usage: %s [-%s] %s %s %s\n", name, OPTS,
"[-l block|pass|nomatch]", "[-F i|o|a|s|S]", "[-f filename]");
exit(1);
}
int main(argc,argv)
int argc;
char *argv[];
{
int c;
if (argc < 2)
usage(argv[0]);
while ((c = getopt(argc, argv, OPTS)) != -1) {
switch (c)
{
case '6' :
use_inet6 = 1;
break;
case 'A' :
opts &= ~OPT_INACTIVE;
break;
case 'E' :
if (set_state((u_int)1))
exit(1);
break;
case 'D' :
if (set_state((u_int)0))
exit(1);
break;
case 'd' :
opts |= OPT_DEBUG;
break;
case 'f' :
procfile(argv[0], optarg);
break;
case 'F' :
flushfilter(optarg);
break;
case 'I' :
opts |= OPT_INACTIVE;
break;
case 'l' :
packetlogon(optarg);
break;
case 'n' :
opts |= OPT_DONOTHING;
break;
case 'o' :
break;
case 'P' :
ipfname = IPL_AUTH;
break;
case 'r' :
opts |= OPT_REMOVE;
break;
case 's' :
swapactive();
break;
#if SOLARIS
case 'U' :
blockunknown();
break;
#endif
case 'v' :
opts += OPT_VERBOSE;
break;
case 'V' :
if (showversion())
exit(1);
break;
case 'y' :
frsync();
break;
case 'z' :
opts |= OPT_ZERORULEST;
break;
case 'Z' :
zerostats();
break;
case '?' :
default :
usage(argv[0]);
break;
}
}
if (optind < 2)
usage(argv[0]);
if (fd != -1)
(void) close(fd);
exit(0);
/* NOTREACHED */
}
static int opendevice(ipfdev)
char *ipfdev;
{
if (opts & OPT_DONOTHING)
return 0;
if (!ipfdev)
ipfdev = ipfname;
/*
* shouldn't we really be testing for fd < 0 here and below?
*/
if (fd != -1)
return 0;
if ((fd = open(ipfdev, O_RDWR)) == -1) {
if ((fd = open(ipfdev, O_RDONLY)) == -1) {
perror("open device");
if (errno == ENODEV)
fprintf(stderr, "IPFilter enabled?\n");
return -1;
}
}
return 0;
}
static void closedevice()
{
if (fd != -1)
close(fd);
fd = -1;
}
/*
* Return codes:
* 0 Success
* !0 Failure (and an error message has already been printed)
*/
static int get_flags(i)
int *i;
{
if (opts & OPT_DONOTHING)
return 0;
if (opendevice(ipfname) < 0)
return -1;
if (ioctl(fd, SIOCGETFF, i) == -1) {
perror("SIOCGETFF");
return -1;
}
return 0;
}
static int set_state(enable)
u_int enable;
{
if (opts & OPT_DONOTHING)
return 0;
if (opendevice(ipfname))
return -1;
if (ioctl(fd, SIOCFRENB, &enable) == -1) {
if (errno == EBUSY)
/* Not really an error */
fprintf(stderr,
"IP Filter: already initialized\n");
else {
perror("SIOCFRENB");
return -1;
}
}
return 0;
}
static void procfile(name, file)
char *name, *file;
{
FILE *fp;
char line[513], *s;
struct frentry *fr;
u_int add, del;
int linenum = 0;
int parsestatus;
if (opendevice(ipfname) == -1)
exit(1);
if (opts & OPT_INACTIVE) {
add = SIOCADIFR;
del = SIOCRMIFR;
} else {
add = SIOCADAFR;
del = SIOCRMAFR;
}
if (opts & OPT_DEBUG)
printf("add %x del %x\n", add, del);
initparse();
if (!strcmp(file, "-"))
fp = stdin;
else if (!(fp = fopen(file, "r"))) {
fprintf(stderr, "%s: fopen(%s) failed: %s\n", name, file,
STRERROR(errno));
exit(1);
}
while (getline(line, sizeof(line), fp, &linenum)) {
/*
* treat CR as EOL. LF is converted to NUL by getline().
*/
if ((s = index(line, '\r')))
*s = '\0';
/*
* # is comment marker, everything after is a ignored
*/
if ((s = index(line, '#')))
*s = '\0';
if (!*line)
continue;
if (opts & OPT_VERBOSE)
(void)fprintf(stderr, "[%s]\n", line);
parsestatus = 1;
fr = parse(line, linenum, &parsestatus);
(void)fflush(stdout);
if (parsestatus != 0) {
fprintf(stderr, "%s: %s: %s error (%d), quitting\n",
name, file,
((parsestatus < 0)? "parse": "internal"),
parsestatus);
exit(1);
}
if (fr) {
if (opts & OPT_ZERORULEST)
add = SIOCZRLST;
else if (opts & OPT_INACTIVE)
add = (u_int)fr->fr_hits ? SIOCINIFR :
SIOCADIFR;
else
add = (u_int)fr->fr_hits ? SIOCINAFR :
SIOCADAFR;
if (fr->fr_hits)
fr->fr_hits--;
if (fr && (opts & OPT_VERBOSE))
printfr(fr);
if (fr && (opts & OPT_OUTQUE))
fr->fr_flags |= FR_OUTQUE;
if (opts & OPT_DEBUG)
binprint(fr);
if ((opts & OPT_ZERORULEST) &&
!(opts & OPT_DONOTHING)) {
if (ioctl(fd, add, &fr) == -1) {
fprintf(stderr, "%d:", linenum);
perror("ioctl(SIOCZRLST)");
exit(1);
} else {
#ifdef USE_QUAD_T
printf("hits %qd bytes %qd ",
(long long)fr->fr_hits,
(long long)fr->fr_bytes);
#else
printf("hits %ld bytes %ld ",
fr->fr_hits, fr->fr_bytes);
#endif
printfr(fr);
}
} else if ((opts & OPT_REMOVE) &&
!(opts & OPT_DONOTHING)) {
if (ioctl(fd, del, &fr) == -1) {
fprintf(stderr, "%d:", linenum);
perror("ioctl(delete rule)");
exit(1);
}
} else if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, add, &fr) == -1) {
fprintf(stderr, "%d:", linenum);
perror("ioctl(add/insert rule)");
exit(1);
}
}
}
}
if (ferror(fp) || !feof(fp)) {
fprintf(stderr, "%s: %s: file error or line too long\n",
name, file);
exit(1);
}
(void)fclose(fp);
}
/*
* Similar to fgets(3) but can handle '\\' and NL is converted to NUL.
* Returns NULL if error occurred, EOF encounterd or input line is too long.
*/
static char *getline(str, size, file, linenum)
register char *str;
size_t size;
FILE *file;
int *linenum;
{
char *p;
int s, len;
do {
for (p = str, s = size;; p += (len - 1), s -= (len - 1)) {
/*
* if an error occurred, EOF was encounterd, or there
* was no room to put NUL, return NULL.
*/
if (fgets(p, s, file) == NULL)
return (NULL);
len = strlen(p);
if (p[len - 1] != '\n') {
p[len] = '\0';
break;
}
(*linenum)++;
p[len - 1] = '\0';
if (len < 2 || p[len - 2] != '\\')
break;
else
/*
* Convert '\\' to a space so words don't
* run together
*/
p[len - 2] = ' ';
}
} while (*str == '\0');
return (str);
}
static void packetlogon(opt)
char *opt;
{
int flag;
if (get_flags(&flag))
exit(1);
if (flag != 0) {
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE)
printf("log flag is currently %#x\n", flag);
}
flag &= ~(FF_LOGPASS|FF_LOGNOMATCH|FF_LOGBLOCK);
if (index(opt, 'p')) {
flag |= FF_LOGPASS;
if (opts & OPT_VERBOSE)
printf("set log flag: pass\n");
}
if (index(opt, 'm') && (*opt == 'n' || *opt == 'N')) {
flag |= FF_LOGNOMATCH;
if (opts & OPT_VERBOSE)
printf("set log flag: nomatch\n");
}
if (index(opt, 'b') || index(opt, 'd')) {
flag |= FF_LOGBLOCK;
if (opts & OPT_VERBOSE)
printf("set log flag: block\n");
}
if (opendevice(ipfname) == -1) {
exit(1);
}
if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, SIOCSETFF, &flag) != 0) {
perror("ioctl(SIOCSETFF)");
exit(1);
}
}
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
/*
* Even though the ioctls above succeeded, it
* is possible that a calling script/program
* relies on the following verbose mode string.
* Thus, we still take an error exit if get_flags
* fails here.
*/
if (get_flags(&flag))
exit(1);
printf("log flag is now %#x\n", flag);
}
}
static void flushfilter(arg)
char *arg;
{
int fl = 0, rem;
if (!arg || !*arg) {
fprintf(stderr, "-F: no filter specified\n");
exit(1);
}
if (!strcmp(arg, "s") || !strcmp(arg, "S")) {
if (*arg == 'S')
fl = 0;
else
fl = 1;
rem = fl;
closedevice();
if (opendevice(IPL_STATE) == -1) {
exit(1);
}
if (!(opts & OPT_DONOTHING)) {
if (use_inet6) {
if (ioctl(fd, SIOCIPFL6, &fl) == -1) {
perror("ioctl(SIOCIPFL6)");
exit(1);
}
} else {
if (ioctl(fd, SIOCIPFFL, &fl) == -1) {
perror("ioctl(SIOCIPFFL)");
exit(1);
}
}
}
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
printf("remove flags %s (%d)\n", arg, rem);
printf("removed %d filter rules\n", fl);
}
closedevice();
return;
}
if (strchr(arg, 'i') || strchr(arg, 'I'))
fl = FR_INQUE;
if (strchr(arg, 'o') || strchr(arg, 'O'))
fl = FR_OUTQUE;
if (strchr(arg, 'a') || strchr(arg, 'A'))
fl = FR_OUTQUE|FR_INQUE;
fl |= (opts & FR_INACTIVE);
rem = fl;
if (opendevice(ipfname) == -1) {
exit(1);
}
if (!(opts & OPT_DONOTHING)) {
if (use_inet6) {
if (ioctl(fd, SIOCIPFL6, &fl) == -1) {
perror("ioctl(SIOCIPFL6)");
exit(1);
}
} else {
if (ioctl(fd, SIOCIPFFL, &fl) == -1) {
perror("ioctl(SIOCIPFFL)");
exit(1);
}
}
}
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
printf("remove flags %s%s (%d)\n", (rem & FR_INQUE) ? "I" : "",
(rem & FR_OUTQUE) ? "O" : "", rem);
printf("removed %d filter rules\n", fl);
}
return;
}
static void swapactive()
{
int in = 2;
if (opendevice(ipfname) == -1) {
exit(1);
}
if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, SIOCSWAPA, &in) == -1) {
perror("ioctl(SIOCSWAPA)");
exit(1);
}
}
printf("Set %d now inactive\n", in);
}
void frsync()
{
int frsyn = 0;
if (opendevice(ipfname) == -1)
exit(1);
if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, SIOCFRSYN, &frsyn) == -1) {
perror("SIOCFRSYN");
exit(1);
}
}
printf("filter sync'd\n");
}
void zerostats()
{
friostat_t fio;
friostat_t *fiop = &fio;
if (opendevice(ipfname) == -1)
exit(1);
if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, SIOCFRZST, &fiop) == -1) {
perror("ioctl(SIOCFRZST)");
exit(-1);
}
showstats(fiop);
}
}
/*
* Read the kernel stats for packets blocked and passed
*/
static void showstats(fp)
friostat_t *fp;
{
#if SOLARIS
printf("dropped packets:\tin %lu\tout %lu\n",
fp->f_st[0].fr_drop, fp->f_st[1].fr_drop);
printf("non-ip packets:\t\tin %lu\tout %lu\n",
fp->f_st[0].fr_notip, fp->f_st[1].fr_notip);
printf(" bad packets:\t\tin %lu\tout %lu\n",
fp->f_st[0].fr_bad, fp->f_st[1].fr_bad);
#endif
printf(" input packets:\t\tblocked %lu passed %lu nomatch %lu",
fp->f_st[0].fr_block, fp->f_st[0].fr_pass,
fp->f_st[0].fr_nom);
printf(" counted %lu\n", fp->f_st[0].fr_acct);
printf("output packets:\t\tblocked %lu passed %lu nomatch %lu",
fp->f_st[1].fr_block, fp->f_st[1].fr_pass,
fp->f_st[1].fr_nom);
printf(" counted %lu\n", fp->f_st[0].fr_acct);
printf(" input packets logged:\tblocked %lu passed %lu\n",
fp->f_st[0].fr_bpkl, fp->f_st[0].fr_ppkl);
printf("output packets logged:\tblocked %lu passed %lu\n",
fp->f_st[1].fr_bpkl, fp->f_st[1].fr_ppkl);
printf(" packets logged:\tinput %lu-%lu output %lu-%lu\n",
fp->f_st[0].fr_pkl, fp->f_st[0].fr_skip,
fp->f_st[1].fr_pkl, fp->f_st[1].fr_skip);
}
#if SOLARIS
static void blockunknown()
{
int flag;
if (opendevice(ipfname) == -1)
exit(1);
if (get_flags(&flag))
exit(1);
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE)
printf("log flag is currently %#x\n", flag);
flag ^= FF_BLOCKNONIP;
if (opendevice(ipfname) == -1)
exit(1);
if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, SIOCSETFF, &flag))
perror("ioctl(SIOCSETFF)");
}
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
if (ioctl(fd, SIOCGETFF, &flag))
perror("ioctl(SIOCGETFF)");
printf("log flag is now %#x\n", flag);
}
}
#endif
/*
* nonzero return value means caller should exit with error
*/
static int showversion()
{
struct friostat fio;
struct friostat *fiop=&fio;
int flags, vfd;
char *s;
printf("ipf: %s (%d)\n", IPL_VERSION, (int)sizeof(frentry_t));
if ((vfd = open(ipfname, O_RDONLY)) == -1) {
perror("open device");
return 1;
}
if (ioctl(vfd, SIOCGETFS, &fiop)) {
perror("ioctl(SIOCGETFS)");
close(vfd);
return 1;
}
close(vfd);
printf("Kernel: %-*.*s\n", (int)sizeof(fio.f_version),
(int)sizeof(fio.f_version), fio.f_version);
printf("Running: %s\n", fio.f_running ? "yes" : "no");
if (get_flags(&flags)) {
return 1;
}
printf("Log Flags: %#x = ", flags);
s = "";
if (flags & FF_LOGPASS) {
printf("pass");
s = ", ";
}
if (flags & FF_LOGBLOCK) {
printf("%sblock", s);
s = ", ";
}
if (flags & FF_LOGNOMATCH) {
printf("%snomatch", s);
s = ", ";
}
if (flags & FF_BLOCKNONIP) {
printf("%snonip", s);
s = ", ";
}
if (!*s)
printf("none set");
putchar('\n');
printf("Default: ");
if (fio.f_defpass & FR_PASS)
s = "pass";
else if (fio.f_defpass & FR_BLOCK)
s = "block";
else
s = "nomatch -> block";
printf("%s all, Logging: %savailable\n", s, fio.f_logging ? "" : "un");
printf("Active list: %d\n", fio.f_active);
return 0;
}

2
contrib/ipfilter/ipf.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001, 2003 by Darren Reed.

859
contrib/ipfilter/ipfs.c
View File

@ -1,859 +0,0 @@
/*
* Copyright (C) 1999-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>
#include <errno.h>
#if !defined(__SVR4) && !defined(__GNUC__)
#include <strings.h>
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/file.h>
#include <stdlib.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <sys/time.h>
#include <net/if.h>
#if __FreeBSD_version >= 300000
# include <net/if_var.h>
#endif
#include <netinet/ip.h>
#include <netdb.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_nat.h"
#include "ip_state.h"
#include "ipf.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.15 2003/05/31 02:12:21 darrenr Exp $";
#endif
#ifndef IPF_SAVEDIR
# define IPF_SAVEDIR "/var/db/ipf"
#endif
#ifndef IPF_NATFILE
# define IPF_NATFILE "ipnat.ipf"
#endif
#ifndef IPF_STATEFILE
# define IPF_STATEFILE "ipstate.ipf"
#endif
#if !defined(__SVR4) && defined(__GNUC__)
extern char *index __P((const char *, int));
#endif
extern char *optarg;
extern int optind;
int main __P((int, char *[]));
void usage __P((void));
int changestateif __P((char *, char *));
int changenatif __P((char *, char *));
int readstate __P((int, char *));
int readnat __P((int, char *));
int writestate __P((int, char *));
int opendevice __P((char *));
void closedevice __P((int));
int setlock __P((int, int));
int writeall __P((char *));
int readall __P((char *));
int writenat __P((int, char *));
char *concat __P((char *, char *));
int opts = 0;
char *progname;
void usage()
{
fprintf(stderr, "\
usage: %s [-nv] -l\n\
usage: %s [-nv] -u\n\
usage: %s [-nv] [-d <dir>] -R\n\
usage: %s [-nv] [-d <dir>] -W\n\
usage: %s [-nv] -N [-f <file> | -d <dir>] -r\n\
usage: %s [-nv] -S [-f <file> | -d <dir>] -r\n\
usage: %s [-nv] -N [-f <file> | -d <dir>] -w\n\
usage: %s [-nv] -S [-f <file> | -d <dir>] -w\n\
usage: %s [-nv] -N [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
usage: %s [-nv] -S [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
", progname, progname, progname, progname, progname, progname,
progname, progname, progname, progname);
exit(1);
}
/*
* Change interface names in state information saved out to disk.
*/
int changestateif(ifs, fname)
char *ifs, *fname;
{
int fd, olen, nlen, rw;
ipstate_save_t ips;
off_t pos;
char *s;
s = strchr(ifs, ',');
if (!s)
usage();
*s++ = '\0';
nlen = strlen(s);
olen = strlen(ifs);
if (nlen >= sizeof(ips.ips_is.is_ifname) ||
olen >= sizeof(ips.ips_is.is_ifname))
usage();
fd = open(fname, O_RDWR);
if (fd == -1) {
perror("open");
exit(1);
}
for (pos = 0; read(fd, &ips, sizeof(ips)) == sizeof(ips); ) {
rw = 0;
if (!strncmp(ips.ips_is.is_ifname[0], ifs, olen + 1)) {
strcpy(ips.ips_is.is_ifname[0], s);
rw = 1;
}
if (!strncmp(ips.ips_is.is_ifname[1], ifs, olen + 1)) {
strcpy(ips.ips_is.is_ifname[1], s);
rw = 1;
}
if (rw == 1) {
if (lseek(fd, pos, SEEK_SET) != pos) {
perror("lseek");
exit(1);
}
if (write(fd, &ips, sizeof(ips)) != sizeof(ips)) {
perror("write");
exit(1);
}
}
pos = lseek(fd, 0, SEEK_CUR);
}
close(fd);
return 0;
}
/*
* Change interface names in NAT information saved out to disk.
*/
int changenatif(ifs, fname)
char *ifs, *fname;
{
int fd, olen, nlen, rw;
nat_save_t ipn;
nat_t *nat;
off_t pos;
char *s;
s = strchr(ifs, ',');
if (!s)
usage();
*s++ = '\0';
nlen = strlen(s);
olen = strlen(ifs);
nat = &ipn.ipn_nat;
if (nlen >= sizeof(nat->nat_ifname) || olen >= sizeof(nat->nat_ifname))
usage();
fd = open(fname, O_RDWR);
if (fd == -1) {
perror("open");
exit(1);
}
for (pos = 0; read(fd, &ipn, sizeof(ipn)) == sizeof(ipn); ) {
rw = 0;
if (!strncmp(nat->nat_ifname, ifs, olen + 1)) {
strcpy(nat->nat_ifname, s);
rw = 1;
}
if (rw == 1) {
if (lseek(fd, pos, SEEK_SET) != pos) {
perror("lseek");
exit(1);
}
if (write(fd, &ipn, sizeof(ipn)) != sizeof(ipn)) {
perror("write");
exit(1);
}
}
pos = lseek(fd, 0, SEEK_CUR);
}
close(fd);
return 0;
}
int main(argc,argv)
int argc;
char *argv[];
{
int c, lock = -1, devfd = -1, err = 0, rw = -1, ns = -1, set = 0;
char *dirname = NULL, *filename = NULL, *ifs = NULL;
progname = argv[0];
while ((c = getopt(argc, argv, "d:f:i:lNnSRruvWw")) != -1)
switch (c)
{
case 'd' :
if ((set == 0) && !dirname && !filename)
dirname = optarg;
else
usage();
break;
case 'f' :
if ((set == 1) && !dirname && !filename && !(rw & 2))
filename = optarg;
else
usage();
break;
case 'i' :
ifs = optarg;
set = 1;
break;
case 'l' :
if (filename || dirname || set)
usage();
lock = 1;
set = 1;
break;
case 'n' :
opts |= OPT_DONOTHING;
break;
case 'N' :
if ((ns >= 0) || dirname || (rw != -1) || set)
usage();
ns = 0;
set = 1;
break;
case 'r' :
if (dirname || (rw != -1) || (ns == -1))
usage();
rw = 0;
set = 1;
break;
case 'R' :
if (filename || (ns != -1))
usage();
rw = 2;
set = 1;
break;
case 'S' :
if ((ns >= 0) || dirname || (rw != -1) || set)
usage();
ns = 1;
set = 1;
break;
case 'u' :
if (filename || dirname || set)
usage();
lock = 0;
set = 1;
break;
case 'v' :
opts |= OPT_VERBOSE;
break;
case 'w' :
if (dirname || (rw != -1) || (ns == -1))
usage();
rw = 1;
set = 1;
break;
case 'W' :
if (filename || (ns != -1))
usage();
rw = 3;
set = 1;
break;
case '?' :
default :
usage();
}
if (optind < 2)
usage();
if (filename == NULL) {
if (ns == 0) {
if (dirname == NULL)
dirname = IPF_SAVEDIR;
if (dirname[strlen(dirname) - 1] != '/')
dirname = concat(dirname, "/");
filename = concat(dirname, IPF_NATFILE);
} else if (ns == 1) {
if (dirname == NULL)
dirname = IPF_SAVEDIR;
if (dirname[strlen(dirname) - 1] != '/')
dirname = concat(dirname, "/");
filename = concat(dirname, IPF_STATEFILE);
}
}
if (ifs) {
if (!filename || ns < 0)
usage();
if (ns == 0)
return changenatif(ifs, filename);
else
return changestateif(ifs, filename);
}
if ((ns >= 0) || (lock >= 0)) {
if (lock >= 0)
devfd = opendevice(NULL);
else if (ns >= 0) {
if (ns == 1)
devfd = opendevice(IPL_STATE);
else if (ns == 0)
devfd = opendevice(IPL_NAT);
}
if (devfd == -1)
exit(1);
}
if (lock >= 0)
err = setlock(devfd, lock);
else if (rw >= 0) {
if (rw & 1) { /* WRITE */
if (rw & 2)
err = writeall(dirname);
else {
if (ns == 0)
err = writenat(devfd, filename);
else if (ns == 1)
err = writestate(devfd, filename);
}
} else {
if (rw & 2)
err = readall(dirname);
else {
if (ns == 0)
err = readnat(devfd, filename);
else if (ns == 1)
err = readstate(devfd, filename);
}
}
}
return err;
}
char *concat(base, append)
char *base, *append;
{
char *str;
str = malloc(strlen(base) + strlen(append) + 1);
if (str != NULL) {
strcpy(str, base);
strcat(str, append);
}
return str;
}
int opendevice(ipfdev)
char *ipfdev;
{
int fd = -1;
if (opts & OPT_DONOTHING)
return -2;
if (!ipfdev)
ipfdev = IPL_NAME;
if ((fd = open(ipfdev, O_RDWR)) == -1)
if ((fd = open(ipfdev, O_RDONLY)) == -1)
perror("open device");
return fd;
}
void closedevice(fd)
int fd;
{
close(fd);
}
int setlock(fd, lock)
int fd, lock;
{
if (opts & OPT_VERBOSE)
printf("Turn lock %s\n", lock ? "on" : "off");
if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, SIOCSTLCK, &lock) == -1) {
perror("SIOCSTLCK");
return 1;
}
if (opts & OPT_VERBOSE)
printf("Lock now %s\n", lock ? "on" : "off");
}
return 0;
}
int writestate(fd, file)
int fd;
char *file;
{
ipstate_save_t ips, *ipsp;
int wfd = -1;
if (!file)
file = IPF_STATEFILE;
wfd = open(file, O_WRONLY|O_TRUNC|O_CREAT, 0600);
if (wfd == -1) {
fprintf(stderr, "%s ", file);
perror("state:open");
return 1;
}
ipsp = &ips;
bzero((char *)ipsp, sizeof(ips));
do {
if (opts & OPT_VERBOSE)
printf("Getting state from addr %p\n", ips.ips_next);
if (ioctl(fd, SIOCSTGET, &ipsp)) {
if (errno == ENOENT)
break;
perror("state:SIOCSTGET");
close(wfd);
return 1;
}
if (opts & OPT_VERBOSE)
printf("Got state next %p\n", ips.ips_next);
if (write(wfd, ipsp, sizeof(ips)) != sizeof(ips)) {
perror("state:write");
close(wfd);
return 1;
}
} while (ips.ips_next != NULL);
close(wfd);
return 0;
}
int readstate(fd, file)
int fd;
char *file;
{
ipstate_save_t ips, *is, *ipshead = NULL, *is1, *ipstail = NULL;
int sfd = -1, i;
if (!file)
file = IPF_STATEFILE;
sfd = open(file, O_RDONLY, 0600);
if (sfd == -1) {
fprintf(stderr, "%s ", file);
perror("open");
return 1;
}
bzero((char *)&ips, sizeof(ips));
/*
* 1. Read all state information in.
*/
do {
i = read(sfd, &ips, sizeof(ips));
if (i == -1) {
perror("read");
close(sfd);
return 1;
}
if (i == 0)
break;
if (i != sizeof(ips)) {
fprintf(stderr, "incomplete read: %d != %d\n", i,
(int)sizeof(ips));
close(sfd);
return 1;
}
is = (ipstate_save_t *)malloc(sizeof(*is));
if(!is) {
fprintf(stderr, "malloc failed\n");
return 1;
}
bcopy((char *)&ips, (char *)is, sizeof(ips));
/*
* Check to see if this is the first state entry that will
* reference a particular rule and if so, flag it as such
* else just adjust the rule pointer to become a pointer to
* the other. We do this so we have a means later for tracking
* who is referencing us when we get back the real pointer
* in is_rule after doing the ioctl.
*/
for (is1 = ipshead; is1 != NULL; is1 = is1->ips_next)
if (is1->ips_rule == is->ips_rule)
break;
if (is1 == NULL)
is->ips_is.is_flags |= FI_NEWFR;
else
is->ips_rule = (void *)&is1->ips_rule;
/*
* Use a tail-queue type list (add things to the end)..
*/
is->ips_next = NULL;
if (!ipshead)
ipshead = is;
if (ipstail)
ipstail->ips_next = is;
ipstail = is;
} while (1);
close(sfd);
for (is = ipshead; is; is = is->ips_next) {
if (opts & OPT_VERBOSE)
printf("Loading new state table entry\n");
if (is->ips_is.is_flags & FI_NEWFR) {
if (opts & OPT_VERBOSE)
printf("Loading new filter rule\n");
}
if (!(opts & OPT_DONOTHING))
if (ioctl(fd, SIOCSTPUT, &is)) {
perror("SIOCSTPUT");
return 1;
}
if (is->ips_is.is_flags & FI_NEWFR) {
if (opts & OPT_VERBOSE)
printf("Real rule addr %p\n", is->ips_rule);
for (is1 = is->ips_next; is1; is1 = is1->ips_next)
if (is1->ips_rule == (frentry_t *)&is->ips_rule)
is1->ips_rule = is->ips_rule;
}
}
return 0;
}
int readnat(fd, file)
int fd;
char *file;
{
nat_save_t ipn, *in, *ipnhead = NULL, *in1, *ipntail = NULL;
int nfd = -1, i;
nat_t *nat;
char *s;
int n;
if (!file)
file = IPF_NATFILE;
nfd = open(file, O_RDONLY);
if (nfd == -1) {
fprintf(stderr, "%s ", file);
perror("nat:open");
return 1;
}
bzero((char *)&ipn, sizeof(ipn));
/*
* 1. Read all state information in.
*/
do {
i = read(nfd, &ipn, sizeof(ipn));
if (i == -1) {
perror("read");
close(nfd);
return 1;
}
if (i == 0)
break;
if (i != sizeof(ipn)) {
fprintf(stderr, "incomplete read: %d != %d\n", i,
(int)sizeof(ipn));
close(nfd);
return 1;
}
if (ipn.ipn_dsize > 0) {
n = ipn.ipn_dsize;
if (n > sizeof(ipn.ipn_data))
n -= sizeof(ipn.ipn_data);
else
n = 0;
in = malloc(sizeof(*in) + n);
if (!in)
break;
if (n > 0) {
s = in->ipn_data + sizeof(in->ipn_data);
i = read(nfd, s, n);
if (i == 0)
break;
if (i != n) {
fprintf(stderr,
"incomplete read: %d != %d\n",
i, n);
close(nfd);
return 1;
}
}
} else
in = (nat_save_t *)malloc(sizeof(*in));
bcopy((char *)&ipn, (char *)in, sizeof(ipn));
/*
* Check to see if this is the first NAT entry that will
* reference a particular rule and if so, flag it as such
* else just adjust the rule pointer to become a pointer to
* the other. We do this so we have a means later for tracking
* who is referencing us when we get back the real pointer
* in is_rule after doing the ioctl.
*/
nat = &in->ipn_nat;
if (nat->nat_fr != NULL) {
for (in1 = ipnhead; in1 != NULL; in1 = in1->ipn_next)
if (in1->ipn_rule == nat->nat_fr)
break;
if (in1 == NULL)
nat->nat_flags |= FI_NEWFR;
else
nat->nat_fr = &in1->ipn_fr;
}
/*
* Use a tail-queue type list (add things to the end)..
*/
in->ipn_next = NULL;
if (!ipnhead)
ipnhead = in;
if (ipntail)
ipntail->ipn_next = in;
ipntail = in;
} while (1);
close(nfd);
nfd = -1;
for (in = ipnhead; in; in = in->ipn_next) {
if (opts & OPT_VERBOSE)
printf("Loading new NAT table entry\n");
nat = &in->ipn_nat;
if (nat->nat_flags & FI_NEWFR) {
if (opts & OPT_VERBOSE)
printf("Loading new filter rule\n");
}
if (!(opts & OPT_DONOTHING))
if (ioctl(fd, SIOCSTPUT, &in)) {
perror("SIOCSTPUT");
return 1;
}
if (nat->nat_flags & FI_NEWFR) {
if (opts & OPT_VERBOSE)
printf("Real rule addr %p\n", nat->nat_fr);
for (in1 = in->ipn_next; in1; in1 = in1->ipn_next)
if (in1->ipn_rule == &in->ipn_fr)
in1->ipn_rule = nat->nat_fr;
}
}
return 0;
}
int writenat(fd, file)
int fd;
char *file;
{
nat_save_t *ipnp = NULL, *next = NULL;
int nfd = -1;
natget_t ng;
if (!file)
file = IPF_NATFILE;
nfd = open(file, O_WRONLY|O_TRUNC|O_CREAT, 0600);
if (nfd == -1) {
fprintf(stderr, "%s ", file);
perror("nat:open");
return 1;
}
do {
if (opts & OPT_VERBOSE)
printf("Getting nat from addr %p\n", ipnp);
ng.ng_ptr = next;
ng.ng_sz = 0;
if (ioctl(fd, SIOCSTGSZ, &ng)) {
perror("nat:SIOCSTGSZ");
close(nfd);
return 1;
}
if (opts & OPT_VERBOSE)
printf("NAT size %d from %p\n", ng.ng_sz, ng.ng_ptr);
if (ng.ng_sz == 0)
break;
if (!ipnp)
ipnp = malloc(ng.ng_sz);
else
ipnp = realloc((char *)ipnp, ng.ng_sz);
if (!ipnp) {
fprintf(stderr,
"malloc for %d bytes failed\n", ng.ng_sz);
break;
}
bzero((char *)ipnp, ng.ng_sz);
ipnp->ipn_next = next;
if (ioctl(fd, SIOCSTGET, &ipnp)) {
if (errno == ENOENT)
break;
perror("nat:SIOCSTGET");
close(nfd);
return 1;
}
if (opts & OPT_VERBOSE)
printf("Got nat next %p\n", ipnp->ipn_next);
if (write(nfd, ipnp, ng.ng_sz) != ng.ng_sz) {
perror("nat:write");
close(nfd);
return 1;
}
next = ipnp->ipn_next;
} while (ipnp && next);
close(nfd);
return 0;
}
int writeall(dirname)
char *dirname;
{
int fd, devfd;
if (!dirname)
dirname = IPF_SAVEDIR;
if (chdir(dirname)) {
fprintf(stderr, "IPF_SAVEDIR=%s: ", dirname);
perror("chdir(IPF_SAVEDIR)");
return 1;
}
fd = opendevice(NULL);
if (fd == -1)
return 1;
if (setlock(fd, 1)) {
close(fd);
return 1;
}
devfd = opendevice(IPL_STATE);
if (devfd == -1)
goto bad;
if (writestate(devfd, NULL))
goto bad;
close(devfd);
devfd = opendevice(IPL_NAT);
if (devfd == -1)
goto bad;
if (writenat(devfd, NULL))
goto bad;
close(devfd);
if (setlock(fd, 0)) {
close(fd);
return 1;
}
return 0;
bad:
setlock(fd, 0);
close(fd);
return 1;
}
int readall(dirname)
char *dirname;
{
int fd, devfd;
if (!dirname)
dirname = IPF_SAVEDIR;
if (chdir(dirname)) {
perror("chdir(IPF_SAVEDIR)");
return 1;
}
fd = opendevice(NULL);
if (fd == -1)
return 1;
if (setlock(fd, 1)) {
close(fd);
return 1;
}
devfd = opendevice(IPL_STATE);
if (devfd == -1)
return 1;
if (readstate(devfd, NULL))
return 1;
close(devfd);
devfd = opendevice(IPL_NAT);
if (devfd == -1)
return 1;
if (readnat(devfd, NULL))
return 1;
close(devfd);
if (setlock(fd, 0)) {
close(fd);
return 1;
}
return 0;
}

155
contrib/ipfilter/ipft_ef.c
View File

@ -1,155 +0,0 @@
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
icmp type
lnth proto source destination src port dst port
etherfind -n
60 tcp 128.250.20.20 128.250.133.13 2419 telnet
etherfind -n -t
0.32 91 04 131.170.1.10 128.250.133.13
0.33 566 udp 128.250.37.155 128.250.133.3 901 901
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__GNUC__)
#include <strings.h>
#endif
#include <sys/types.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/param.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#include <net/if.h>
#include <netdb.h>
#include "ip_compat.h"
#include <netinet/tcpip.h>
#include "ipf.h"
#include "ipt.h"
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2.2.5 2003/05/19 12:02:35 darrenr Exp $";
#endif
static int etherf_open __P((char *));
static int etherf_close __P((void));
static int etherf_readip __P((char *, int, char **, int *));
struct ipread etherf = { etherf_open, etherf_close, etherf_readip };
static FILE *efp = NULL;
static int efd = -1;
static int etherf_open(fname)
char *fname;
{
if (efd != -1)
return efd;
if (!strcmp(fname, "-")) {
efd = 0;
efp = stdin;
} else {
efd = open(fname, O_RDONLY);
efp = fdopen(efd, "r");
}
return efd;
}
static int etherf_close()
{
return close(efd);
}
static int etherf_readip(buf, cnt, ifn, dir)
char *buf, **ifn;
int cnt, *dir;
{
struct tcpiphdr pkt;
ip_t *ip = (ip_t *)&pkt;
struct protoent *p = NULL;
char src[16], dst[16], sprt[16], dprt[16];
char lbuf[128], len[8], prot[8], time[8], *s;
int slen, extra = 0, i;
if (!fgets(lbuf, sizeof(lbuf) - 1, efp))
return 0;
if ((s = strchr(lbuf, '\n')))
*s = '\0';
lbuf[sizeof(lbuf)-1] = '\0';
bzero(&pkt, sizeof(pkt));
if (sscanf(lbuf, "%7s %7s %15s %15s %15s %15s", len, prot, src, dst,
sprt, dprt) != 6)
if (sscanf(lbuf, "%7s %7s %7s %15s %15s %15s %15s", time,
len, prot, src, dst, sprt, dprt) != 7)
return -1;
ip->ip_p = atoi(prot);
if (ip->ip_p == 0) {
if (!(p = getprotobyname(prot)))
return -1;
ip->ip_p = p->p_proto;
}
switch (ip->ip_p) {
case IPPROTO_TCP :
case IPPROTO_UDP :
s = strtok(NULL, " :");
ip->ip_len += atoi(s);
if (p->p_proto == IPPROTO_TCP)
extra = sizeof(struct tcphdr);
else if (p->p_proto == IPPROTO_UDP)
extra = sizeof(struct udphdr);
break;
#ifdef IGMP
case IPPROTO_IGMP :
extra = sizeof(struct igmp);
break;
#endif
case IPPROTO_ICMP :
extra = sizeof(struct icmp);
break;
default :
break;
}
(void) inet_aton(src, &ip->ip_src);
(void) inet_aton(dst, &ip->ip_dst);
ip->ip_len = atoi(len);
ip->ip_hl = sizeof(ip_t);
slen = ip->ip_hl + extra;
i = MIN(cnt, slen);
bcopy((char *)&pkt, buf, i);
return i;
}

173
contrib/ipfilter/ipft_hx.c
View File

@ -1,173 +0,0 @@
/*
* Copyright (C) 1995-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <ctype.h>
#include <assert.h>
#include <string.h>
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
#include <strings.h>
#else
#include <sys/byteorder.h>
#endif
#include <sys/param.h>
#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <netinet/ip_icmp.h>
#include <net/if.h>
#include <netdb.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include "ip_compat.h"
#include <netinet/tcpip.h>
#include "ipf.h"
#include "ipt.h"
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 2.2.2.6 2002/12/06 11:40:25 darrenr Exp $";
#endif
extern int opts;
static int hex_open __P((char *));
static int hex_close __P((void));
static int hex_readip __P((char *, int, char **, int *));
static char *readhex __P((char *, char *));
struct ipread iphex = { hex_open, hex_close, hex_readip };
static FILE *tfp = NULL;
static int tfd = -1;
static int hex_open(fname)
char *fname;
{
if (tfp && tfd != -1) {
rewind(tfp);
return tfd;
}
if (!strcmp(fname, "-")) {
tfd = 0;
tfp = stdin;
} else {
tfd = open(fname, O_RDONLY);
if (tfd != -1)
tfp = fdopen(tfd, "r");
}
return tfd;
}
static int hex_close()
{
int cfd = tfd;
tfd = -1;
return close(cfd);
}
static int hex_readip(buf, cnt, ifn, dir)
char *buf, **ifn;
int cnt, *dir;
{
register char *s, *t, *u;
char line[513];
ip_t *ip;
/*
* interpret start of line as possibly "[ifname]" or
* "[in/out,ifname]".
*/
if (ifn)
*ifn = NULL;
if (dir)
*dir = 0;
ip = (ip_t *)buf;
while (fgets(line, sizeof(line)-1, tfp)) {
if ((s = index(line, '\n'))) {
if (s == line)
return (char *)ip - buf;
*s = '\0';
}
if ((s = index(line, '#')))
*s = '\0';
if (!*line)
continue;
if (!(opts & OPT_BRIEF)) {
printf("input: %s\n", line);
fflush(stdout);
}
if ((*line == '[') && (s = index(line, ']'))) {
t = line + 1;
if (s - t > 0) {
*s++ = '\0';
if ((u = index(t, ',')) && (u < s)) {
u++;
if (ifn)
*ifn = strdup(u);
if (dir) {
if (*t == 'i')
*dir = 0;
else if (*t == 'o')
*dir = 1;
}
} else if (ifn)
*ifn = t;
}
} else
s = line;
ip = (ip_t *)readhex(s, (char *)ip);
}
return -1;
}
static char *readhex(src, dst)
register char *src, *dst;
{
int state = 0;
char c;
while ((c = *src++)) {
if (isspace(c)) {
if (state) {
dst++;
state = 0;
}
continue;
} else if ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') ||
(c >= 'A' && c <= 'F')) {
c = isdigit(c) ? (c - '0') : (toupper(c) - 55);
if (state == 0) {
*dst = (c << 4);
state++;
} else {
*dst++ |= c;
state = 0;
}
} else
break;
}
return dst;
}

275
contrib/ipfilter/ipft_pc.c
View File

@ -1,275 +0,0 @@
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__GNUC__)
#include <strings.h>
#endif
#include <sys/types.h>
#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/if.h>
#include "ip_compat.h"
#include <netinet/tcpip.h>
#include "ipf.h"
#include "pcap.h"
#include "bpf.h"
#include "ipt.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 2.2.2.5 2002/12/06 11:40:25 darrenr Exp $";
#endif
struct llc {
int lc_type;
int lc_sz; /* LLC header length */
int lc_to; /* LLC Type offset */
int lc_tl; /* LLC Type length */
};
/*
* While many of these maybe the same, some do have different header formats
* which make this useful.
*/
static struct llc llcs[] = {
{ DLT_NULL, 0, 0, 0 },
{ DLT_EN10MB, 14, 12, 2 },
{ DLT_EN3MB, 0, 0, 0 },
{ DLT_AX25, 0, 0, 0 },
{ DLT_PRONET, 0, 0, 0 },
{ DLT_CHAOS, 0, 0, 0 },
{ DLT_IEEE802, 0, 0, 0 },
{ DLT_ARCNET, 0, 0, 0 },
{ DLT_SLIP, 0, 0, 0 },
{ DLT_PPP, 0, 0, 0 },
{ DLT_FDDI, 0, 0, 0 },
#ifdef DLT_ATMRFC1483
{ DLT_ATMRFC1483, 0, 0, 0 },
#endif
{ DLT_RAW, 0, 0, 0 },
#ifdef DLT_ENC
{ DLT_ENC, 0, 0, 0 },
#endif
#ifdef DLT_SLIP_BSDOS
{ DLT_SLIP_BSDOS, 0, 0, 0 },
#endif
#ifdef DLT_PPP_BSDOS
{ DLT_PPP_BSDOS, 0, 0, 0 },
#endif
#ifdef DLT_HIPPI
{ DLT_HIPPI, 0, 0, 0 },
#endif
#ifdef DLT_HDLC
{ DLT_HDLC, 0, 0, 0 },
#endif
#ifdef DLT_PPP_SERIAL
{ DLT_PPP_SERIAL, 4, 4, 0 },
#endif
#ifdef DLT_PPP_ETHER
{ DLT_PPP_ETHER, 8, 8, 0 },
#endif
#ifdef DLT_ECONET
{ DLT_ECONET, 0, 0, 0 },
#endif
{ -1, -1, -1, -1 }
};
static int pcap_open __P((char *));
static int pcap_close __P((void));
static int pcap_readip __P((char *, int, char **, int *));
static void swap_hdr __P((pcaphdr_t *));
static int pcap_read_rec __P((struct pcap_pkthdr *));
static int pfd = -1, s_type = -1, swapped = 0;
static struct llc *llcp = NULL;
struct ipread pcap = { pcap_open, pcap_close, pcap_readip };
#define SWAPLONG(y) \
((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
#define SWAPSHORT(y) \
( (((y)&0xff)<<8) | (((y)&0xff00)>>8) )
static void swap_hdr(p)
pcaphdr_t *p;
{
p->pc_v_maj = SWAPSHORT(p->pc_v_maj);
p->pc_v_min = SWAPSHORT(p->pc_v_min);
p->pc_zone = SWAPLONG(p->pc_zone);
p->pc_sigfigs = SWAPLONG(p->pc_sigfigs);
p->pc_slen = SWAPLONG(p->pc_slen);
p->pc_type = SWAPLONG(p->pc_type);
}
static int pcap_open(fname)
char *fname;
{
pcaphdr_t ph;
int fd, i;
if (pfd != -1)
return pfd;
if (!strcmp(fname, "-"))
fd = 0;
else if ((fd = open(fname, O_RDONLY)) == -1)
return -1;
if (read(fd, (char *)&ph, sizeof(ph)) != sizeof(ph))
return -2;
if (ph.pc_id != TCPDUMP_MAGIC) {
if (SWAPLONG(ph.pc_id) != TCPDUMP_MAGIC) {
(void) close(fd);
return -2;
}
swapped = 1;
swap_hdr(&ph);
}
if (ph.pc_v_maj != PCAP_VERSION_MAJ) {
(void) close(fd);
return -2;
}
for (i = 0; llcs[i].lc_type != -1; i++)
if (llcs[i].lc_type == ph.pc_type) {
llcp = llcs + i;
break;
}
if (llcp == NULL) {
(void) close(fd);
return -2;
}
pfd = fd;
s_type = ph.pc_type;
printf("opened pcap file %s:\n", fname);
printf("\tid: %08x version: %d.%d type: %d snap %d\n",
ph.pc_id, ph.pc_v_maj, ph.pc_v_min, ph.pc_type, ph.pc_slen);
return fd;
}
static int pcap_close()
{
return close(pfd);
}
/*
* read in the header (and validate) which should be the first record
* in a pcap file.
*/
static int pcap_read_rec(rec)
struct pcap_pkthdr *rec;
{
int n, p;
if (read(pfd, (char *)rec, sizeof(*rec)) != sizeof(*rec))
return -2;
if (swapped) {
rec->ph_clen = SWAPLONG(rec->ph_clen);
rec->ph_len = SWAPLONG(rec->ph_len);
rec->ph_ts.tv_sec = SWAPLONG(rec->ph_ts.tv_sec);
rec->ph_ts.tv_usec = SWAPLONG(rec->ph_ts.tv_usec);
}
p = rec->ph_clen;
n = MIN(p, rec->ph_len);
if (!n || n < 0)
return -3;
return p;
}
#ifdef notyet
/*
* read an entire pcap packet record. only the data part is copied into
* the available buffer, with the number of bytes copied returned.
*/
static int pcap_read(buf, cnt)
char *buf;
int cnt;
{
struct pcap_pkthdr rec;
static char *bufp = NULL;
int i, n;
if ((i = pcap_read_rec(&rec)) <= 0)
return i;
if (!bufp)
bufp = malloc(i);
else
bufp = realloc(bufp, i);
if (read(pfd, bufp, i) != i)
return -2;
n = MIN(i, cnt);
bcopy(bufp, buf, n);
return n;
}
#endif
/*
* return only an IP packet read into buf
*/
static int pcap_readip(buf, cnt, ifn, dir)
char *buf, **ifn;
int cnt, *dir;
{
static char *bufp = NULL;
struct pcap_pkthdr rec;
struct llc *l;
char *s, ty[4];
int i, n;
l = llcp;
/* do { */
if ((i = pcap_read_rec(&rec)) <= 0)
return i;
if (!bufp)
bufp = malloc(i);
else
bufp = realloc(bufp, i);
s = bufp;
if (read(pfd, s, i) != i)
return -2;
i -= l->lc_sz;
s += l->lc_to;
bcopy(s, ty, l->lc_tl);
s += l->lc_tl;
/* } while (ty[0] != 0x8 && ty[1] != 0); */
n = MIN(i, cnt);
bcopy(s, buf, n);
return n;
}

219
contrib/ipfilter/ipft_sn.c
View File

@ -1,219 +0,0 @@
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* Written to comply with the recent RFC 1761 from Sun.
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__GNUC__)
#include <strings.h>
#endif
#include <sys/types.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/param.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/if.h>
#include "ip_compat.h"
#include <netinet/tcpip.h>
#include "ipf.h"
#include "snoop.h"
#include "ipt.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 2.2.2.4 2002/12/06 11:40:26 darrenr Exp $";
#endif
struct llc {
int lc_sz; /* LLC header length */
int lc_to; /* LLC Type offset */
int lc_tl; /* LLC Type length */
};
/*
* While many of these maybe the same, some do have different header formats
* which make this useful.
*/
static struct llc llcs[SDL_MAX+1] = {
{ 0, 0, 0 }, /* SDL_8023 */
{ 0, 0, 0 }, /* SDL_8024 */
{ 0, 0, 0 }, /* SDL_8025 */
{ 0, 0, 0 }, /* SDL_8026 */
{ 14, 12, 2 }, /* SDL_ETHER */
{ 0, 0, 0 }, /* SDL_HDLC */
{ 0, 0, 0 }, /* SDL_CHSYNC */
{ 0, 0, 0 }, /* SDL_IBMCC */
{ 0, 0, 0 }, /* SDL_FDDI */
{ 0, 0, 0 }, /* SDL_OTHER */
};
static int snoop_open __P((char *));
static int snoop_close __P((void));
static int snoop_readip __P((char *, int, char **, int *));
static int sfd = -1, s_type = -1;
static int snoop_read_rec __P((struct snooppkt *));
struct ipread snoop = { snoop_open, snoop_close, snoop_readip };
static int snoop_open(fname)
char *fname;
{
struct snoophdr sh;
int fd;
int s_v;
if (sfd != -1)
return sfd;
if (!strcmp(fname, "-"))
fd = 0;
else if ((fd = open(fname, O_RDONLY)) == -1)
return -1;
if (read(fd, (char *)&sh, sizeof(sh)) != sizeof(sh))
return -2;
s_v = (int)ntohl(sh.s_v);
s_type = (int)ntohl(sh.s_type);
if (s_v != SNOOP_VERSION ||
s_type < 0 || s_type > SDL_MAX) {
(void) close(fd);
return -2;
}
sfd = fd;
printf("opened snoop file %s:\n", fname);
printf("\tid: %8.8s version: %d type: %d\n", sh.s_id, s_v, s_type);
return fd;
}
static int snoop_close()
{
return close(sfd);
}
/*
* read in the header (and validate) which should be the first record
* in a snoop file.
*/
static int snoop_read_rec(rec)
struct snooppkt *rec;
{
int n, plen, ilen;
if (read(sfd, (char *)rec, sizeof(*rec)) != sizeof(*rec))
return -2;
ilen = (int)ntohl(rec->sp_ilen);
plen = (int)ntohl(rec->sp_plen);
if (ilen > plen || plen < sizeof(*rec))
return -2;
plen -= sizeof(*rec);
n = MIN(plen, ilen);
if (!n || n < 0)
return -3;
return plen;
}
#ifdef notyet
/*
* read an entire snoop packet record. only the data part is copied into
* the available buffer, with the number of bytes copied returned.
*/
static int snoop_read(buf, cnt)
char *buf;
int cnt;
{
struct snooppkt rec;
static char *bufp = NULL;
int i, n;
if ((i = snoop_read_rec(&rec)) <= 0)
return i;
if (!bufp)
bufp = malloc(i);
else
bufp = realloc(bufp, i);
if (read(sfd, bufp, i) != i)
return -2;
n = MIN(i, cnt);
bcopy(bufp, buf, n);
return n;
}
#endif
/*
* return only an IP packet read into buf
*/
static int snoop_readip(buf, cnt, ifn, dir)
char *buf, **ifn;
int cnt, *dir;
{
static char *bufp = NULL;
struct snooppkt rec;
struct llc *l;
char ty[4], *s;
int i, n;
do {
if ((i = snoop_read_rec(&rec)) <= 0)
return i;
if (!bufp)
bufp = malloc(i);
else
bufp = realloc(bufp, i);
s = bufp;
if (read(sfd, s, i) != i)
return -2;
l = &llcs[s_type];
i -= l->lc_to;
s += l->lc_to;
/*
* XXX - bogus assumption here on the part of the time field
* that it won't be greater than 4 bytes and the 1st two will
* have the values 8 and 0 for IP. Should be a table of
* these too somewhere. Really only works for SDL_ETHER.
*/
bcopy(s, ty, l->lc_tl);
} while (ty[0] != 0x8 && ty[1] != 0);
i -= l->lc_tl;
s += l->lc_tl;
n = MIN(i, cnt);
bcopy(s, buf, n);
return n;
}

193
contrib/ipfilter/ipft_td.c
View File

@ -1,193 +0,0 @@
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
tcpdump -n
00:05:47.816843 128.231.76.76.3291 > 224.2.252.231.36573: udp 36 (encap)
tcpdump -nq
00:33:48.410771 192.73.213.11.1463 > 224.2.248.153.59360: udp 31 (encap)
tcpdump -nqt
128.250.133.13.23 > 128.250.20.20.2419: tcp 27
tcpdump -nqtt
123456789.1234567 128.250.133.13.23 > 128.250.20.20.2419: tcp 27
tcpdump -nqte
8:0:20:f:65:f7 0:0:c:1:8a:c5 81: 128.250.133.13.23 > 128.250.20.20.2419: tcp 27
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__GNUC__)
#include <strings.h>
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#include <net/if.h>
#include <netdb.h>
#include "ip_compat.h"
#include <netinet/tcpip.h>
#include "ipf.h"
#include "ipt.h"
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2.2.6 2003/05/31 02:13:04 darrenr Exp $";
#endif
static int tcpd_open __P((char *));
static int tcpd_close __P((void));
static int tcpd_readip __P((char *, int, char **, int *));
static int count_dots __P((char *));
struct ipread tcpd = { tcpd_open, tcpd_close, tcpd_readip };
static FILE *tfp = NULL;
static int tfd = -1;
static int tcpd_open(fname)
char *fname;
{
if (tfd != -1)
return tfd;
if (!strcmp(fname, "-")) {
tfd = 0;
tfp = stdin;
} else {
tfd = open(fname, O_RDONLY);
tfp = fdopen(tfd, "r");
}
return tfd;
}
static int tcpd_close()
{
(void) fclose(tfp);
return close(tfd);
}
static int count_dots(str)
char *str;
{
int i = 0;
while (*str)
if (*str++ == '.')
i++;
return i;
}
static int tcpd_readip(buf, cnt, ifn, dir)
char *buf, **ifn;
int cnt, *dir;
{
struct tcpiphdr pkt;
ip_t *ip = (ip_t *)&pkt;
struct protoent *p;
char src[32], dst[32], misc[256], time[32], link1[32], link2[32];
char lbuf[160], *s;
int n, slen, extra = 0;
if (!fgets(lbuf, sizeof(lbuf) - 1, tfp))
return 0;
if ((s = strchr(lbuf, '\n')))
*s = '\0';
lbuf[sizeof(lbuf)-1] = '\0';
bzero(&pkt, sizeof(pkt));
if ((n = sscanf(lbuf, "%31s > %31s: %255s", src, dst, misc)) != 3)
if ((n = sscanf(lbuf, "%31s %31s > %31s: %255s",
time, src, dst, misc)) != 4)
if ((n = sscanf(lbuf, "%31s %31s: %31s > %31s: %255s",
link1, link2, src, dst, misc)) != 5) {
n = sscanf(lbuf,
"%31s %31s %31s: %31s > %31s: %255s",
time, link1, link2, src, dst, misc);
if (n != 6)
return -1;
}
if (count_dots(dst) == 4) {
s = strrchr(src, '.');
*s++ = '\0';
(void) inet_aton(src, &ip->ip_src);
pkt.ti_sport = htons(atoi(s));
*--s = '.';
s = strrchr(dst, '.');
*s++ = '\0';
(void) inet_aton(src, &ip->ip_dst);
pkt.ti_dport = htons(atoi(s));
*--s = '.';
} else {
(void) inet_aton(src, &ip->ip_src);
(void) inet_aton(src, &ip->ip_dst);
}
ip->ip_len = ip->ip_hl = sizeof(ip_t);
s = strtok(misc, " :");
if ((p = getprotobyname(s))) {
ip->ip_p = p->p_proto;
switch (p->p_proto) {
case IPPROTO_TCP :
case IPPROTO_UDP :
s = strtok(NULL, " :");
ip->ip_len += atoi(s);
if (p->p_proto == IPPROTO_TCP)
extra = sizeof(struct tcphdr);
else if (p->p_proto == IPPROTO_UDP)
extra = sizeof(struct udphdr);
break;
#ifdef IGMP
case IPPROTO_IGMP :
extra = sizeof(struct igmp);
break;
#endif
case IPPROTO_ICMP :
extra = sizeof(struct icmp);
break;
default :
break;
}
}
slen = ip->ip_hl + extra + ip->ip_len;
return slen;
}

353
contrib/ipfilter/ipft_tx.c
View File

@ -1,353 +0,0 @@
/*
* Copyright (C) 1995-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <ctype.h>
#include <assert.h>
#include <string.h>
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
#include <strings.h>
#else
#include <sys/byteorder.h>
#endif
#include <sys/param.h>
#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <netinet/ip_icmp.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <netdb.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include "ip_compat.h"
#include <netinet/tcpip.h>
#include "ipf.h"
#include "ipt.h"
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.3.2.8 2002/12/06 11:40:26 darrenr Exp $";
#endif
extern int opts;
static char *tx_proto = "";
static int text_open __P((char *)), text_close __P((void));
static int text_readip __P((char *, int, char **, int *));
static int parseline __P((char *, ip_t *, char **, int *));
static char _tcp_flagset[] = "FSRPAUEC";
static u_char _tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH,
TH_ACK, TH_URG, TH_ECN, TH_CWR };
struct ipread iptext = { text_open, text_close, text_readip };
static FILE *tfp = NULL;
static int tfd = -1;
static u_32_t tx_hostnum __P((char *, int *));
static u_short tx_portnum __P((char *));
/*
* returns an ip address as a long var as a result of either a DNS lookup or
* straight inet_addr() call
*/
static u_32_t tx_hostnum(host, resolved)
char *host;
int *resolved;
{
struct hostent *hp;
struct netent *np;
*resolved = 0;
if (!strcasecmp("any",host))
return 0L;
if (isdigit(*host))
return inet_addr(host);
if (!(hp = gethostbyname(host))) {
if (!(np = getnetbyname(host))) {
*resolved = -1;
fprintf(stderr, "can't resolve hostname: %s\n", host);
return 0;
}
return htonl(np->n_net);
}
return *(u_32_t *)hp->h_addr;
}
/*
* find the port number given by the name, either from getservbyname() or
* straight atoi()
*/
static u_short tx_portnum(name)
char *name;
{
struct servent *sp, *sp2;
u_short p1 = 0;
if (isdigit(*name))
return (u_short)atoi(name);
if (!tx_proto)
tx_proto = "tcp/udp";
if (strcasecmp(tx_proto, "tcp/udp")) {
sp = getservbyname(name, tx_proto);
if (sp)
return ntohs(sp->s_port);
(void) fprintf(stderr, "unknown service \"%s\".\n", name);
return 0;
}
sp = getservbyname(name, "tcp");
if (sp)
p1 = sp->s_port;
sp2 = getservbyname(name, "udp");
if (!sp || !sp2) {
(void) fprintf(stderr, "unknown tcp/udp service \"%s\".\n",
name);
return 0;
}
if (p1 != sp2->s_port) {
(void) fprintf(stderr, "%s %d/tcp is a different port to ",
name, p1);
(void) fprintf(stderr, "%s %d/udp\n", name, sp->s_port);
return 0;
}
return ntohs(p1);
}
char *tx_icmptypes[] = {
"echorep", (char *)NULL, (char *)NULL, "unreach", "squench",
"redir", (char *)NULL, (char *)NULL, "echo", "routerad",
"routersol", "timex", "paramprob", "timest", "timestrep",
"inforeq", "inforep", "maskreq", "maskrep", "END"
};
static int text_open(fname)
char *fname;
{
if (tfp && tfd != -1) {
rewind(tfp);
return tfd;
}
if (!strcmp(fname, "-")) {
tfd = 0;
tfp = stdin;
} else {
tfd = open(fname, O_RDONLY);
if (tfd != -1)
tfp = fdopen(tfd, "r");
}
return tfd;
}
static int text_close()
{
int cfd = tfd;
tfd = -1;
return close(cfd);
}
static int text_readip(buf, cnt, ifn, dir)
char *buf, **ifn;
int cnt, *dir;
{
register char *s;
char line[513];
*ifn = NULL;
while (fgets(line, sizeof(line)-1, tfp)) {
if ((s = index(line, '\n')))
*s = '\0';
if ((s = index(line, '\r')))
*s = '\0';
if ((s = index(line, '#')))
*s = '\0';
if (!*line)
continue;
if (!(opts & OPT_BRIEF))
printf("input: %s\n", line);
*ifn = NULL;
*dir = 0;
if (!parseline(line, (ip_t *)buf, ifn, dir))
#if 0
return sizeof(ip_t) + sizeof(tcphdr_t);
#else
return sizeof(ip_t);
#endif
}
return -1;
}
static int parseline(line, ip, ifn, out)
char *line;
ip_t *ip;
char **ifn;
int *out;
{
tcphdr_t th, *tcp = &th;
struct icmp icmp, *ic = &icmp;
char *cps[20], **cpp, c, ipopts[68];
int i, r;
if (*ifn)
free(*ifn);
bzero((char *)ip, MAX(sizeof(*tcp), sizeof(*ic)) + sizeof(*ip));
bzero((char *)tcp, sizeof(*tcp));
bzero((char *)ic, sizeof(*ic));
bzero(ipopts, sizeof(ipopts));
ip->ip_hl = sizeof(*ip) >> 2;
ip->ip_v = IPVERSION;
for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && (i < 19); )
cps[++i] = strtok(NULL, " \b\t\r\n");
cpp = cps;
if (!*cpp)
return 1;
c = **cpp;
if (!isalpha(c) || (tolower(c) != 'o' && tolower(c) != 'i')) {
fprintf(stderr, "bad direction \"%s\"\n", *cpp);
return 1;
}
*out = (tolower(c) == 'o') ? 1 : 0;
cpp++;
if (!*cpp)
return 1;
if (!strcasecmp(*cpp, "on")) {
cpp++;
if (!*cpp)
return 1;
*ifn = strdup(*cpp++);
if (!*cpp)
return 1;
}
c = **cpp;
ip->ip_len = sizeof(ip_t);
if (!strcasecmp(*cpp, "tcp") || !strcasecmp(*cpp, "udp") ||
!strcasecmp(*cpp, "icmp")) {
if (c == 't') {
ip->ip_p = IPPROTO_TCP;
ip->ip_len += sizeof(struct tcphdr);
tx_proto = "tcp";
} else if (c == 'u') {
ip->ip_p = IPPROTO_UDP;
ip->ip_len += sizeof(struct udphdr);
tx_proto = "udp";
} else {
ip->ip_p = IPPROTO_ICMP;
ip->ip_len += ICMPERR_IPICMPHLEN;
tx_proto = "icmp";
}
cpp++;
} else if (isdigit(**cpp) && !index(*cpp, '.')) {
ip->ip_p = atoi(*cpp);
cpp++;
} else
ip->ip_p = IPPROTO_IP;
if (!*cpp)
return 1;
if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) {
char *last;
last = index(*cpp, ',');
if (!last) {
fprintf(stderr, "tcp/udp with no source port\n");
return 1;
}
*last++ = '\0';
tcp->th_sport = htons(tx_portnum(last));
}
ip->ip_src.s_addr = tx_hostnum(*cpp, &r);
cpp++;
if (!*cpp)
return 1;
if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) {
char *last;
last = index(*cpp, ',');
if (!last) {
fprintf(stderr, "tcp/udp with no destination port\n");
return 1;
}
*last++ = '\0';
tcp->th_dport = htons(tx_portnum(last));
}
ip->ip_dst.s_addr = tx_hostnum(*cpp, &r);
cpp++;
if (*cpp && ip->ip_p == IPPROTO_TCP) {
extern char _tcp_flagset[];
extern u_char _tcp_flags[];
char *s, *t;
for (s = *cpp; *s; s++)
if ((t = index(_tcp_flagset, *s)))
tcp->th_flags |= _tcp_flags[t - _tcp_flagset];
if (tcp->th_flags)
cpp++;
assert(tcp->th_flags != 0);
tcp->th_win = htons(4096);
tcp->th_off = sizeof(*tcp) >> 2;
} else if (*cpp && ip->ip_p == IPPROTO_ICMP) {
extern char *tx_icmptypes[];
char **s, *t;
int i;
for (s = tx_icmptypes, i = 0; !*s || strcmp(*s, "END");
s++, i++)
if (*s && !strncasecmp(*cpp, *s, strlen(*s))) {
ic->icmp_type = i;
if ((t = index(*cpp, ',')))
ic->icmp_code = atoi(t+1);
cpp++;
break;
}
}
if (*cpp && !strcasecmp(*cpp, "opt")) {
u_long olen;
cpp++;
olen = buildopts(*cpp, ipopts, (ip->ip_hl - 5) << 2);
if (olen) {
bcopy(ipopts, (char *)(ip + 1), olen);
ip->ip_hl += olen >> 2;
}
}
if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP)
bcopy((char *)tcp, ((char *)ip) + (ip->ip_hl << 2),
sizeof(*tcp));
else if (ip->ip_p == IPPROTO_ICMP)
bcopy((char *)ic, ((char *)ip) + (ip->ip_hl << 2),
sizeof(*ic));
ip->ip_len = htons(ip->ip_len);
return 0;
}

2
contrib/ipfilter/iplang/iplang.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1997-1998 by Darren Reed.

2
contrib/ipfilter/iplang/iplang_l.l
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
%{
/*

40
contrib/ipfilter/iplang/iplang_y.y
View File

@ -1,18 +1,15 @@
/* $FreeBSD$ */
%{
/*
* Copyright (C) 1997-1998 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: iplang_y.y,v 2.2 1999/12/04 03:37:04 darrenr Exp $
* Id: iplang_y.y,v 2.9.2.2 2004/12/09 19:41:10 darrenr Exp
* $FreeBSD$
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <string.h>
#include <fcntl.h>
@ -32,12 +29,9 @@
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <net/if.h>
#ifndef linux
#include <netinet/if_ether.h>
@ -53,7 +47,7 @@
#include "iplang.h"
#if !defined(__NetBSD__) && (!defined(__FreeBSD_version) && \
__FreeBSD_version < 400020 ) && SOLARIS2 < 10
__FreeBSD_version < 400020) && (!SOLARIS || SOLARIS2 < 10)
extern struct ether_addr *ether_aton __P((char *));
#endif
@ -774,7 +768,7 @@ char **arg;
while ((c = *s++)) {
if (todo) {
if (isdigit(c)) {
if (ISDIGIT(c)) {
todo--;
if (c > '7') {
fprintf(stderr, "octal with %c!\n", c);
@ -783,7 +777,7 @@ char **arg;
val <<= 3;
val |= (c - '0');
}
if (!isdigit(c) || !todo) {
if (!ISDIGIT(c) || !todo) {
*t++ = (u_char)(val & 0xff);
todo = 0;
}
@ -791,7 +785,7 @@ char **arg;
continue;
}
if (quote) {
if (isdigit(c)) {
if (ISDIGIT(c)) {
todo = 2;
if (c > '7') {
fprintf(stderr, "octal with %c!\n", c);
@ -1295,7 +1289,7 @@ void prep_packet()
return;
}
if (ifp->if_fd == -1)
ifp->if_fd = initdevice(ifp->if_name, 0, 5);
ifp->if_fd = initdevice(ifp->if_name, 5);
gwip = sending.snd_gw;
if (!gwip.s_addr)
gwip = aniphead->ah_ip->ip_dst;
@ -1327,7 +1321,7 @@ void packet_done()
sprintf((char *)t, " ");
t += 8;
for (k = 16; k; k--, s++)
*t++ = (isprint(*s) ? *s : '.');
*t++ = (ISPRINT(*s) ? *s : '.');
s--;
}
@ -1345,7 +1339,7 @@ void packet_done()
t += 7;
s -= j & 0xf;
for (k = j & 0xf; k; k--, s++)
*t++ = (isprint(*s) ? *s : '.');
*t++ = (ISPRINT(*s) ? *s : '.');
*t++ = '\n';
*t = '\0';
}
@ -1519,11 +1513,6 @@ int type;
}
static char *icmpcodes[] = {
"net-unr", "host-unr", "proto-unr", "port-unr", "needfrag", "srcfail",
"net-unk", "host-unk", "isolate", "net-prohib", "host-prohib",
"net-tos", "host-tos", NULL };
void set_icmpcodetok(code)
char **code;
{
@ -1542,13 +1531,6 @@ char **code;
}
static char *icmptypes[] = {
"echorep", (char *)NULL, (char *)NULL, "unreach", "squench",
"redir", (char *)NULL, (char *)NULL, "echo", (char *)NULL,
(char *)NULL, "timex", "paramprob", "timest", "timestrep",
"inforeq", "inforep", "maskreq", "maskrep", "END"
};
void set_icmptypetok(type)
char **type;
{

1495
contrib/ipfilter/ipmon.c
View File

File diff suppressed because it is too large Load Diff

2
contrib/ipfilter/ipmon.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.

433
contrib/ipfilter/ipnat.c
View File

@ -1,433 +0,0 @@
/*
* Copyright (C) 1993-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <string.h>
#include <fcntl.h>
#include <errno.h>
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
#include <strings.h>
#else
#include <sys/byteorder.h>
#endif
#include <sys/time.h>
#include <sys/param.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#if defined(sun) && (defined(__svr4__) || defined(__SVR4))
# include <sys/ioccom.h>
# include <sys/sysmacros.h>
#endif
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/if.h>
#if __FreeBSD_version >= 300000
# include <net/if_var.h>
#endif
#include <netdb.h>
#include <arpa/nameser.h>
#include <arpa/inet.h>
#include <resolv.h>
#include <ctype.h>
#include <nlist.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_state.h"
#include "netinet/ip_proxy.h"
#include "ipf.h"
#include "kmem.h"
#if defined(sun) && !SOLARIS2
# define STRERROR(x) sys_errlist[x]
extern char *sys_errlist[];
#else
# define STRERROR(x) strerror(x)
#endif
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.25 2003/06/05 14:00:28 darrenr Exp $";
#endif
#if SOLARIS
#define bzero(a,b) memset(a,0,b)
#endif
int use_inet6 = 0;
char thishost[MAXHOSTNAMELEN];
extern char *optarg;
extern int optind;
#if 0
extern ipnat_t *natparse __P((char *, int));
#endif
extern void natparsefile __P((int, char *, int));
extern void printnat __P((ipnat_t *, int));
extern void printactivenat __P((nat_t *, int));
extern void printhostmap __P((hostmap_t *, u_int));
extern char *getsumd __P((u_32_t));
static int dostats __P((natstat_t *, int));
static int flushtable __P((int, int));
void usage __P((char *));
int countbits __P((u_32_t));
char *getnattype __P((ipnat_t *));
int main __P((int, char*[]));
void printaps __P((ap_session_t *, int));
static int showhostmap __P((natstat_t *nsp));
static int natstat_dead __P((natstat_t *, char *));
void usage(name)
char *name;
{
fprintf(stderr, "Usage: %s [-CFhlnrsv] [-f filename]\n", name);
exit(1);
}
int main(argc, argv)
int argc;
char *argv[];
{
natstat_t ns, *nsp = &ns;
char *file, *core, *kernel;
int fd, opts, c, mode;
fd = -1;
opts = 0;
file = NULL;
core = NULL;
kernel = NULL;
mode = O_RDWR;
while ((c = getopt(argc, argv, "CdFf:hlM:N:nrsv")) != -1)
switch (c)
{
case 'C' :
opts |= OPT_CLEAR;
break;
case 'd' :
opts |= OPT_DEBUG;
break;
case 'f' :
file = optarg;
break;
case 'F' :
opts |= OPT_FLUSH;
break;
case 'h' :
opts |=OPT_HITS;
break;
case 'l' :
opts |= OPT_LIST;
mode = O_RDONLY;
break;
case 'M' :
core = optarg;
break;
case 'N' :
kernel = optarg;
break;
case 'n' :
opts |= OPT_NODO;
mode = O_RDONLY;
break;
case 'r' :
opts |= OPT_REMOVE;
break;
case 's' :
opts |= OPT_STAT;
mode = O_RDONLY;
break;
case 'v' :
opts |= OPT_VERBOSE;
break;
case '?' :
default :
usage(argv[0]);
}
if (optind < 2)
usage(argv[0]);
if ((kernel != NULL) || (core != NULL)) {
(void) setgid(getgid());
(void) setuid(getuid());
}
bzero((char *)&ns, sizeof(ns));
gethostname(thishost, sizeof(thishost));
thishost[sizeof(thishost) - 1] = '\0';
if (!(opts & OPT_NODO) && (kernel == NULL) && (core == NULL)) {
if (openkmem(kernel, core) == -1)
exit(1);
if (((fd = open(IPL_NAT, mode)) == -1) &&
((fd = open(IPL_NAT, O_RDONLY)) == -1)) {
(void) fprintf(stderr, "%s: open: %s\n", IPL_NAT,
STRERROR(errno));
if (errno == ENODEV)
fprintf(stderr, "IPFilter enabled?\n");
exit(1);
}
if (ioctl(fd, SIOCGNATS, &nsp) == -1) {
perror("ioctl(SIOCGNATS)");
exit(1);
}
(void) setgid(getgid());
(void) setuid(getuid());
} else if ((kernel != NULL) || (core != NULL)) {
if (openkmem(kernel, core) == -1)
exit(1);
if (natstat_dead(nsp, kernel))
exit(1);
if (opts & (OPT_LIST|OPT_STAT)) {
if (dostats(nsp, opts))
exit(1);
}
exit(0);
}
if (opts & (OPT_FLUSH|OPT_CLEAR))
if (flushtable(fd, opts))
exit(1);
if (file) {
/* NB natparsefile exits with nonzero in case of error */
natparsefile(fd, file, opts);
}
if (opts & (OPT_LIST|OPT_STAT))
if (dostats(nsp, opts))
exit(1);
/* TBD why not exit(0)? */
return 0;
}
/*
* Read NAT statistic information in using a symbol table and memory file
* rather than doing ioctl's.
*/
static int natstat_dead(nsp, kernel)
natstat_t *nsp;
char *kernel;
{
struct nlist nat_nlist[10] = {
{ "nat_table" }, /* 0 */
{ "nat_list" },
{ "maptable" },
{ "ipf_nattable_sz" },
{ "ipf_natrules_sz" },
{ "ipf_rdrrules_sz" }, /* 5 */
{ "ipf_hostmap_sz" },
{ "nat_instances" },
{ "ap_sess_list" },
{ NULL }
};
void *tables[2];
if (nlist(kernel, nat_nlist) == -1) {
fprintf(stderr, "nlist error\n");
return -1;
}
/*
* Normally the ioctl copies all of these values into the structure
* for us, before returning it to userland, so here we must copy each
* one in individually.
*/
kmemcpy((char *)&tables, nat_nlist[0].n_value, sizeof(tables));
nsp->ns_table[0] = tables[0];
nsp->ns_table[1] = tables[1];
kmemcpy((char *)&nsp->ns_list, nat_nlist[1].n_value,
sizeof(nsp->ns_list));
kmemcpy((char *)&nsp->ns_maptable, nat_nlist[2].n_value,
sizeof(nsp->ns_maptable));
kmemcpy((char *)&nsp->ns_nattab_sz, nat_nlist[3].n_value,
sizeof(nsp->ns_nattab_sz));
kmemcpy((char *)&nsp->ns_rultab_sz, nat_nlist[4].n_value,
sizeof(nsp->ns_rultab_sz));
kmemcpy((char *)&nsp->ns_rdrtab_sz, nat_nlist[5].n_value,
sizeof(nsp->ns_rdrtab_sz));
kmemcpy((char *)&nsp->ns_hostmap_sz, nat_nlist[6].n_value,
sizeof(nsp->ns_hostmap_sz));
kmemcpy((char *)&nsp->ns_instances, nat_nlist[7].n_value,
sizeof(nsp->ns_instances));
kmemcpy((char *)&nsp->ns_apslist, nat_nlist[8].n_value,
sizeof(nsp->ns_apslist));
return 0;
}
/*
* Display NAT statistics.
*/
static int dostats(nsp, opts)
natstat_t *nsp;
int opts;
{
nat_t **nt[2], *np, nat;
ipnat_t ipn;
int rc = 0;
/*
* Show statistics ?
*/
if (opts & OPT_STAT) {
printf("mapped\tin\t%lu\tout\t%lu\n",
nsp->ns_mapped[0], nsp->ns_mapped[1]);
printf("added\t%lu\texpired\t%lu\n",
nsp->ns_added, nsp->ns_expire);
printf("no memory\t%lu\tbad nat\t%lu\n",
nsp->ns_memfail, nsp->ns_badnat);
printf("inuse\t%lu\nrules\t%lu\n",
nsp->ns_inuse, nsp->ns_rules);
printf("wilds\t%u\n", nsp->ns_wilds);
if (opts & OPT_VERBOSE)
printf("table %p list %p\n",
nsp->ns_table, nsp->ns_list);
}
/*
* Show list of NAT rules and NAT sessions ?
*/
if (opts & OPT_LIST) {
printf("List of active MAP/Redirect filters:\n");
while (nsp->ns_list) {
if (kmemcpy((char *)&ipn, (long)nsp->ns_list,
sizeof(ipn))) {
perror("kmemcpy");
rc = -1;
break;
}
if (opts & OPT_HITS)
printf("%d ", ipn.in_hits);
printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
nsp->ns_list = ipn.in_next;
}
nt[0] = (nat_t **)malloc(sizeof(*nt) * NAT_SIZE);
if (kmemcpy((char *)nt[0], (long)nsp->ns_table[0],
sizeof(**nt) * NAT_SIZE)) {
perror("kmemcpy");
rc = -1;
}
if (rc) {
free(nt[0]);
return rc;
}
printf("\nList of active sessions:\n");
for (np = nsp->ns_instances; np; np = nat.nat_next) {
if (kmemcpy((char *)&nat, (long)np, sizeof(nat))) {
/* TBD Is this an error? If so, return -1 */
break;
}
printactivenat(&nat, opts);
}
if (opts & OPT_VERBOSE) {
if (showhostmap(nsp)) {
free(nt[0]);
return -1;
}
}
free(nt[0]);
}
return 0;
}
/*
* Display the active host mapping table.
*/
static int showhostmap(nsp)
natstat_t *nsp;
{
hostmap_t hm, *hmp, **maptable;
u_int hv;
printf("\nList of active host mappings:\n");
maptable = (hostmap_t **)malloc(sizeof(hostmap_t *) *
nsp->ns_hostmap_sz);
if (kmemcpy((char *)maptable, (u_long)nsp->ns_maptable,
sizeof(hostmap_t *) * nsp->ns_hostmap_sz)) {
perror("kmemcpy (maptable)");
free(maptable);
return -1;
}
for (hv = 0; hv < nsp->ns_hostmap_sz; hv++) {
hmp = maptable[hv];
while (hmp) {
if (kmemcpy((char *)&hm, (u_long)hmp, sizeof(hm))) {
perror("kmemcpy (hostmap)");
free(maptable);
return -1;
}
printhostmap(&hm, hv);
hmp = hm.hm_next;
}
}
free(maptable);
return 0;
}
/*
* Issue an ioctl to flush either the NAT rules table or the active mapping
* table or both.
*/
static int flushtable(fd, opts)
int fd, opts;
{
int n = 0;
int rc = 0;
if (opts & OPT_FLUSH) {
n = 0;
if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1) {
perror("ioctl(SIOCFLNAT)");
rc = -1;
} else {
printf("%d entries flushed from NAT table\n", n);
}
}
if (opts & OPT_CLEAR) {
n = 1;
if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1) {
perror("ioctl(SIOCCNATL)");
rc = -1;
} else {
printf("%d entries flushed from NAT list\n", n);
}
}
return rc;
}

2
contrib/ipfilter/ipsd/Celler/ip_compat.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1995 by Darren Reed.

2
contrib/ipfilter/ipsd/ipsd.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1995-1998 Darren Reed.

2
contrib/ipfilter/ipsd/ipsd.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1995-1998 Darren Reed.

2
contrib/ipfilter/ipsd/ipsdr.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1995-1998 Darren Reed.

2
contrib/ipfilter/ipsd/linux.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1997-1998 by Darren Reed.

2
contrib/ipfilter/ipsd/sbpf.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1995-1998 Darren Reed. (from tcplog)

2
contrib/ipfilter/ipsd/sdlpi.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)

2
contrib/ipfilter/ipsd/slinux.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)

2
contrib/ipfilter/ipsd/snit.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)

2
contrib/ipfilter/ipsend/.OLD/ip_compat.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1995 by Darren Reed.

2
contrib/ipfilter/ipsend/44arp.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Based upon 4.4BSD's /usr/sbin/arp

2
contrib/ipfilter/ipsend/arp.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* arp.c (C) 1995-1998 Darren Reed

2
contrib/ipfilter/ipsend/dlcommon.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Common (shared) DLPI test routines.

2
contrib/ipfilter/ipsend/dltest.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Common DLPI Test Suite header file

2
contrib/ipfilter/ipsend/hpux.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1997-1998 Darren Reed. (from tcplog)

2
contrib/ipfilter/ipsend/in_var.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/* @(#)in_var.h 1.3 88/08/19 SMI; from UCB 7.1 6/5/86 */

2
contrib/ipfilter/ipsend/ip.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* ip.c (C) 1995-1998 Darren Reed

2
contrib/ipfilter/ipsend/ip_var.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/* @(#)ip_var.h 1.11 88/08/19 SMI; from UCB 7.1 6/5/86 */

2
contrib/ipfilter/ipsend/ipresend.1
View File

@ -1,4 +1,4 @@
.\" $NetBSD$
.\" $FreeBSD$
.\"
.TH IPRESEND 1
.SH NAME

2
contrib/ipfilter/ipsend/ipresend.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* ipresend.c (C) 1995-1998 Darren Reed

2
contrib/ipfilter/ipsend/ipsend.1
View File

@ -1,4 +1,4 @@
.\" $NetBSD$
.\" $FreeBSD$
.\"
.TH IPSEND 1
.SH NAME

2
contrib/ipfilter/ipsend/ipsend.5
View File

@ -359,7 +359,7 @@ should be routing packets via another route. The redirect code names are:
Echo.
.TP
.B routerad
Router Advertisment.
Router Advertisement.
.TP
.B routersol
Router solicitation.

116
contrib/ipfilter/ipsend/ipsend.c
View File

@ -2,21 +2,12 @@
/*
* ipsend.c (C) 1995-1998 Darren Reed
*
* This was written to test what size TCP fragments would get through
* various TCP/IP packet filters, as used in IP firewalls. In certain
* conditions, enough of the TCP header is missing for unpredictable
* results unless the filter is aware that this can happen.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#if !defined(lint)
static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ipsend.c,v 2.8.2.2 2004/11/13 16:50:10 darrenr Exp";
#endif
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <string.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
@ -24,21 +15,19 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <string.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/ip_icmp.h>
#ifndef linux
#include <netinet/ip_var.h>
# include <netinet/ip_var.h>
#endif
#include "ipsend.h"
#if !defined(lint)
static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
/* static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.2.2.3 2001/07/15 22:00:14 darrenr Exp $"; */
static const char rcsid[] = "@(#)$FreeBSD$";
#include "ipf.h"
#ifndef linux
# include <netinet/udp_var.h>
#endif
@ -48,27 +37,27 @@ extern void iplang __P((FILE *));
char options[68];
int opts;
#ifdef linux
#ifdef linux
char default_device[] = "eth0";
#else
# ifdef sun
char default_device[] = "le0";
# else
# ifdef ultrix
# ifdef ultrix
char default_device[] = "ln0";
# else
# ifdef __bsdi__
# else
# ifdef __bsdi__
char default_device[] = "ef0";
# else
# ifdef __sgi
# else
# ifdef __sgi
char default_device[] = "ec0";
# else
# else
# ifdef __hpux
char default_device[] = "lan0";
# endif
# endif
# endif
# endif
#endif
# else
char default_device[] = "le0";
# endif /* __hpux */
# endif /* __sgi */
# endif /* __bsdi__ */
# endif /* ultrix */
#endif /* linux */
static void usage __P((char *));
@ -163,13 +152,9 @@ int mtu;
ip_t *ip;
struct in_addr gwip;
{
u_short sport = 0;
int wfd;
if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP)
sport = ((struct tcpiphdr *)ip)->ti_sport;
wfd = initdevice(dev, sport, 5);
int wfd;
wfd = initdevice(dev, 5);
return send_packet(wfd, mtu, ip, gwip);
}
@ -187,7 +172,7 @@ udpcksum(ip_t *ip, struct udphdr *udp, int len)
u_short w[6];
} ph;
u_32_t temp32;
u_short cksum, *opts;
u_short *opts;
ph.h.len = htons(len);
ph.h.ttl = 0;
@ -210,8 +195,6 @@ int argc;
char **argv;
{
FILE *langfile = NULL;
struct tcpiphdr *ti;
struct udpiphdr *ui;
struct in_addr gwip;
tcphdr_t *tcp;
udphdr_t *udp;
@ -225,15 +208,12 @@ char **argv;
* 65535 is maximum packet size...you never know...
*/
ip = (ip_t *)calloc(1, 65536);
ti = (struct tcpiphdr *)ip;
ui = (struct udpiphdr *)ip;
tcp = (tcphdr_t *)&ti->ti_sport;
udp = (udphdr_t *)&ui->ui_sport;
ui->ui_ulen = htons(sizeof(*udp));
tcp = (tcphdr_t *)(ip + 1);
udp = (udphdr_t *)tcp;
ip->ip_len = sizeof(*ip);
ip->ip_hl = sizeof(*ip) >> 2;
IP_HL_A(ip, sizeof(*ip) >> 2);
while ((c = getopt(argc, argv, "I:L:P:TUdf:i:g:m:o:s:t:vw:")) != -1)
while ((c = getopt(argc, argv, "I:L:P:TUdf:i:g:m:o:s:t:vw:")) != -1) {
switch (c)
{
case 'I' :
@ -327,7 +307,7 @@ char **argv;
break;
case 'o' :
nonl++;
olen = buildopts(optarg, options, (ip->ip_hl - 5) << 2);
olen = buildopts(optarg, options, (IP_HL(ip) - 5) << 2);
break;
case 's' :
nonl++;
@ -352,6 +332,7 @@ char **argv;
fprintf(stderr, "Unknown option \"%c\"\n", c);
usage(name);
}
}
if (argc - optind < 1)
usage(name);
@ -383,11 +364,6 @@ char **argv;
exit(2);
}
if (ip->ip_p != IPPROTO_TCP && ip->ip_p != IPPROTO_UDP) {
fprintf(stderr,"Unsupported protocol %d\n", ip->ip_p);
exit(2);
}
if (olen)
{
int hlen;
@ -395,22 +371,24 @@ char **argv;
printf("Options: %d\n", olen);
hlen = sizeof(*ip) + olen;
ip->ip_hl = hlen >> 2;
IP_HL_A(ip, hlen >> 2);
ip->ip_len += olen;
p = (char *)malloc(65536);
if(!p)
if (p == NULL)
{
fprintf(stderr,"malloc failed\n");
fprintf(stderr, "malloc failed\n");
exit(2);
}
}
bcopy(ip, p, sizeof(*ip));
bcopy(options, p + sizeof(*ip), olen);
bcopy(ip + 1, p + hlen, ip->ip_len - hlen);
ip = (ip_t *)p;
if (ip->ip_p == IPPROTO_TCP) {
tcp = (tcphdr_t *)((char *)ip + hlen);
} else {
udp = (udphdr_t *)((char *)ip + hlen);
tcp = (tcphdr_t *)(p + hlen);
} else if (ip->ip_p == IPPROTO_UDP) {
udp = (udphdr_t *)(p + hlen);
}
}
@ -450,11 +428,11 @@ char **argv;
if (ip->ip_p == IPPROTO_UDP) {
udp->uh_sum = 0;
udpcksum(ip, udp, (ip->ip_len) - (ip->ip_hl << 2));
udpcksum(ip, udp, ip->ip_len - (IP_HL(ip) << 2));
}
#ifdef DOSOCKET
if (ip->ip_p == IPPROTO_TCP && tcp->th_dport)
return do_socket(dev, mtu, (struct tcpiphdr *)ip, gwip);
return do_socket(dev, mtu, ip, gwip);
#endif
return send_packets(dev, mtu, ip, gwip);
}

2
contrib/ipfilter/ipsend/ipsend.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* ipsend.h (C) 1997-1998 Darren Reed

2
contrib/ipfilter/ipsend/ipsopt.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1995-1998 by Darren Reed.

2
contrib/ipfilter/ipsend/iptest.1
View File

@ -1,3 +1,5 @@
.\" $FreeBSD$
.\"
.TH IPTEST 1
.SH NAME
iptest \- automatically generate a packets to test IP functionality

2
contrib/ipfilter/ipsend/iptest.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* ipsend.c (C) 1995-1998 Darren Reed

203
contrib/ipfilter/ipsend/iptests.c
View File

@ -1,35 +1,38 @@
/* $FreeBSD$ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.3 2004/04/16 23:33:04 darrenr Exp";
#endif
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/param.h>
#define _KERNEL
#define KERNEL
#if !defined(solaris) && !defined(linux) && !defined(__sgi)
# include <sys/file.h>
#else
# ifdef solaris
# include <sys/dditypes.h>
#if !defined(__osf__)
# define _KERNEL
# define KERNEL
# if !defined(solaris) && !defined(linux) && !defined(__sgi) && !defined(hpux)
# include <sys/file.h>
# else
# ifdef solaris
# include <sys/dditypes.h>
# endif
# endif
# undef _KERNEL
# undef KERNEL
#endif
#undef _KERNEL
#undef KERNEL
#if !defined(solaris) && !defined(linux) && !defined(__sgi)
# include <nlist.h>
# include <sys/user.h>
# include <sys/proc.h>
#endif
#if !defined(ultrix) && !defined(hpux) && !defined(linux) && !defined(__sgi)
#if !defined(ultrix) && !defined(hpux) && !defined(linux) && \
!defined(__sgi) && !defined(__osf__)
# include <kvm.h>
#endif
#ifndef ultrix
@ -50,11 +53,17 @@
#endif
#include <netinet/in_systm.h>
#include <sys/socket.h>
#ifdef __hpux
# define _NET_ROUTE_INCLUDED
#endif
#include <net/if.h>
#if defined(linux) && (LINUX >= 0200)
# include <asm/atomic.h>
#endif
#if !defined(linux)
# if defined(__FreeBSD__)
# include "radix_ipf.h"
# endif
# include <net/route.h>
#else
# define __KERNEL__ /* because there's a macro not wrapped by this */
@ -63,39 +72,38 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#ifndef linux
#if !defined(linux)
# include <netinet/ip_var.h>
# include <netinet/in_pcb.h>
# include <netinet/tcp_timer.h>
# include <netinet/tcp_var.h>
# if !defined(__hpux)
# include <netinet/in_pcb.h>
# endif
#endif
#if defined(__SVR4) || defined(__svr4__) || defined(__sgi)
# include <sys/sysmacros.h>
#endif
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#ifdef __hpux
# undef _NET_ROUTE_INCLUDED
#endif
#include "ipsend.h"
#if !defined(linux) && !defined(__hpux)
# include <netinet/tcp_timer.h>
# include <netinet/tcp_var.h>
#endif
#if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 106000000)
# define USE_NANOSLEEP
#endif
#include "ipsend.h"
#if 0
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: iptests.c,v 2.1.4.8 2002/12/06 11:40:35 darrenr Exp $";
#endif
#endif
__FBSDID("$FreeBSD$");
#ifdef USE_NANOSLEEP
# define PAUSE() ts.tv_sec = 0; ts.tv_nsec = 10000000; \
#ifdef USE_NANOSLEEP
# define PAUSE() ts.tv_sec = 0; ts.tv_nsec = 10000000; \
(void) nanosleep(&ts, NULL)
#else
# define PAUSE() tv.tv_sec = 0; tv.tv_usec = 10000; \
(void) select(0, NULL, NULL, NULL, &tv)
(void) select(0, NULL, NULL, NULL, &tv)
#endif
@ -106,7 +114,7 @@ ip_t *ip;
struct in_addr gwip;
int ptest;
{
#ifdef USE_NANOSLEEP
#ifdef USE_NANOSLEEP
struct timespec ts;
#else
struct timeval tv;
@ -114,8 +122,8 @@ int ptest;
udphdr_t *u;
int nfd, i = 0, len, id = getpid();
ip->ip_hl = sizeof(*ip) >> 2;
ip->ip_v = IPVERSION;
IP_HL_A(ip, sizeof(*ip) >> 2);
IP_V_A(ip, IPVERSION);
ip->ip_tos = 0;
ip->ip_off = 0;
ip->ip_ttl = 60;
@ -128,7 +136,7 @@ int ptest;
u->uh_ulen = htons(sizeof(*u) + 4);
ip->ip_len = sizeof(*ip) + ntohs(u->uh_ulen);
len = ip->ip_len;
nfd = initdevice(dev, u->uh_sport, 1);
nfd = initdevice(dev, 1);
if (!ptest || (ptest == 1)) {
/*
@ -137,7 +145,7 @@ int ptest;
ip->ip_id = 0;
printf("1.1. sending packets with ip_hl < ip_len\n");
for (i = 0; i < ((sizeof(*ip) + ntohs(u->uh_ulen)) >> 2); i++) {
ip->ip_hl = i >> 2;
IP_HL_A(ip, i >> 2);
(void) send_ip(nfd, 1500, ip, gwip, 1);
printf("%d\r", i);
fflush(stdout);
@ -153,7 +161,7 @@ int ptest;
ip->ip_id = 0;
printf("1.2. sending packets with ip_hl > ip_len\n");
for (; i < ((sizeof(*ip) * 2 + ntohs(u->uh_ulen)) >> 2); i++) {
ip->ip_hl = i >> 2;
IP_HL_A(ip, i >> 2);
(void) send_ip(nfd, 1500, ip, gwip, 1);
printf("%d\r", i);
fflush(stdout);
@ -168,9 +176,9 @@ int ptest;
*/
ip->ip_id = 0;
printf("1.3. ip_v < 4\n");
ip->ip_hl = sizeof(*ip) >> 2;
IP_HL_A(ip, sizeof(*ip) >> 2);
for (i = 0; i < 4; i++) {
ip->ip_v = i;
IP_V_A(ip, i);
(void) send_ip(nfd, 1500, ip, gwip, 1);
printf("%d\r", i);
fflush(stdout);
@ -186,7 +194,7 @@ int ptest;
ip->ip_id = 0;
printf("1.4. ip_v > 4\n");
for (i = 5; i < 16; i++) {
ip->ip_v = i;
IP_V_A(ip, i);
(void) send_ip(nfd, 1500, ip, gwip, 1);
printf("%d\r", i);
fflush(stdout);
@ -200,13 +208,13 @@ int ptest;
* Part5: len < packet
*/
ip->ip_id = 0;
ip->ip_v = IPVERSION;
IP_V_A(ip, IPVERSION);
i = ip->ip_len + 1;
printf("1.5.0 ip_len < packet size (size++, long packets)\n");
for (; i < (ip->ip_len * 2); i++) {
ip->ip_id = htons(id++);
ip->ip_sum = 0;
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
ip->ip_sum = chksum((u_short *)ip, IP_HL(ip) << 2);
(void) send_ether(nfd, (char *)ip, i, gwip);
printf("%d\r", i);
fflush(stdout);
@ -218,7 +226,7 @@ int ptest;
ip->ip_id = htons(id++);
ip->ip_len = i;
ip->ip_sum = 0;
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
ip->ip_sum = chksum((u_short *)ip, IP_HL(ip) << 2);
(void) send_ether(nfd, (char *)ip, len, gwip);
printf("%d\r", i);
fflush(stdout);
@ -237,7 +245,7 @@ int ptest;
ip->ip_id = htons(id++);
ip->ip_len = i;
ip->ip_sum = 0;
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
ip->ip_sum = chksum((u_short *)ip, IP_HL(ip) << 2);
(void) send_ether(nfd, (char *)ip, len, gwip);
printf("%d\r", i);
fflush(stdout);
@ -249,7 +257,7 @@ int ptest;
for (i = len; i > 0; i--) {
ip->ip_id = htons(id++);
ip->ip_sum = 0;
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
ip->ip_sum = chksum((u_short *)ip, IP_HL(ip) << 2);
(void) send_ether(nfd, (char *)ip, i, gwip);
printf("%d\r", i);
fflush(stdout);
@ -318,14 +326,14 @@ int ptest;
ip->ip_len = MIN(768 + 20, mtu - 68);
i = 512;
for (; i < (63 * 1024 + 768); i += 768) {
ip->ip_off = htons(IP_MF | ((i >> 3) & 0x1fff));
ip->ip_off = htons(IP_MF | (i >> 3));
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
fflush(stdout);
PAUSE();
}
ip->ip_len = 896 + 20;
ip->ip_off = htons((i >> 3) & 0x1fff);
ip->ip_off = htons(i >> 3);
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
putchar('\n');
@ -352,7 +360,7 @@ int ptest;
ip->ip_len = MIN(768 + 20, mtu - 68);
i = 512;
for (; i < (63 * 1024 + 768); i += 768) {
ip->ip_off = htons(IP_MF | ((i >> 3) & 0x1fff));
ip->ip_off = htons(IP_MF | (i >> 3));
if ((rand() & 0x1f) != 0) {
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
@ -362,7 +370,7 @@ int ptest;
PAUSE();
}
ip->ip_len = 896 + 20;
ip->ip_off = htons((i >> 3) & 0x1fff);
ip->ip_off = htons(i >> 3);
if ((rand() & 0x1f) != 0) {
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
@ -389,14 +397,14 @@ int ptest;
ip->ip_len = MIN(768 + 20, mtu - 68);
i = 512;
for (; i < (32 * 1024 + 768); i += 768) {
ip->ip_off = htons(IP_MF | ((i >> 3) & 0x1fff));
ip->ip_off = htons(IP_MF | (i >> 3));
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
fflush(stdout);
PAUSE();
}
ip->ip_len = 896 + 20;
ip->ip_off = htons((i >> 3) & 0x1fff);
ip->ip_off = htons(i >> 3);
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
putchar('\n');
@ -454,7 +462,7 @@ ip_t *ip;
struct in_addr gwip;
int ptest;
{
#ifdef USE_NANOSLEEP
#ifdef USE_NANOSLEEP
struct timespec ts;
#else
struct timeval tv;
@ -463,10 +471,10 @@ int ptest;
u_char *s;
s = (u_char *)(ip + 1);
nfd = initdevice(dev, htons(1), 1);
nfd = initdevice(dev, 1);
ip->ip_hl = 6;
ip->ip_len = ip->ip_hl << 2;
IP_HL_A(ip, 6);
ip->ip_len = IP_HL(ip) << 2;
s[IPOPT_OPTVAL] = IPOPT_NOP;
s++;
if (!ptest || (ptest == 1)) {
@ -484,8 +492,8 @@ int ptest;
PAUSE();
}
ip->ip_hl = 7;
ip->ip_len = ip->ip_hl << 2;
IP_HL_A(ip, 7);
ip->ip_len = IP_HL(ip) << 2;
if (!ptest || (ptest == 1)) {
/*
* Test 2: options have length = 0
@ -549,7 +557,7 @@ int ptest;
{
static int ict1[10] = { 8, 9, 10, 13, 14, 15, 16, 17, 18, 0 };
static int ict2[8] = { 3, 9, 10, 13, 14, 17, 18, 0 };
#ifdef USE_NANOSLEEP
#ifdef USE_NANOSLEEP
struct timespec ts;
#else
struct timeval tv;
@ -557,16 +565,16 @@ int ptest;
struct icmp *icp;
int nfd, i;
ip->ip_hl = sizeof(*ip) >> 2;
ip->ip_v = IPVERSION;
IP_HL_A(ip, sizeof(*ip) >> 2);
IP_V_A(ip, IPVERSION);
ip->ip_tos = 0;
ip->ip_off = 0;
ip->ip_ttl = 60;
ip->ip_p = IPPROTO_ICMP;
ip->ip_sum = 0;
ip->ip_len = sizeof(*ip) + sizeof(*icp);
icp = (struct icmp *)((char *)ip + (ip->ip_hl << 2));
nfd = initdevice(dev, htons(1), 1);
icp = (struct icmp *)((char *)ip + (IP_HL(ip) << 2));
nfd = initdevice(dev, 1);
if (!ptest || (ptest == 1)) {
/*
@ -745,7 +753,7 @@ ip_t *ip;
struct in_addr gwip;
int ptest;
{
#ifdef USE_NANOSLEEP
#ifdef USE_NANOSLEEP
struct timespec ts;
#else
struct timeval tv;
@ -754,25 +762,25 @@ int ptest;
int nfd, i;
ip->ip_hl = sizeof(*ip) >> 2;
ip->ip_v = IPVERSION;
IP_HL_A(ip, sizeof(*ip) >> 2);
IP_V_A(ip, IPVERSION);
ip->ip_tos = 0;
ip->ip_off = 0;
ip->ip_ttl = 60;
ip->ip_p = IPPROTO_UDP;
ip->ip_sum = 0;
u = (udphdr_t *)((char *)ip + (ip->ip_hl << 2));
u = (udphdr_t *)((char *)ip + (IP_HL(ip) << 2));
u->uh_sport = htons(1);
u->uh_dport = htons(1);
u->uh_ulen = htons(sizeof(*u) + 4);
nfd = initdevice(dev, u->uh_sport, 1);
nfd = initdevice(dev, 1);
if (!ptest || (ptest == 1)) {
/*
* Test 1. ulen > packet
*/
u->uh_ulen = htons(sizeof(*u) + 4);
ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen);
ip->ip_len = (IP_HL(ip) << 2) + ntohs(u->uh_ulen);
printf("4.1 UDP uh_ulen > packet size - short packets\n");
for (i = ntohs(u->uh_ulen) * 2; i > sizeof(*u) + 4; i--) {
u->uh_ulen = htons(i);
@ -789,7 +797,7 @@ int ptest;
* Test 2. ulen < packet
*/
u->uh_ulen = htons(sizeof(*u) + 4);
ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen);
ip->ip_len = (IP_HL(ip) << 2) + ntohs(u->uh_ulen);
printf("4.2 UDP uh_ulen < packet size - short packets\n");
for (i = ntohs(u->uh_ulen) * 2; i > sizeof(*u) + 4; i--) {
ip->ip_len = i;
@ -807,7 +815,7 @@ int ptest;
* sport = 32768, sport = 65535
*/
u->uh_ulen = sizeof(*u) + 4;
ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen);
ip->ip_len = (IP_HL(ip) << 2) + ntohs(u->uh_ulen);
printf("4.3.1 UDP sport = 0\n");
u->uh_sport = 0;
(void) send_udp(nfd, 1500, ip, gwip);
@ -848,7 +856,7 @@ int ptest;
*/
u->uh_ulen = ntohs(sizeof(*u) + 4);
u->uh_sport = htons(1);
ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen);
ip->ip_len = (IP_HL(ip) << 2) + ntohs(u->uh_ulen);
printf("4.4.1 UDP dport = 0\n");
u->uh_dport = 0;
(void) send_udp(nfd, 1500, ip, gwip);
@ -907,7 +915,7 @@ ip_t *ip;
struct in_addr gwip;
int ptest;
{
#ifdef USE_NANOSLEEP
#ifdef USE_NANOSLEEP
struct timespec ts;
#else
struct timeval tv;
@ -915,11 +923,11 @@ int ptest;
tcphdr_t *t;
int nfd, i;
t = (tcphdr_t *)((char *)ip + (ip->ip_hl << 2));
#ifndef linux
t = (tcphdr_t *)((char *)ip + (IP_HL(ip) << 2));
#if !defined(linux) && !defined(__osf__)
t->th_x2 = 0;
#endif
t->th_off = 0;
TCP_OFF_A(t, 0);
t->th_sport = htons(1);
t->th_dport = htons(1);
t->th_win = htons(4096);
@ -928,13 +936,13 @@ int ptest;
t->th_seq = htonl(1);
t->th_ack = 0;
ip->ip_len = sizeof(ip_t) + sizeof(tcphdr_t);
nfd = initdevice(dev, t->th_sport, 1);
nfd = initdevice(dev, 1);
if (!ptest || (ptest == 1)) {
/*
* Test 1: flags variations, 0 - 3f
*/
t->th_off = sizeof(*t) >> 2;
TCP_OFF_A(t, sizeof(*t) >> 2);
printf("5.1 Test TCP flag combinations\n");
for (i = 0; i <= (TH_URG|TH_ACK|TH_PUSH|TH_RST|TH_SYN|TH_FIN);
i++) {
@ -1058,14 +1066,13 @@ int ptest;
}
#if !defined(linux) && !defined(__SVR4) && !defined(__svr4__) && \
!defined(__sgi)
!defined(__sgi) && !defined(__hpux) && !defined(__osf__)
{
struct tcpcb *tcbp, tcb;
struct tcpiphdr ti;
struct sockaddr_in sin;
int fd, slen;
fd = -1;
bzero((char *)&sin, sizeof(sin));
for (i = 1; i < 63; i++) {
@ -1134,7 +1141,7 @@ int ptest;
t->th_flags = TH_ACK;
printf("5.6.1 TCP off = 1-15, len = 40\n");
for (i = 1; i < 16; i++) {
ti.ti_off = ntohs(i);
TCP_OFF_A(t, ntohs(i));
(void) send_tcp(nfd, mtu, ip, gwip);
printf("%d\r", i);
fflush(stdout);
@ -1150,7 +1157,7 @@ int ptest;
#endif
t->th_seq = htonl(1);
t->th_ack = htonl(1);
t->th_off = 0;
TCP_OFF_A(t, 0);
if (!ptest || (ptest == 7)) {
t->th_flags = TH_SYN;
@ -1254,7 +1261,7 @@ ip_t *ip;
struct in_addr gwip;
int ptest;
{
#ifdef USE_NANOSLEEP
#ifdef USE_NANOSLEEP
struct timespec ts;
#else
struct timeval tv;
@ -1262,7 +1269,7 @@ int ptest;
udphdr_t *u;
int nfd, i, j, k;
ip->ip_v = IPVERSION;
IP_V_A(ip, IPVERSION);
ip->ip_tos = 0;
ip->ip_off = 0;
ip->ip_ttl = 60;
@ -1273,7 +1280,7 @@ int ptest;
u->uh_dport = htons(9);
u->uh_sum = 0;
nfd = initdevice(dev, u->uh_sport, 1);
nfd = initdevice(dev, 1);
u->uh_ulen = htons(7168);
printf("6. Exhaustive mbuf test.\n");
@ -1284,7 +1291,7 @@ int ptest;
* First send the entire packet in 768 byte chunks.
*/
ip->ip_len = sizeof(*ip) + 768 + sizeof(*u);
ip->ip_hl = sizeof(*ip) >> 2;
IP_HL_A(ip, sizeof(*ip) >> 2);
ip->ip_off = htons(IP_MF);
(void) send_ip(nfd, 1500, ip, gwip, 1);
printf("%d %d\r", i, 0);
@ -1302,7 +1309,7 @@ int ptest;
for (j = 768; j < 3584; j += 768) {
ip->ip_len = sizeof(*ip) + 768;
ip->ip_off = htons(IP_MF|((j>>3) & 0x1fff));
ip->ip_off = htons(IP_MF|(j>>3));
(void) send_ip(nfd, 1500, ip, gwip, 1);
printf("%d %d\r", i, j);
fflush(stdout);
@ -1310,7 +1317,7 @@ int ptest;
ip->ip_len = sizeof(*ip) + 128;
for (k = j - 768; k < j; k += 128) {
ip->ip_off = htons(IP_MF|((k>>3) & 0x1fff));
ip->ip_off = htons(IP_MF|(k>>3));
(void) send_ip(nfd, 1500, ip, gwip, 1);
printf("%d %d\r", i, k);
fflush(stdout);
@ -1333,16 +1340,16 @@ ip_t *ip;
struct in_addr gwip;
int ptest;
{
#ifdef USE_NANOSLEEP
ip_t *pip;
#ifdef USE_NANOSLEEP
struct timespec ts;
#else
struct timeval tv;
#endif
ip_t *pip;
int nfd, i, j;
u_char *s;
nfd = initdevice(dev, 0, 1);
nfd = initdevice(dev, 1);
pip = (ip_t *)tbuf;
srand(time(NULL) ^ (getpid() * getppid()));
@ -1352,7 +1359,7 @@ int ptest;
for (i = 0; i < 512; i++) {
for (s = (u_char *)pip, j = 0; j < sizeof(tbuf); j++, s++)
*s = (rand() >> 13) & 0xff;
pip->ip_v = IPVERSION;
IP_V_A(pip, IPVERSION);
bcopy((char *)&ip->ip_dst, (char *)&pip->ip_dst,
sizeof(struct in_addr));
pip->ip_sum = 0;
@ -1367,7 +1374,7 @@ int ptest;
for (i = 0; i < 512; i++) {
for (s = (u_char *)pip, j = 0; j < sizeof(tbuf); j++, s++)
*s = (rand() >> 13) & 0xff;
pip->ip_v = IPVERSION;
IP_V_A(pip, IPVERSION);
pip->ip_off &= htons(0xc000);
bcopy((char *)&ip->ip_dst, (char *)&pip->ip_dst,
sizeof(struct in_addr));

2
contrib/ipfilter/ipsend/larp.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* larp.c (C) 1995-1998 Darren Reed

2
contrib/ipfilter/ipsend/linux.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1995-1998 by Darren Reed.

2
contrib/ipfilter/ipsend/lsock.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* lsock.c (C) 1995-1998 Darren Reed

2
contrib/ipfilter/ipsend/resend.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* resend.c (C) 1995-1998 Darren Reed

31
contrib/ipfilter/ipsend/sbpf.c
View File

@ -3,17 +3,10 @@
* (C)opyright 1995-1998 Darren Reed. (from tcplog)
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <ctype.h>
#include <signal.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/mbuf.h>
#include <sys/time.h>
#include <sys/timeb.h>
@ -38,11 +31,21 @@
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/tcp.h>
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <ctype.h>
#include <signal.h>
#include <errno.h>
#include "ipsend.h"
#if !defined(lint)
static const char sccsid[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: sbpf.c,v 2.1.4.2 2001/09/30 04:04:28 darrenr Exp $";
static const char rcsid[] = "@(#)Id: sbpf.c,v 2.5 2002/02/24 07:30:03 darrenr Exp";
#endif
/*
@ -52,17 +55,15 @@ static u_char *buf = NULL;
static int bufsize = 0, timeout = 1;
int initdevice(device, sport, tout)
int initdevice(device, tout)
char *device;
int sport, tout;
int tout;
{
struct bpf_version bv;
struct timeval to;
struct ifreq ifr;
char bpfname[16];
int fd, i;
fd = -1;
int fd = 0, i;
for (i = 0; i < 16; i++)
{

2
contrib/ipfilter/ipsend/sdlpi.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)

2
contrib/ipfilter/ipsend/sirix.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed.

2
contrib/ipfilter/ipsend/slinux.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)

2
contrib/ipfilter/ipsend/snit.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)

50
contrib/ipfilter/ipsend/sock.c
View File

@ -3,19 +3,15 @@
* sock.c (C) 1995-1998 Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#if !defined(lint)
static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: sock.c,v 2.8.4.1 2004/03/23 12:58:06 darrenr Exp";
#endif
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stddef.h>
#include <pwd.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/param.h>
#include <sys/stat.h>
#ifndef ultrix
#include <fcntl.h>
@ -25,21 +21,23 @@
#else
# include <sys/dir.h>
#endif
#define _KERNEL
#define KERNEL
#ifdef ultrix
# undef LOCORE
# include <sys/smp_lock.h>
#if !defined(__osf__)
# define _KERNEL
# define KERNEL
# ifdef ultrix
# undef LOCORE
# include <sys/smp_lock.h>
# endif
# include <sys/file.h>
# undef _KERNEL
# undef KERNEL
#endif
#include <sys/file.h>
#undef _KERNEL
#undef KERNEL
#include <nlist.h>
#include <sys/user.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/proc.h>
#if !defined(ultrix) && !defined(hpux)
#if !defined(ultrix) && !defined(hpux) && !defined(__osf__)
# include <kvm.h>
#endif
#ifdef sun
@ -57,18 +55,22 @@
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/if.h>
#if defined(__FreeBSD__)
# include "radix_ipf.h"
#endif
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/in_pcb.h>
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stddef.h>
#include <pwd.h>
#include "ipsend.h"
#if !defined(lint)
static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: sock.c,v 2.1.4.6 2002/12/06 11:40:36 darrenr Exp $";
#endif
int nproc;
struct proc *proc;
@ -381,7 +383,7 @@ struct in_addr gwip;
(void) getsockname(fd, (struct sockaddr *)&lsin, &len);
ti->ti_sport = lsin.sin_port;
printf("sport %d\n", ntohs(lsin.sin_port));
nfd = initdevice(dev, ntohs(lsin.sin_port), 1);
nfd = initdevice(dev, 1);
if (!(t = find_tcp(fd, ti)))
return -1;

2
contrib/ipfilter/ipsend/sockraw.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)opyright 2000 Darren Reed.

2
contrib/ipfilter/ipsend/tcpip.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (c) 1982, 1986, 1993

84
contrib/ipfilter/ipsend/ultrix.c
View File

@ -1,84 +0,0 @@
/*
* (C)opyright 1998 Darren Reed. (from tcplog)
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <strings.h>
#include <unistd.h>
#include <stdlib.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netdnet/dli_var.h>
static struct dli_devid dli_devid;
int initdevice(device, sport, tout)
char *device;
int sport, tout;
{
u_char *s;
int fd;
fd = socket(AF_DLI, SOCK_DGRAM, 0);
if (fd == -1)
perror("socket(AF_DLI,SOCK_DGRAM)");
else {
strncpy(dli_devid.dli_devname, device, DLI_DEVSIZE);
dli_devid.dli_devname[DLI_DEVSIZE] ='\0';
for (s = dli_devid.dli_devname; *s && isalpha((char)*s); s++)
;
if (*s && isdigit((char)*s)) {
dli_devid.dli_devnumber = atoi(s);
}
}
return fd;
}
/*
* output an IP packet onto a fd opened for /dev/bpf
*/
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
{
struct sockaddr_dl dl;
struct sockaddr_edl *edl = &dl.choose_addr.dli_eaddr;
dl.dli_family = AF_DLI;
dl.dli_substructype = DLI_ETHERNET;
bcopy((char *)&dli_devid, (char *)&dl.dli_device, sizeof(dli_devid));
bcopy(pkt, edl->dli_target, DLI_EADDRSIZE);
bcopy(pkt, edl->dli_dest, DLI_EADDRSIZE);
bcopy(pkt + DLI_EADDRSIZE * 2, (char *)&edl->dli_protype, 2);
edl->dli_ioctlflg = 0;
if (sendto(fd, pkt, len, 0, (struct sockaddr *)&dl, sizeof(dl)) == -1)
{
perror("send");
return -1;
}
return len;
}
char *strdup(str)
char *str;
{
char *s;
if ((s = (char *)malloc(strlen(str) + 1)))
return strcpy(s, str);
return NULL;
}

551
contrib/ipfilter/ipt.c
View File

@ -1,551 +0,0 @@
/*
* Copyright (C) 1993-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#if defined(__sgi) && (IRIX > 602)
# define _KMEMUSER
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <assert.h>
#include <string.h>
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__) && !defined(__sgi)
#include <strings.h>
#else
#if !defined(__sgi)
#include <sys/byteorder.h>
#endif
#include <sys/file.h>
#endif
#include <sys/param.h>
#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <netinet/ip_icmp.h>
#include <net/if.h>
#if __FreeBSD_version >= 300000
# include <net/if_var.h>
#endif
#include <netdb.h>
#include <arpa/nameser.h>
#include <arpa/inet.h>
#include <resolv.h>
#include <ctype.h>
#include "ip_compat.h"
#include <netinet/tcpip.h>
#include "ip_fil.h"
#include "ip_nat.h"
#include "ip_state.h"
#include "ip_frag.h"
#include "ipf.h"
#include "ipt.h"
#if !defined(lint)
static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.26 2003/11/09 17:22:21 darrenr Exp $";
#endif
extern char *optarg;
extern struct frentry *ipfilter[2][2];
extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex;
extern struct ifnet *get_unit __P((char *, int));
extern void init_ifp __P((void));
extern ipnat_t *natparse __P((char *, int, int *));
extern int fr_running;
int opts = 0;
int rremove = 0;
int use_inet6 = 0;
int main __P((int, char *[]));
int loadrules __P((char *));
int kmemcpy __P((char *, long, int));
void dumpnat __P((void));
void dumpstate __P((void));
char *getifname __P((void *));
void drain_log __P((char *));
int main(argc,argv)
int argc;
char *argv[];
{
char *datain, *iface, *ifname, *packet, *logout;
int fd, i, dir, c, loaded, dump, hlen;
struct in_addr src;
struct ifnet *ifp;
struct ipread *r;
u_long buf[2048];
ip_t *ip;
dir = 0;
dump = 0;
loaded = 0;
r = &iptext;
iface = NULL;
logout = NULL;
src.s_addr = 0;
ifname = "anon0";
datain = NULL;
nat_init();
fr_stateinit();
initparse();
ipflog_init();
fr_running = 1;
while ((c = getopt(argc, argv, "6bdDEHi:I:l:NoPr:Rs:STvxX")) != -1)
switch (c)
{
case '6' :
#ifdef USE_INET6
use_inet6 = 1;
break;
#else
fprintf(stderr, "IPv6 not supported\n");
exit(1);
#endif
case 'b' :
opts |= OPT_BRIEF;
break;
case 'd' :
opts |= OPT_DEBUG;
break;
case 'D' :
dump = 1;
break;
case 'i' :
datain = optarg;
break;
case 'I' :
ifname = optarg;
break;
case 'l' :
logout = optarg;
break;
case 'o' :
opts |= OPT_SAVEOUT;
break;
case 'r' :
if (loadrules(optarg) == -1)
return -1;
loaded = 1;
break;
case 's' :
src.s_addr = inet_addr(optarg);
break;
case 'v' :
opts |= OPT_VERBOSE;
break;
case 'E' :
r = &etherf;
break;
case 'H' :
r = &iphex;
break;
case 'N' :
opts |= OPT_NAT;
break;
case 'P' :
r = &pcap;
break;
case 'R' :
rremove = 1;
break;
case 'S' :
r = &snoop;
break;
case 'T' :
r = &tcpd;
break;
case 'x' :
opts |= OPT_HEX;
break;
case 'X' :
r = &iptext;
break;
}
if (loaded == 0) {
(void)fprintf(stderr,"no rules loaded\n");
exit(-1);
}
if (opts & OPT_SAVEOUT)
init_ifp();
if (datain)
fd = (*r->r_open)(datain);
else
fd = (*r->r_open)("-");
if (fd < 0)
exit(-1);
ip = (ip_t *)buf;
while ((i = (*r->r_readip)((char *)buf, sizeof(buf),
&iface, &dir)) > 0) {
if (iface == NULL || *iface == '\0')
iface = ifname;
ifp = get_unit(iface, ip->ip_v);
hlen = 0;
if (!use_inet6) {
ip->ip_off = ntohs(ip->ip_off);
ip->ip_len = ntohs(ip->ip_len);
hlen = ip->ip_hl << 2;
if (src.s_addr != 0) {
if (src.s_addr == ip->ip_src.s_addr)
dir = 1;
else if (src.s_addr == ip->ip_dst.s_addr)
dir = 0;
}
}
#ifdef USE_INET6
else
hlen = sizeof(ip6_t);
#endif
if (opts & OPT_VERBOSE) {
printf("%s on [%s]: ", dir ? "out" : "in",
(iface && *iface) ? iface : "??");
}
packet = (char *)buf;
/* ipfr_slowtimer(); */
i = fr_check(ip, hlen, ifp, dir, (mb_t **)&packet);
if ((opts & OPT_NAT) == 0)
switch (i)
{
case -5 :
(void)printf("block return-icmp-as-dest");
break;
case -4 :
(void)printf("block return-icmp");
break;
case -3 :
(void)printf("block return-rst");
break;
case -2 :
(void)printf("auth");
break;
case -1 :
(void)printf("block");
break;
case 0 :
(void)printf("pass");
break;
case 1 :
(void)printf("nomatch");
break;
}
if (!use_inet6) {
ip->ip_off = htons(ip->ip_off);
ip->ip_len = htons(ip->ip_len);
}
if (!(opts & OPT_BRIEF)) {
putchar(' ');
printpacket((ip_t *)buf);
printf("--------------");
} else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF))
printpacket((ip_t *)buf);
#ifndef linux
if (dir && (ifp != NULL) && ip->ip_v && (packet != NULL))
# if defined(__sgi) && (IRIX < 605)
(*ifp->if_output)(ifp, (void *)packet, NULL);
# else
(*ifp->if_output)(ifp, (void *)packet, NULL, 0);
# endif
#endif
if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF))
putchar('\n');
dir = 0;
if (iface != ifname) {
free(iface);
iface = ifname;
}
}
(*r->r_close)();
if (logout != NULL) {
drain_log(logout);
}
if (dump == 1) {
dumpnat();
dumpstate();
}
return 0;
}
/*
* Load in either NAT or ipf rules from a file, which is treated as stdin
* if the name is "-". NOTE, stdin can only be used once as the file is
* closed after use.
*/
int loadrules(file)
char *file;
{
char line[513], *s;
int linenum, i;
void *fr;
FILE *fp;
int parsestatus;
if (!strcmp(file, "-"))
fp = stdin;
else if (!(fp = fopen(file, "r"))) {
(void)fprintf(stderr, "couldn't open %s\n", file);
return (-1);
}
if (!(opts & OPT_BRIEF))
(void)printf("opening rule file \"%s\"\n", file);
linenum = 0;
while (fgets(line, sizeof(line) - 1, fp)) {
linenum++;
/*
* treat both CR and LF as EOL
*/
if ((s = index(line, '\n')))
*s = '\0';
if ((s = index(line, '\r')))
*s = '\0';
/*
* # is comment marker, everything after is a ignored
*/
if ((s = index(line, '#')))
*s = '\0';
if (!*line)
continue;
/* fake an `ioctl' call :) */
if ((opts & OPT_NAT) != 0) {
parsestatus = 1;
fr = natparse(line, linenum, &parsestatus);
if (parsestatus != 0) {
if (*line) {
fprintf(stderr,
"%d: syntax error in \"%s\"\n",
linenum, line);
}
fprintf(stderr, "%s: %s error (%d), quitting\n",
file,
((parsestatus < 0)? "parse": "internal"),
parsestatus);
exit(1);
}
if (!fr)
continue;
if (rremove == 0) {
i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCADNAT,
(caddr_t)&fr,
FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr,
"iplioctl(ADNAT,%p,1) = %d\n",
fr, i);
} else {
i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCRMNAT,
(caddr_t)&fr,
FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr,
"iplioctl(RMNAT,%p,1) = %d\n",
fr, i);
}
} else {
fr = parse(line, linenum, &parsestatus);
if (parsestatus != 0) {
fprintf(stderr, "%s: %s error (%d), quitting\n",
file,
((parsestatus < 0)? "parse": "internal"),
parsestatus);
exit(1);
}
if (!fr) {
continue;
}
if (rremove == 0) {
i = IPL_EXTERN(ioctl)(0, SIOCADAFR,
(caddr_t)&fr,
FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr,
"iplioctl(ADAFR,%p,1) = %d\n",
fr, i);
} else {
i = IPL_EXTERN(ioctl)(0, SIOCRMAFR,
(caddr_t)&fr,
FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr,
"iplioctl(RMAFR,%p,1) = %d\n",
fr, i);
}
}
}
(void)fclose(fp);
return 0;
}
int kmemcpy(addr, offset, size)
char *addr;
long offset;
int size;
{
bcopy((char *)offset, addr, size);
return 0;
}
/*
* Display the built up NAT table rules and mapping entries.
*/
void dumpnat()
{
ipnat_t *ipn;
nat_t *nat;
printf("List of active MAP/Redirect filters:\n");
for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next)
printnat(ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
printf("\nList of active sessions:\n");
for (nat = nat_instances; nat; nat = nat->nat_next)
printactivenat(nat, opts);
}
/*
* Display the built up state table rules and mapping entries.
*/
void dumpstate()
{
ipstate_t *ips;
printf("List of active state sessions:\n");
for (ips = ips_list; ips != NULL; )
ips = printstate(ips, opts & (OPT_DEBUG|OPT_VERBOSE));
}
/*
* Given a pointer to an interface in the kernel, return a pointer to a
* string which is the interface name.
*/
char *getifname(ptr)
void *ptr;
{
#if defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011) || \
defined(__OpenBSD__) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
#else
char buf[32], *s;
int len;
#endif
struct ifnet netif;
if (ptr == (void *)-1)
return "!";
if (ptr == NULL)
return "-";
if (kmemcpy((char *)&netif, (u_long)ptr, sizeof(netif)) == -1)
return "X";
#if defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011) || \
defined(__OpenBSD__) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
return strdup(netif.if_xname);
#else
if (kmemcpy(buf, (u_long)netif.if_name, sizeof(buf)) == -1)
return "X";
if (netif.if_unit < 10)
len = 2;
else if (netif.if_unit < 1000)
len = 3;
else if (netif.if_unit < 10000)
len = 4;
else
len = 5;
buf[sizeof(buf) - len] = '\0';
for (s = buf; *s && !isdigit(*s); s++)
;
if (isdigit(*s))
*s = '\0';
sprintf(buf + strlen(buf), "%d", netif.if_unit % 10000);
return strdup(buf);
#endif
}
void drain_log(filename)
char *filename;
{
char buffer[IPLLOGSIZE];
struct iovec iov;
struct uio uio;
size_t resid;
int fd;
fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY, 0644);
if (fd == -1) {
perror("drain_log:open");
return;
}
while (1) {
bzero((char *)&iov, sizeof(iov));
iov.iov_base = buffer;
iov.iov_len = sizeof(buffer);
bzero((char *)&uio, sizeof(uio));
uio.uio_iov = &iov;
uio.uio_iovcnt = 1;
uio.uio_resid = iov.iov_len;
resid = uio.uio_resid;
if (ipflog_read(0, &uio) == 0) {
/*
* If nothing was read then break out.
*/
if (uio.uio_resid == resid)
break;
write(fd, buffer, resid - uio.uio_resid);
} else
break;
}
close(fd);
}

2
contrib/ipfilter/ipt.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.

244
contrib/ipfilter/kmem.c
View File

@ -1,244 +0,0 @@
/*
* Copyright (C) 1993-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* kmemcpy() - copies n bytes from kernel memory into user buffer.
* returns 0 on success, -1 on error.
*/
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <sys/param.h>
#include <sys/types.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>
#include <stdlib.h>
#include <sys/file.h>
#ifndef __sgi
#include <kvm.h>
#endif
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <net/if.h>
#if __FreeBSD_version >= 300000
# include <net/if_var.h>
#endif
#include "kmem.h"
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "ipf.h"
#ifndef __STDC__
# define const
#endif
#if !defined(lint)
static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.18 2003/11/09 17:22:22 darrenr Exp $";
#endif
#ifdef __sgi
typedef int kvm_t;
static int kvm_fd = -1;
static char *kvm_errstr = NULL;
kvm_t *kvm_open(kernel, core, swap, mode, errstr)
char *kernel, *core, *swap;
int mode;
char *errstr;
{
kvm_errstr = errstr;
if (core == NULL)
core = "/dev/kmem";
kvm_fd = open(core, mode);
return (kvm_fd >= 0) ? (kvm_t *)&kvm_fd : NULL;
}
int kvm_read(kvm, pos, buffer, size)
kvm_t *kvm;
u_long pos;
char *buffer;
size_t size;
{
size_t left;
char *bufp;
int r;
if (lseek(*kvm, pos, 0) == -1) {
if (kvm_errstr != NULL) {
fprintf(stderr, "%s:", kvm_errstr);
perror("lseek");
}
return -1;
}
for (bufp = buffer, left = size; left > 0; bufp += r, left -= r) {
r = read(*kvm, bufp, 1);
if (r <= 0)
return -1;
}
return size;
}
#endif
static kvm_t *kvm_f = NULL;
int openkmem(kern, core)
char *kern, *core;
{
union {
int ui;
kvm_t *uk;
} k;
kvm_f = kvm_open(kern, core, NULL, O_RDONLY, NULL);
if (kvm_f == NULL)
{
perror("openkmem:open");
return -1;
}
k.uk = kvm_f;
return k.ui;
}
int kmemcpy(buf, pos, n)
register char *buf;
long pos;
register int n;
{
register int r;
if (!n)
return 0;
if (kvm_f == NULL)
if (openkmem(NULL, NULL) == -1)
return -1;
while ((r = kvm_read(kvm_f, pos, buf, (size_t)n)) < n)
if (r <= 0)
{
fprintf(stderr, "pos=0x%x ", (u_int)pos);
perror("kmemcpy:read");
return -1;
}
else
{
buf += r;
pos += r;
n -= r;
}
return 0;
}
int kstrncpy(buf, pos, n)
register char *buf;
long pos;
register int n;
{
register int r;
if (!n)
return 0;
if (kvm_f == NULL)
if (openkmem(NULL, NULL) == -1)
return -1;
while (n > 0)
{
r = kvm_read(kvm_f, pos, buf, (size_t)1);
if (r <= 0)
{
fprintf(stderr, "pos=0x%x ", (u_int)pos);
perror("kstrncpy:read");
return -1;
}
else
{
if (*buf == '\0')
break;
buf++;
pos++;
n--;
}
}
return 0;
}
/*
* Given a pointer to an interface in the kernel, return a pointer to a
* string which is the interface name.
*/
char *getifname(ptr)
void *ptr;
{
#if SOLARIS
char *ifname;
ill_t ill;
if (ptr == (void *)-1)
return "!";
if (ptr == NULL)
return "-";
if (kmemcpy((char *)&ill, (u_long)ptr, sizeof(ill)) == -1)
return "X";
ifname = malloc(ill.ill_name_length + 1);
if (kmemcpy(ifname, (u_long)ill.ill_name,
ill.ill_name_length) == -1)
return "X";
return ifname;
#else
# if defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011) || \
defined(__OpenBSD__) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
#else
char buf[32];
int len;
# endif
struct ifnet netif;
if (ptr == (void *)-1)
return "!";
if (ptr == NULL)
return "-";
if (kmemcpy((char *)&netif, (u_long)ptr, sizeof(netif)) == -1)
return "X";
# if defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011) || \
defined(__OpenBSD__) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
return strdup(netif.if_xname);
# else
if (kstrncpy(buf, (u_long)netif.if_name, sizeof(buf)) == -1)
return "X";
if (netif.if_unit < 10)
len = 2;
else if (netif.if_unit < 1000)
len = 3;
else if (netif.if_unit < 10000)
len = 4;
else
len = 5;
buf[sizeof(buf) - len] = '\0';
sprintf(buf + strlen(buf), "%d", netif.if_unit % 10000);
return strdup(buf);
# endif
#endif
}

2
contrib/ipfilter/kmem.h
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.

2
contrib/ipfilter/l4check/l4check.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* (C)Copyright March, 2000 - Darren Reed.

2
contrib/ipfilter/lib/addicmp.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.

2
contrib/ipfilter/lib/addipopt.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.

2
contrib/ipfilter/lib/addkeep.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.

2
contrib/ipfilter/lib/bcopywrap.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
#include "ipf.h"

2
contrib/ipfilter/lib/binprint.c
View File

@ -1,4 +1,4 @@
/* $NetBSD$ */
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.

Some files were not shown because too many files have changed in this diff Show More