This commit was generated by cvs2svn to compensate for changes in r37074,
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
commit
847a1ab264
|
@ -1,3 +1,7 @@
|
|||
If you have BOTH GNU make and the normal make shipped with your system,
|
||||
DO NOT use the GNU make to build this package. If you have any errors
|
||||
relating to "(" or "TOP", check that you are using /usr/ccs/bin/make as
|
||||
shipped with Solaris 2.
|
||||
|
||||
If you get the following error whilst compiling:
|
||||
|
||||
|
|
|
@ -0,0 +1,707 @@
|
|||
diff -c -r ./ftp-gw/ftp-gw.c ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c
|
||||
*** ./ftp-gw/ftp-gw.c Thu Feb 5 19:05:43 1998
|
||||
--- ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c Thu May 21 17:36:09 1998
|
||||
***************
|
||||
*** 44,49 ****
|
||||
--- 44,51 ----
|
||||
|
||||
extern char *optarg;
|
||||
|
||||
+ char *getdsthost();
|
||||
+
|
||||
#include "firewall.h"
|
||||
|
||||
|
||||
***************
|
||||
*** 88,93 ****
|
||||
--- 90,97 ----
|
||||
static int cmdcnt = 0;
|
||||
static int timeout = PROXY_TIMEOUT;
|
||||
|
||||
+ static int do_transparent = 0;
|
||||
+
|
||||
|
||||
static int cmd_user();
|
||||
static int cmd_authorize();
|
||||
***************
|
||||
*** 101,106 ****
|
||||
--- 105,111 ----
|
||||
static int cmd_passthru();
|
||||
static void saveline();
|
||||
static void flushsaved();
|
||||
+ static int connectdest();
|
||||
|
||||
#define OP_CONN 001 /* only valid if connected */
|
||||
#define OP_WCON 002 /* writethrough if connected */
|
||||
***************
|
||||
*** 173,178 ****
|
||||
--- 178,184 ----
|
||||
char xuf[1024];
|
||||
char huf[512];
|
||||
char *passuser = (char *)0; /* passed user as av */
|
||||
+ char *psychic, *hotline;
|
||||
|
||||
#ifndef LOG_DAEMON
|
||||
openlog("ftp-gw",LOG_PID);
|
||||
***************
|
||||
*** 317,322 ****
|
||||
--- 323,332 ----
|
||||
} else
|
||||
timeout = PROXY_TIMEOUT;
|
||||
|
||||
+ psychic = getdsthost(0, NULL);
|
||||
+ if (psychic)
|
||||
+ do_transparent++;
|
||||
+
|
||||
/* display a welcome file or message */
|
||||
if(passuser == (char *)0) {
|
||||
if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
|
||||
***************
|
||||
*** 324,329 ****
|
||||
--- 334,345 ----
|
||||
syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
|
||||
exit(1);
|
||||
}
|
||||
+ if (do_transparent) {
|
||||
+ if (sayfile2(0, cf->argv[0], 220)) {
|
||||
+ syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ } else
|
||||
if(sayfile(0,cf->argv[0],220)) {
|
||||
syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]);
|
||||
exit(1);
|
||||
***************
|
||||
*** 336,341 ****
|
||||
--- 352,360 ----
|
||||
if(say(0,"220-Proxy first requires authentication"))
|
||||
exit(1);
|
||||
|
||||
+ if (do_transparent)
|
||||
+ sprintf(xuf, "220-%s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR);
|
||||
+ else
|
||||
sprintf(xuf, "220 %s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR);
|
||||
if(say(0,xuf))
|
||||
exit(1);
|
||||
***************
|
||||
*** 357,362 ****
|
||||
--- 376,384 ----
|
||||
exit(1);
|
||||
}
|
||||
|
||||
+ if (do_transparent)
|
||||
+ connectdest(psychic, 21);
|
||||
+
|
||||
/* main loop */
|
||||
while(1) {
|
||||
FD_ZERO(&rdy);
|
||||
***************
|
||||
*** 653,658 ****
|
||||
--- 675,696 ----
|
||||
return(sayn(0,noad,sizeof(noad)-1));
|
||||
}
|
||||
|
||||
+ if (do_transparent) {
|
||||
+ if((rfd == (-1)) && (x = connectdest(dest,port)))
|
||||
+ return x;
|
||||
+
|
||||
+ sprintf(buf,"USER %s",user);
|
||||
+
|
||||
+ if (say(rfd, buf))
|
||||
+ return(1);
|
||||
+
|
||||
+ x = getresp(rfd, buf, sizeof(buf), 1);
|
||||
+ if (sendsaved(0, x))
|
||||
+ return(1);
|
||||
+
|
||||
+ return(say(0, buf));
|
||||
+ }
|
||||
+
|
||||
if(*dest == '\0')
|
||||
dest = "localhost";
|
||||
|
||||
***************
|
||||
*** 694,705 ****
|
||||
char ebuf[512];
|
||||
|
||||
strcpy(ebuf,buf);
|
||||
! sprintf(buf,"521 %s: %s",dest,ebuf);
|
||||
rfd = -1;
|
||||
return(say(0,buf));
|
||||
}
|
||||
! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
|
||||
! saveline(buf);
|
||||
|
||||
/* we are now connected and need to try the autologin thing */
|
||||
x = getresp(rfd,buf,sizeof(buf),1);
|
||||
--- 732,748 ----
|
||||
char ebuf[512];
|
||||
|
||||
strcpy(ebuf,buf);
|
||||
! if (do_transparent)
|
||||
! sprintf(buf, "521 %s,%d: %s", dest, ntohs(port), ebuf);
|
||||
! else
|
||||
! sprintf(buf,"521 %s: %s",dest,ebuf);
|
||||
rfd = -1;
|
||||
return(say(0,buf));
|
||||
}
|
||||
! if (!do_transparent) {
|
||||
! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
|
||||
! saveline(buf);
|
||||
! }
|
||||
|
||||
/* we are now connected and need to try the autologin thing */
|
||||
x = getresp(rfd,buf,sizeof(buf),1);
|
||||
***************
|
||||
*** 1889,1891 ****
|
||||
--- 1932,2050 ----
|
||||
dup(nread);
|
||||
}
|
||||
#endif
|
||||
+
|
||||
+ static int connectdest(dest, port)
|
||||
+ char *dest;
|
||||
+ short port;
|
||||
+ {
|
||||
+ char buf[1024], mbuf[512];
|
||||
+ int msg_int, x;
|
||||
+
|
||||
+ if(*dest == '\0')
|
||||
+ dest = "localhost";
|
||||
+
|
||||
+ if(validests != (char **)0) {
|
||||
+ char **xp;
|
||||
+ int x;
|
||||
+
|
||||
+ for(xp = validests; *xp != (char *)0; xp++) {
|
||||
+ if(**xp == '!' && hostmatch(*xp + 1,dest)) {
|
||||
+ return(baddest(0,dest));
|
||||
+ } else {
|
||||
+ if(hostmatch(*xp,dest))
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ if(*xp == (char *)0)
|
||||
+ return(baddest(0,dest));
|
||||
+ }
|
||||
+
|
||||
+ /* Extended permissions processing goes in here for destination */
|
||||
+ if(extendperm) {
|
||||
+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
|
||||
+ if(msg_int == 1) {
|
||||
+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
|
||||
+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
|
||||
+ say(0,mbuf);
|
||||
+ return(1);
|
||||
+ } else {
|
||||
+ if(msg_int == -1) {
|
||||
+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
|
||||
+ say(0,mbuf);
|
||||
+ return(1);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
|
||||
+
|
||||
+ if((rfd = conn_server(dest,port,0,buf)) < 0) {
|
||||
+ char ebuf[512];
|
||||
+
|
||||
+ strcpy(ebuf,buf);
|
||||
+ if (do_transparent)
|
||||
+ sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
|
||||
+ else
|
||||
+ sprintf(buf,"521 %s: %s",dest,ebuf);
|
||||
+ rfd = -1;
|
||||
+ return(say(0,buf));
|
||||
+ }
|
||||
+ if (!do_transparent) {
|
||||
+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
|
||||
+ saveline(buf);
|
||||
+ }
|
||||
+
|
||||
+ /* we are now connected and need to try the autologin thing */
|
||||
+ x = getresp(rfd,buf,sizeof(buf),1);
|
||||
+ if(x / 100 != COMPLETE) {
|
||||
+ sendsaved(0,-1);
|
||||
+ return(say(0,buf));
|
||||
+ }
|
||||
+ saveline(buf);
|
||||
+
|
||||
+ sendsaved(0,-1);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ /* quick hack */
|
||||
+ sayfile2(fd,fn,code)
|
||||
+ int fd;
|
||||
+ char *fn;
|
||||
+ int code;
|
||||
+ {
|
||||
+ FILE *f;
|
||||
+ char buf[BUFSIZ];
|
||||
+ char yuf[BUFSIZ];
|
||||
+ char *c;
|
||||
+ int x;
|
||||
+ int saidsomething = 0;
|
||||
+
|
||||
+ if((f = fopen(fn,"r")) == (FILE *)0)
|
||||
+ return(1);
|
||||
+ while(fgets(buf,sizeof(buf),f) != (char *)0) {
|
||||
+ if((c = index(buf,'\n')) != (char *)0)
|
||||
+ *c = '\0';
|
||||
+ x = fgetc(f);
|
||||
+ if(feof(f))
|
||||
+ sprintf(yuf,"%3.3d-%s",code,buf);
|
||||
+ else {
|
||||
+ sprintf(yuf,"%3.3d-%s",code,buf);
|
||||
+ ungetc(x,f);
|
||||
+ }
|
||||
+ if(say(fd,yuf)) {
|
||||
+ fclose(f);
|
||||
+ return(1);
|
||||
+ }
|
||||
+ saidsomething++;
|
||||
+ }
|
||||
+ fclose(f);
|
||||
+ if (!saidsomething) {
|
||||
+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
|
||||
+ sprintf(yuf, "%3.3d The file to display is empty",code);
|
||||
+ if(say(fd,yuf)) {
|
||||
+ fclose(f);
|
||||
+ return(1);
|
||||
+ }
|
||||
+ }
|
||||
+ return(0);
|
||||
+ }
|
||||
diff -c -r ./http-gw/http-gw.c ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c
|
||||
*** ./http-gw/http-gw.c Fri Feb 6 18:32:25 1998
|
||||
--- ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c Thu May 21 17:00:47 1998
|
||||
***************
|
||||
*** 27,32 ****
|
||||
--- 27,35 ----
|
||||
static char http_buffer[8192];
|
||||
static char reason[8192];
|
||||
static int checkBrowserType = 1;
|
||||
+ static int do_transparent = 0;
|
||||
+
|
||||
+ char * getdsthost();
|
||||
|
||||
static void do_logging()
|
||||
{ char *proto = "GOPHER";
|
||||
***************
|
||||
*** 473,478 ****
|
||||
--- 476,490 ----
|
||||
/*(NOT A SPECIAL FORM)*/
|
||||
|
||||
if((rem_type & TYPE_LOCAL)== 0){
|
||||
+ char * psychic = getdsthost(sockfd, &def_port);
|
||||
+ if (psychic) {
|
||||
+ if (strlen(psychic) <= MAXHOSTNAMELEN) {
|
||||
+ do_transparent ++;
|
||||
+ strncpy(def_httpd, psychic, strlen(psychic));
|
||||
+ strncpy(def_server, psychic, strlen(psychic));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
/* See if it can be forwarded */
|
||||
|
||||
if( can_forward(buf)){
|
||||
***************
|
||||
*** 1564,1570 ****
|
||||
parse_vec[0],
|
||||
parse_vec[1],
|
||||
ourname, ourport);
|
||||
! }else{
|
||||
sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
|
||||
parse_vec[0], parse_vec[2],
|
||||
parse_vec[3], chk_type_ch,
|
||||
--- 1576,1589 ----
|
||||
parse_vec[0],
|
||||
parse_vec[1],
|
||||
ourname, ourport);
|
||||
! }
|
||||
! else
|
||||
! if (do_transparent) {
|
||||
! sprintf(new_reply, "%s\t%s\t%s\t%s",
|
||||
! parse_vec[0], parse_vec[1],
|
||||
! parse_vec[2],parse_vec[3]);
|
||||
! }
|
||||
! else {
|
||||
sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
|
||||
parse_vec[0], parse_vec[2],
|
||||
parse_vec[3], chk_type_ch,
|
||||
diff -c -r ./lib/hnam.c ../../fwtk-2.1-violated/fwtk/lib/hnam.c
|
||||
*** ./lib/hnam.c Tue Dec 10 13:08:48 1996
|
||||
--- ../../fwtk-2.1-violated/fwtk/lib/hnam.c Thu May 21 17:10:00 1998
|
||||
***************
|
||||
*** 23,28 ****
|
||||
--- 23,33 ----
|
||||
|
||||
#include "firewall.h"
|
||||
|
||||
+ #ifdef __FreeBSD__ /* or OpenBSD, NetBSD, BSDI, etc. Fix this for your system. */
|
||||
+ #include <net/if.h>
|
||||
+ #include "ip_nat.h"
|
||||
+ #endif /* __FreeBSD__ */
|
||||
+
|
||||
|
||||
char *
|
||||
maphostname(name)
|
||||
***************
|
||||
*** 49,52 ****
|
||||
--- 54,132 ----
|
||||
}
|
||||
bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
|
||||
return(inet_ntoa(sin.sin_addr));
|
||||
+ }
|
||||
+
|
||||
+ char *getdsthost(fd, ptr)
|
||||
+ int fd;
|
||||
+ int *ptr;
|
||||
+ {
|
||||
+ struct sockaddr_in sin;
|
||||
+ struct hostent * hp;
|
||||
+ int sl = sizeof(struct sockaddr_in), err = 0, local_h = 0, i = 0;
|
||||
+ char buf[255], hostbuf[255];
|
||||
+ #ifdef __FreeBSD__
|
||||
+ struct sockaddr_in rsin;
|
||||
+ struct natlookup natlookup;
|
||||
+ #endif
|
||||
+
|
||||
+ #ifdef linux
|
||||
+ if (!(err = getsockname(0, &sin, &sl))) {
|
||||
+ if(ptr)
|
||||
+ * ptr = ntohs(sin.sin_port);
|
||||
+
|
||||
+ sprintf(buf, "%s", inet_ntoa(sin.sin_addr));
|
||||
+ gethostname(hostbuf, 254);
|
||||
+ hp = gethostbyname(hostbuf);
|
||||
+ while (hp->h_addr_list[i]) {
|
||||
+ bzero(&sin, &sl);
|
||||
+ memcpy(&sin.sin_addr, hp->h_addr_list[i++],
|
||||
+ sizeof(hp->h_addr_list[i++]));
|
||||
+
|
||||
+ if (!strcmp(buf, inet_ntoa(sin.sin_addr)))
|
||||
+ local_h++;
|
||||
+ }
|
||||
+
|
||||
+ if(local_h)
|
||||
+ return(NULL);
|
||||
+ else
|
||||
+ return(buf);
|
||||
+ }
|
||||
+ #endif
|
||||
+
|
||||
+ #ifdef __FreeBSD__
|
||||
+ /* The basis for this block of code is Darren Reed's
|
||||
+ * patches to the TIS ftwk's ftp-gw.
|
||||
+ */
|
||||
+ bzero((char*)&sin, sizeof(sin));
|
||||
+ bzero((char*)&rsin, sizeof(rsin));
|
||||
+
|
||||
+ if (getsockname(fd, (struct sockaddr*)&sin, &sl) < 0)
|
||||
+ return NULL;
|
||||
+
|
||||
+ sl = sizeof(rsin);
|
||||
+
|
||||
+ if(getpeername(fd, (struct sockaddr*)&rsin, &sl) < 0)
|
||||
+ return NULL;
|
||||
+
|
||||
+ natlookup.nl_inport=sin.sin_port;
|
||||
+ natlookup.nl_outport=rsin.sin_port;
|
||||
+ natlookup.nl_inip=sin.sin_addr;
|
||||
+ natlookup.nl_outip=rsin.sin_addr;
|
||||
+
|
||||
+ if ((natfd = open("/dev/ipl",O_RDONLY)) < 0)
|
||||
+ return NULL;
|
||||
+
|
||||
+ if (ioctl(natfd, SIOCGNATL,&natlookup) == (-1))
|
||||
+ return NULL;
|
||||
+
|
||||
+ close(natfd);
|
||||
+
|
||||
+ if (ptr)
|
||||
+ *ptr = ntohs(natlookup.nl_inport);
|
||||
+
|
||||
+ sprintf(buf, "%s", inet_ntoa(natlookup.nl_inip));
|
||||
+ #endif
|
||||
+
|
||||
+ /* No transparent proxy support */
|
||||
+ return(NULL);
|
||||
}
|
||||
diff -c -r ./plug-gw/plug-gw.c ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c
|
||||
*** ./plug-gw/plug-gw.c Thu Feb 5 19:07:35 1998
|
||||
--- ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c Thu May 21 17:29:01 1998
|
||||
***************
|
||||
*** 43,48 ****
|
||||
--- 43,50 ----
|
||||
static char **validdests = (char **)0;
|
||||
static int net_write();
|
||||
|
||||
+ static int do_transparent = 0;
|
||||
+
|
||||
main(ac,av)
|
||||
int ac;
|
||||
char *av[];
|
||||
***************
|
||||
*** 198,206 ****
|
||||
--- 200,220 ----
|
||||
char *ptr;
|
||||
int state = 0;
|
||||
int ssl_plug = 0;
|
||||
+ char * getdsthost();
|
||||
+ int pport = 0;
|
||||
|
||||
struct timeval timo;
|
||||
|
||||
+ /* Transparent plug-gw is probably a bad idea, but then, plug-gw is a bad
|
||||
+ * idea ..
|
||||
+ */
|
||||
+ dhost = getdsthost(0, &pport);
|
||||
+ if (dhost) {
|
||||
+ do_transparent++;
|
||||
+ portid = pport;
|
||||
+ }
|
||||
+
|
||||
+
|
||||
if(c->flags & PERM_DENY) {
|
||||
if (p == -1)
|
||||
syslog(LLEV,"deny host=%.512s/%.20s port=any",rhost,raddr);
|
||||
***************
|
||||
*** 220,226 ****
|
||||
syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
|
||||
exit (1);
|
||||
}
|
||||
! dhost = av[x];
|
||||
continue;
|
||||
}
|
||||
|
||||
--- 234,241 ----
|
||||
syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
|
||||
exit (1);
|
||||
}
|
||||
! if (!dhost)
|
||||
! dhost = av[x];
|
||||
continue;
|
||||
}
|
||||
|
||||
diff -c -r ./rlogin-gw/rlogin-gw.c ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c
|
||||
*** ./rlogin-gw/rlogin-gw.c Thu Feb 5 19:08:38 1998
|
||||
--- ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c Thu May 21 17:20:25 1998
|
||||
***************
|
||||
*** 103,108 ****
|
||||
--- 103,111 ----
|
||||
static int trusted = 0;
|
||||
static int doX = 0;
|
||||
static char *prompt;
|
||||
+ static int do_transparent = 0;
|
||||
+
|
||||
+ char * getdsthost();
|
||||
|
||||
main(ac,av)
|
||||
int ac;
|
||||
***************
|
||||
*** 123,128 ****
|
||||
--- 126,132 ----
|
||||
static char *tokav[56];
|
||||
int tokac;
|
||||
struct timeval timo;
|
||||
+ char * psychic;
|
||||
|
||||
#ifndef LOG_NDELAY
|
||||
openlog("rlogin-gw",LOG_PID);
|
||||
***************
|
||||
*** 188,194 ****
|
||||
xforwarder = cf->argv[0];
|
||||
}
|
||||
|
||||
!
|
||||
|
||||
if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
|
||||
if(cf->argc != 1) {
|
||||
--- 192,203 ----
|
||||
xforwarder = cf->argv[0];
|
||||
}
|
||||
|
||||
! psychic = getdsthost(0, NULL);
|
||||
! if (psychic) {
|
||||
! do_transparent++;
|
||||
! strncpy(dest, psychic, 511);
|
||||
! dest[511] = '\0';
|
||||
! }
|
||||
|
||||
if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
|
||||
if(cf->argc != 1) {
|
||||
***************
|
||||
*** 266,271 ****
|
||||
--- 275,281 ----
|
||||
if((p = index(rusername,'@')) != (char *)0) {
|
||||
char *namp;
|
||||
|
||||
+ dest[0] = '\0';
|
||||
*p++ = '\0';
|
||||
if(*p == '\0')
|
||||
p = "localhost";
|
||||
***************
|
||||
*** 297,302 ****
|
||||
--- 307,326 ----
|
||||
|
||||
if(dest[0] != '\0') {
|
||||
/* Setup connection directly to remote machine */
|
||||
+ if ((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
|
||||
+ if (cf->argc != 1) {
|
||||
+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ if (sayfile(0, cf->argv[0])) {
|
||||
+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* Hey fwtk developer people -- this connect_dest thing is *nasty!* */
|
||||
+
|
||||
sprintf(buf,"connect %.1000s",dest);
|
||||
tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf));
|
||||
if (cmd_connect(tokac, tokav, buf) != 2)
|
||||
***************
|
||||
*** 535,548 ****
|
||||
char ebuf[512];
|
||||
|
||||
syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp);
|
||||
! if(strlen(namp) > 20)
|
||||
! namp[20] = '\0';
|
||||
! if(rusername[0] != '\0')
|
||||
! sprintf(ebuf,"Trying %s@%s...",rusername,namp);
|
||||
! else
|
||||
! sprintf(ebuf,"Trying %s...",namp);
|
||||
! if(say(0,ebuf))
|
||||
! return(1);
|
||||
} else
|
||||
syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]);
|
||||
if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
|
||||
--- 559,574 ----
|
||||
char ebuf[512];
|
||||
|
||||
syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp);
|
||||
! if (!do_transparent) {
|
||||
! if(strlen(namp) > 20)
|
||||
! namp[20] = '\0';
|
||||
! if(rusername[0] != '\0')
|
||||
! sprintf(ebuf,"Trying %s@%s...",rusername,namp);
|
||||
! else
|
||||
! sprintf(ebuf,"Trying %s...",namp);
|
||||
! if(say(0,ebuf))
|
||||
! return(1);
|
||||
! }
|
||||
} else
|
||||
syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]);
|
||||
if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
|
||||
diff -c -r ./tn-gw/tn-gw.c ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c
|
||||
*** ./tn-gw/tn-gw.c Thu Feb 5 19:11:36 1998
|
||||
--- ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c Thu May 21 17:25:06 1998
|
||||
***************
|
||||
*** 91,96 ****
|
||||
--- 91,100 ----
|
||||
static int cmd_xforward();
|
||||
static int cmd_timeout();
|
||||
|
||||
+ char * getdsthost();
|
||||
+
|
||||
+ static int do_transparent = 0;
|
||||
+
|
||||
static int tn3270 = 1; /* don't do tn3270 stuff */
|
||||
static int doX;
|
||||
|
||||
***************
|
||||
*** 144,149 ****
|
||||
--- 148,155 ----
|
||||
char tokbuf[BSIZ];
|
||||
char *tokav[56];
|
||||
int tokac;
|
||||
+ int port;
|
||||
+ char * psychic;
|
||||
|
||||
#ifndef LOG_DAEMON
|
||||
openlog("tn-gw",LOG_PID);
|
||||
***************
|
||||
*** 325,330 ****
|
||||
--- 331,362 ----
|
||||
}
|
||||
}
|
||||
|
||||
+ psychic = getdsthost(0, &port);
|
||||
+ if (psychic) {
|
||||
+ if ((strlen(psychic) + 10) < 510) {
|
||||
+ do_transparent++;
|
||||
+ if (port)
|
||||
+ sprintf(dest, "%s:%d", psychic, port);
|
||||
+ else
|
||||
+ sprintf(dest, "%s", psychic);
|
||||
+
|
||||
+ if (!welcomedone)
|
||||
+ if ((cf = cfg_get("welcome-msg", confp)) != (Cfg *)0) {
|
||||
+ if (cf->argc != 1) {
|
||||
+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ if (sayfile(0, cf->argv[0])) {
|
||||
+ syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ welcomedone = 1;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
while (argc > 1) {
|
||||
argc--;
|
||||
argv++;
|
||||
***************
|
||||
*** 947,955 ****
|
||||
char ebuf[512];
|
||||
|
||||
syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp);
|
||||
! sprintf(ebuf,"Trying %.100s port %d...",namp,port);
|
||||
! if(say(0,ebuf))
|
||||
! return(1);
|
||||
} else
|
||||
syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
|
||||
|
||||
--- 979,989 ----
|
||||
char ebuf[512];
|
||||
|
||||
syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp);
|
||||
! if (!do_transparent) {
|
||||
! sprintf(ebuf,"Trying %.100s port %d...",namp,port);
|
||||
! if(say(0,ebuf))
|
||||
! return(1);
|
||||
! }
|
||||
} else
|
||||
syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
|
||||
|
||||
***************
|
||||
*** 991,998 ****
|
||||
|
||||
syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
|
||||
strncpy(dest,av[1], 511);
|
||||
! sprintf(buf, "Connected to %.512s.", dest);
|
||||
! say(0, buf);
|
||||
return(2);
|
||||
}
|
||||
|
||||
--- 1025,1034 ----
|
||||
|
||||
syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
|
||||
strncpy(dest,av[1], 511);
|
||||
! if (!do_transparent) {
|
||||
! sprintf(buf, "Connected to %.512s.", dest);
|
||||
! say(0, buf);
|
||||
! }
|
||||
return(2);
|
||||
}
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
*** /sys/conf/files.orig Sat May 24 14:05:28 1997
|
||||
--- /sys/conf/files Sat May 24 14:06:44 1997
|
||||
*** files.orig Tue Sep 9 16:58:40 1997
|
||||
--- files Sat Apr 4 10:52:58 1998
|
||||
***************
|
||||
*** 217,222 ****
|
||||
--- 217,230 ----
|
||||
*** 222,227 ****
|
||||
--- 222,236 ----
|
||||
netinet/tcp_timer.c optional inet
|
||||
netinet/tcp_usrreq.c optional inet
|
||||
netinet/udp_usrreq.c optional inet
|
||||
|
@ -17,4 +17,4 @@
|
|||
+ netinet/ip_log.c optional ipfilter inet
|
||||
netipx/ipx.c optional ipx
|
||||
netipx/ipx_cksum.c optional ipx
|
||||
netipx/ipx_error.c optional ipx
|
||||
netipx/ipx_input.c optional ipx
|
||||
|
|
|
@ -5,6 +5,62 @@
|
|||
# Thanks to Craig Bishop of connect.com.au and Sun Microsystems for the
|
||||
# loan of a machine to work on a Solaris 2.x port of this software.
|
||||
#
|
||||
# Thanks to BSDI for providing object files for BSD/OS 3.1 and the means
|
||||
# to further support development of IP Filter under BSDI.
|
||||
#
|
||||
# Thanks also to all those who have contributed patches and other code,
|
||||
# and especially those who have found the time to port IP Filter to new
|
||||
# platforms.
|
||||
|
||||
3.2.7 24/05/98 - Released
|
||||
|
||||
u_long -> u_32_t conversions
|
||||
|
||||
patches from Bernd Ernesti for NetBSD
|
||||
|
||||
fixup ipmon to actually handle HUP's.
|
||||
|
||||
Linux fixes from Michael H. Warfield (mhw@wittsend.com)
|
||||
|
||||
update for keep state patch (not security related) - Guido
|
||||
|
||||
dumphex() uses stdout rather than log
|
||||
|
||||
3.2.6 18/05/98 - Released
|
||||
|
||||
fix potential security loop hole in keep state code.
|
||||
|
||||
update examples.
|
||||
|
||||
3.2.5 09/05/98 - Released
|
||||
|
||||
BSD/OS 3.1 .o files added for the kernel.
|
||||
|
||||
fix sequence # skew vs window size check.
|
||||
|
||||
fix minimum ICMP header size check.
|
||||
|
||||
remove references to Cybersource.
|
||||
|
||||
fix my email address.
|
||||
|
||||
remove ntohl in ipnat - Thomas Tornblom
|
||||
|
||||
3.2.4 09/04/98 - Released
|
||||
|
||||
add script to make devices for /dev on BSD boxes
|
||||
|
||||
fixup building into the kernel for FreeBSD 2.2.5
|
||||
|
||||
add -D command line option to ipmon to make it a daemon and SIGHUP causes
|
||||
it to close and reopen the logfile
|
||||
|
||||
fixup make clean and make package for SunOS5 - Marc Boucher
|
||||
|
||||
postinstall keeps adding "minor=ipf ipl" - George Ross <gdmr@dcs.ed.ac.uk>
|
||||
|
||||
protected by IP Filter gif - Sergey Solyanik <solik@atom.ru>
|
||||
|
||||
3.2.3 10/11/97 - Released
|
||||
|
||||
fix some iplang bugs
|
||||
|
|
|
@ -42,5 +42,5 @@ If you have BOTH GNU make and the normal make shipped with your system,
|
|||
DO NOT use the GNU make to build this package.
|
||||
|
||||
Darren
|
||||
darrenr@cyber.com.au
|
||||
darrenr@pobox.com
|
||||
****************************************
|
||||
|
|
|
@ -44,6 +44,7 @@ To build a kernel with the IP filter, follow these steps:
|
|||
mknod /dev/ipl c 79 0
|
||||
mknod /dev/ipnat c 79 1
|
||||
mknod /dev/ipstate c 79 2
|
||||
mknod /dev/ipauth c 79 3
|
||||
|
||||
5b) For versions prior to FreeBSD 2.2:
|
||||
create devices for IP Filter as follows (assuming it was
|
||||
|
@ -51,8 +52,9 @@ To build a kernel with the IP filter, follow these steps:
|
|||
mknod /dev/ipl c 20 0
|
||||
mknod /dev/ipnat c 20 1
|
||||
mknod /dev/ipstate c 20 2
|
||||
mknod /dev/ipauth c 20 3
|
||||
|
||||
6. install and reboot with the new kernel
|
||||
|
||||
Darren Reed
|
||||
darrenr@cyber.com.au
|
||||
darrenr@pobox.com
|
||||
|
|
|
@ -41,8 +41,9 @@ To build a kernel with the IP filter, follow these steps:
|
|||
mknod /dev/ipl c 20 0
|
||||
mknod /dev/ipnat c 20 1
|
||||
mknod /dev/ipstate c 20 2
|
||||
mknod /dev/ipauth c 20 3
|
||||
|
||||
6. install and reboot with the new kernel
|
||||
|
||||
Darren Reed
|
||||
darrenr@cyber.com.au
|
||||
darrenr@pobox.com
|
||||
|
|
|
@ -19,11 +19,12 @@ The first step is to make the IP Filter binaries. Do this with a
|
|||
"make linux" from the ip_fil3.2.x directory. If this completes with
|
||||
no errors, install IP Filter with a "make install-linux".
|
||||
|
||||
Now that the user part of it is complete, it is time to work on the
|
||||
kernel. To start this off, run "Linux/kinstall". This will patch your
|
||||
kernel source code and configuration files so you can enabled IP Filter.
|
||||
You must now go to /usr/src/linux and configure your kernel using one of
|
||||
the available interfaces to enable IP Filter. IP Filter will be presented
|
||||
Now that the user part of it is complete, it is time to work on the kernel.
|
||||
To start this off, run "Linux/minstall". This will configure the devices
|
||||
you will need for the IP Filter. Then run "Linux/kinstall". This will
|
||||
patch your kernel source code and configuration files so you can enabled IP
|
||||
Filter. You must now go to /usr/src/linux and configure your kernel using one
|
||||
of the available interfaces to enable IP Filter. IP Filter will be presented
|
||||
as a three way choice "y/m/n" - select "m" to enable it. Save your kernel
|
||||
configuration file, rebuild, install and reboot with the new kernel.
|
||||
|
||||
|
|
|
@ -41,8 +41,14 @@ To build a kernel with the IP filter, follow these steps:
|
|||
|
||||
4. build a new kernel
|
||||
|
||||
5. create /dev/ipl with "mknod /dev/ipl c 59 0".
|
||||
(for NetBSD-1.2, use "mknod /dev/ipl c 49 0")
|
||||
5. Create device files. For NetBSD-1.2 (or later), use 49 as the
|
||||
major number. For NetBSD-1.1 or earlier, use 59. Run these
|
||||
commands as root, substituting <major> for the appropriate number:
|
||||
|
||||
mknod /dev/ipl c <major> 0
|
||||
mknod /dev/ipnat c <major> 1
|
||||
mknod /dev/ipstate c <major> 2
|
||||
mknod /dev/ipauth c <major> 3
|
||||
|
||||
** NOTE: both the numbers 49 and 59 should be substituted with
|
||||
whatever number you inserted it into conf.c as.
|
||||
|
@ -50,4 +56,4 @@ To build a kernel with the IP filter, follow these steps:
|
|||
6. install and reboot with the new kernel
|
||||
|
||||
Darren Reed
|
||||
darrenr@cyber.com.au
|
||||
darrenr@pobox.com
|
||||
|
|
|
@ -24,4 +24,4 @@ called "ipf.conf" using touch. The rc scripts have been written to look
|
|||
for the configuration file here, using the installed binaries in /sbin.
|
||||
|
||||
Darren Reed
|
||||
darrenr@cyber.com.au
|
||||
darrenr@pobox.com
|
||||
|
|
|
@ -28,9 +28,13 @@ To install as part of a SunOS 4.1.x kernel:
|
|||
NOTE: This script sets up /dev/ipl as char. device 59,0
|
||||
in /sys/sun/conf.c
|
||||
|
||||
3. Do "mknod /dev/ipl c 59 0" as root.
|
||||
3. Run the following commands as root:
|
||||
mknod /dev/ipl c 59 0
|
||||
mknod /dev/ipnat c 59 1
|
||||
mknod /dev/ipstate c 59 2
|
||||
mknod /dev/ipauth c 59 3
|
||||
|
||||
4. Reboot using the new kernel
|
||||
|
||||
Darren Reed
|
||||
darrenr@cyber.com.au
|
||||
darrenr@pobox.com
|
||||
|
|
|
@ -31,9 +31,14 @@ To build a kernel with the IP filter, follow these steps:
|
|||
|
||||
4. build a new kernel
|
||||
|
||||
5. create /dev/ipl with "mknod /dev/ipl c 59 0".
|
||||
5. create devices for IP Filter as follows (assuming it was
|
||||
installed into the device table as char dev 20):
|
||||
mknod /dev/ipl c 20 0
|
||||
mknod /dev/ipnat c 20 1
|
||||
mknod /dev/ipstate c 20 2
|
||||
mknod /dev/ipauth c 20 3
|
||||
|
||||
6. install and reboot with the new kernel
|
||||
|
||||
Darren
|
||||
darrenr@cyber.com.au
|
||||
darrenr@pobox.com
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# provided that this notice is preserved and due credit is given
|
||||
# to the original author and the contributors.
|
||||
#
|
||||
# $Id: Makefile,v 2.0.2.26.2.5 1997/11/27 09:32:38 darrenr Exp $
|
||||
# $Id: Makefile,v 2.0.2.26.2.10 1998/05/23 05:01:23 darrenr Exp $
|
||||
#
|
||||
BINDEST=/usr/local/bin
|
||||
SBINDEST=/sbin
|
||||
|
@ -88,7 +88,11 @@ freebsd22 freebsd30: include
|
|||
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
|
||||
-rm -f BSD/$(CPUDIR)/ioconf.h
|
||||
@if [ -n $(IPFILKERN) ] ; then \
|
||||
if [ -f /sys/$(IPFILKERN)/compile/ioconf.h ] ; then \
|
||||
ln -s /sys/$(IPFILKERN)/compile/ioconf.h BSD/$(CPUDIR); \
|
||||
else \
|
||||
ln -s /sys/$(IPFILKERN)/ioconf.h BSD/$(CPUDIR); \
|
||||
fi \
|
||||
elif [ ! -f `uname -v|sed -e 's@^.*:\(/[^: ]*\).*@\1@'`/ioconf.h ] ; then \
|
||||
echo -n "Can't find ioconf.h in "; \
|
||||
echo `uname -v|sed -e 's@^.*:\(/[^: ]*\).*@\1@'`; \
|
||||
|
@ -100,41 +104,41 @@ freebsd22 freebsd30: include
|
|||
|
||||
netbsd: include
|
||||
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
|
||||
(cd BSD/$(CPUDIR); make build "TOP=../.." $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c"; cd ..)
|
||||
(cd BSD/$(CPUDIR); make -f Makefile.ipsend "TOP=../.." $(MFLAGS); cd ..)
|
||||
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c"; cd ..)
|
||||
(cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
|
||||
|
||||
openbsd openbsd21: include
|
||||
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
|
||||
(cd BSD/$(CPUDIR); make build "TOP=../.." $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c"; cd ..)
|
||||
(cd BSD/$(CPUDIR); make -f Makefile.ipsend "TOP=../.." $(MFLAGS); cd ..)
|
||||
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c"; cd ..)
|
||||
(cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
|
||||
|
||||
freebsd freebsd20 freebsd21: include
|
||||
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
|
||||
(cd BSD/$(CPUDIR); make build "TOP=../.." $(MFLAGS) "ML=mlf_ipl.c"; cd ..)
|
||||
(cd BSD/$(CPUDIR); make -f Makefile.ipsend "TOP=../.." $(MFLAGS); cd ..)
|
||||
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlf_ipl.c"; cd ..)
|
||||
(cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
|
||||
|
||||
bsd: include
|
||||
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
|
||||
(cd BSD/$(CPUDIR); make build "TOP=../.." $(MFLAGS); cd ..)
|
||||
(cd BSD/$(CPUDIR); make -f Makefile.ipsend "TOP=../.." $(MFLAGS); cd ..)
|
||||
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS); cd ..)
|
||||
(cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
|
||||
|
||||
bsdi bsdos: include
|
||||
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
|
||||
(cd BSD/$(CPUDIR); make build "CC=$(CC)" "TOP=../.." $(MFLAGS) LKM= ; cd ..)
|
||||
(cd BSD/$(CPUDIR); make -f Makefile.ipsend "CC=$(CC)" "TOP=../.." $(MFLAGS); cd ..)
|
||||
(cd BSD/$(CPUDIR); make build "CC=$(CC)" TOP=../.. $(MFLAGS) LKM= ; cd ..)
|
||||
(cd BSD/$(CPUDIR); make -f Makefile.ipsend "CC=$(CC)" TOP=../.. $(MFLAGS); cd ..)
|
||||
|
||||
irix IRIX: include
|
||||
make setup "TARGOS=IRIX" "CPUDIR=$(CPUDIR)"
|
||||
(cd IRIX/$(CPUDIR); smake build "TOP=../.." $(MFLAGS); cd ..)
|
||||
(cd IRIX/$(CPUDIR); make -f Makefile.ipsend "TOP=../.." $(MFLAGS); cd ..)
|
||||
(cd IRIX/$(CPUDIR); smake build TOP=../.. $(MFLAGS); cd ..)
|
||||
(cd IRIX/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
|
||||
|
||||
linux: include
|
||||
make setup "TARGOS=Linux" "CPUDIR=$(CPUDIR)"
|
||||
./buildlinux
|
||||
|
||||
linuxrev:
|
||||
(cd Linux/$(CPUDIR); make build "TOP=../.." $(MFLAGS) LKM= ; cd ..)
|
||||
(cd Linux/$(CPUDIR); make -f Makefile.ipsend "TOP=../.." $(MFLAGS); cd ..)
|
||||
(cd Linux/$(CPUDIR); make build TOP=../.. $(MFLAGS) LKM= ; cd ..)
|
||||
(cd Linux/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..)
|
||||
|
||||
setup:
|
||||
-if [ ! -d $(TARGOS)/$(CPUDIR) ] ; then mkdir $(TARGOS)/$(CPUDIR); fi
|
||||
|
@ -146,8 +150,8 @@ clean:
|
|||
${RM} -rf netinet
|
||||
${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl \
|
||||
vnode_if.h $(LKM)
|
||||
(cd SunOS4; make clean)
|
||||
(cd SunOS5; make clean)
|
||||
if [ "`uname -s`" = "SunOS" ]; then (cd SunOS4; make clean); fi
|
||||
if [ "`uname -s`" = "SunOS" ]; then (cd SunOS5; make clean); fi
|
||||
(cd BSD; make clean)
|
||||
(cd Linux; make clean)
|
||||
if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; make clean); fi
|
||||
|
@ -187,12 +191,16 @@ sunos4 solaris1:
|
|||
(cd SunOS4; make -f Makefile.ipsend "CC=$(CC)" TOP=.. $(MFLAGS); cd ..)
|
||||
|
||||
sunos5 solaris2:
|
||||
(cd SunOS5/$(CPU); make build TOP=../.. "CC=$(CC)" $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Dsparc -D__sparc__"; cd ..)
|
||||
(cd SunOS5/$(CPU); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(MFLAGS); cd ..)
|
||||
(cd SunOS5/$(CPUDIR); make build TOP=../.. "CC=$(CC)" $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Dsparc -D__sparc__"; cd ..)
|
||||
(cd SunOS5/$(CPUDIR); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(MFLAGS); cd ..)
|
||||
|
||||
sunos5x86 solaris2x86:
|
||||
(cd SunOS5/$(CPU); make build TOP=../.. "CC=$(CC)" $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Di86pc -Di386 -D__i386__"; cd ..)
|
||||
(cd SunOS5/$(CPU); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(MFLAGS); cd ..)
|
||||
(cd SunOS5/$(CPUDIR); make build TOP=../.. "CC=$(CC)" $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Di86pc -Di386 -D__i386__"; cd ..)
|
||||
(cd SunOS5/$(CPUDIR); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(MFLAGS); cd ..)
|
||||
|
||||
install-linux:
|
||||
(cd Linux/$(CPUDIR); make install "TOP=../.." $(MFLAGS); cd ..)
|
||||
(cd Linux/$(CPUDIR); make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..)
|
||||
|
||||
install-bsd:
|
||||
(cd BSD/$(CPUDIR); make install "TOP=../.." $(MFLAGS); cd ..)
|
||||
|
|
|
@ -46,7 +46,7 @@ Bugs/Problems
|
|||
-------------
|
||||
If you have a problem with IP Filter on your operating system, please email
|
||||
a copy of the file "BugReport" with the details of your setup as required
|
||||
and email to darrenr@cyber.com.au.
|
||||
and email to darrenr@pobox.com.
|
||||
|
||||
Some general notes.
|
||||
-------------------
|
||||
|
@ -95,4 +95,4 @@ BNF
|
|||
- BNF rule set for the filter rules
|
||||
|
||||
Darren Reed
|
||||
darrenr@cyber.com.au
|
||||
darrenr@pobox.com
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
IP Filter is Year 2000 (Y2K) Compliant.
|
||||
|
||||
Darren
|
|
@ -1,23 +1,24 @@
|
|||
#! /bin/sh
|
||||
# $Id: buildsunos,v 2.0.2.4 1997/05/24 07:32:46 darrenr Exp $
|
||||
# $Id: buildsunos,v 2.0.2.4.2.1 1998/05/21 14:46:04 darrenr Exp $
|
||||
:
|
||||
rev=`uname -r | sed -e 's/^\([^\.]*\)\..*/\1/'`
|
||||
cpu=`uname -m`
|
||||
cpudir=${cpu}-`uname -r`
|
||||
if [ $rev = 5 ] ; then
|
||||
solrev=`uname -r | sh -c 'IFS=. read j n x; echo $n'`
|
||||
mkdir -p SunOS5/${cpu}
|
||||
/bin/rm -f SunOS5/${cpu}/Makefile
|
||||
/bin/rm -f SunOS5/${cpu}/Makefile.ipsend
|
||||
ln -s ../Makefile SunOS5/${cpu}/Makefile
|
||||
ln -s ../Makefile.ipsend SunOS5/${cpu}/Makefile.ipsend
|
||||
mkdir -p SunOS5/${cpudir}
|
||||
/bin/rm -f SunOS5/${cpudir}/Makefile
|
||||
/bin/rm -f SunOS5/${cpudir}/Makefile.ipsend
|
||||
ln -s ../Makefile SunOS5/${cpudir}/Makefile
|
||||
ln -s ../Makefile.ipsend SunOS5/${cpudir}/Makefile.ipsend
|
||||
fi
|
||||
if [ $cpu = i86pc ] ; then
|
||||
make ${1+"$@"} sunos5x86 SOLARIS2="-DSOLARIS2=$solrev" CPU=${cpu}
|
||||
make ${1+"$@"} sunos5x86 SOLARIS2="-DSOLARIS2=$solrev" CPU=${cpu} CPUDIR=${cpudir}
|
||||
exit $?
|
||||
fi
|
||||
if [ x$solrev = x ] ; then
|
||||
make ${1+"$@"} sunos$rev "ARCH=`uname -m`"
|
||||
exit $?
|
||||
fi
|
||||
make ${1+"$@"} sunos$rev SOLARIS2="-DSOLARIS2=$solrev" CPU=${cpu}
|
||||
make ${1+"$@"} sunos$rev SOLARIS2="-DSOLARIS2=$solrev" CPU=${cpu} CPUDIR=${cpudir}
|
||||
exit $?
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
*/
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: fil.c,v 2.0.2.41.2.9 1997/12/02 13:56:06 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: fil.c,v 2.0.2.41.2.14 1998/05/23 19:20:30 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#include <sys/errno.h>
|
||||
|
@ -21,6 +21,7 @@ static const char rcsid[] = "@(#)$Id: fil.c,v 2.0.2.41.2.9 1997/12/02 13:56:06 d
|
|||
#else
|
||||
# include <stdio.h>
|
||||
# include <string.h>
|
||||
# include <stdlib.h>
|
||||
#endif
|
||||
#include <sys/uio.h>
|
||||
#if !defined(__SVR4) && !defined(__svr4__)
|
||||
|
@ -194,6 +195,7 @@ fr_info_t *fin;
|
|||
{
|
||||
struct optlist *op;
|
||||
tcphdr_t *tcp;
|
||||
icmphdr_t *icmp;
|
||||
fr_ip_t *fi = &fin->fin_fi;
|
||||
u_short optmsk = 0, secmsk = 0, auth = 0;
|
||||
int i, mv, ol, off;
|
||||
|
@ -214,6 +216,7 @@ fr_info_t *fin;
|
|||
fin->fin_hlen = hlen;
|
||||
fin->fin_dlen = ip->ip_len - hlen;
|
||||
tcp = (tcphdr_t *)((char *)ip + hlen);
|
||||
icmp = (icmphdr_t *)tcp;
|
||||
fin->fin_dp = (void *)tcp;
|
||||
(*(((u_short *)fi) + 1)) = (*(((u_short *)ip) + 4));
|
||||
(*(((u_32_t *)fi) + 1)) = (*(((u_32_t *)ip) + 3));
|
||||
|
@ -226,12 +229,20 @@ fr_info_t *fin;
|
|||
switch (ip->ip_p)
|
||||
{
|
||||
case IPPROTO_ICMP :
|
||||
if ((!IPMINLEN(ip, icmp) && !off) ||
|
||||
{
|
||||
int minicmpsz = sizeof(struct icmp);
|
||||
|
||||
if (!off && ip->ip_len > ICMP_MINLEN + hlen &&
|
||||
(icmp->icmp_type == ICMP_ECHOREPLY ||
|
||||
icmp->icmp_type == ICMP_UNREACH))
|
||||
minicmpsz = ICMP_MINLEN;
|
||||
if ((!(ip->ip_len >= hlen + minicmpsz) && !off) ||
|
||||
(off && off < sizeof(struct icmp)))
|
||||
fi->fi_fl |= FI_SHORT;
|
||||
if (fin->fin_dlen > 1)
|
||||
fin->fin_data[0] = *(u_short *)tcp;
|
||||
break;
|
||||
}
|
||||
case IPPROTO_TCP :
|
||||
fi->fi_fl |= FI_TCPUDP;
|
||||
if ((!IPMINLEN(ip, tcphdr) && !off) ||
|
||||
|
@ -418,7 +429,7 @@ void *m;
|
|||
off = ip->ip_off & 0x1fff;
|
||||
pass |= (fi->fi_fl << 24);
|
||||
|
||||
if ((fi->fi_fl & FI_TCPUDP) && (fin->fin_dlen > 3) && !off)
|
||||
if ((fi->fi_fl & FI_TCPUDP) && (fin->fin_dlen > 3) && !off)
|
||||
portcmp = 1;
|
||||
|
||||
for (rulen = 0; fr; fr = fr->fr_next, rulen++) {
|
||||
|
@ -475,24 +486,22 @@ void *m;
|
|||
* If a fragment, then only the first has what we're looking
|
||||
* for here...
|
||||
*/
|
||||
if (!portcmp && (fr->fr_dcmp || fr->fr_scmp || fr->fr_tcpf ||
|
||||
fr->fr_tcpfm))
|
||||
continue;
|
||||
if (fi->fi_fl & FI_TCPUDP) {
|
||||
if (portcmp) {
|
||||
if (!fr_tcpudpchk(fr, fin))
|
||||
continue;
|
||||
} else if (fr->fr_dcmp || fr->fr_scmp || fr->fr_tcpf ||
|
||||
fr->fr_tcpfm)
|
||||
if (!fr_tcpudpchk(fr, fin))
|
||||
continue;
|
||||
} else if (fi->fi_p == IPPROTO_ICMP) {
|
||||
if (!off && (fin->fin_dlen > 1)) {
|
||||
if ((fin->fin_data[0] & fr->fr_icmpm) !=
|
||||
fr->fr_icmp) {
|
||||
FR_DEBUG(("i. %#x & %#x != %#x\n",
|
||||
fin->fin_data[0],
|
||||
fr->fr_icmpm, fr->fr_icmp));
|
||||
continue;
|
||||
}
|
||||
} else if (fr->fr_icmpm || fr->fr_icmp)
|
||||
} else if (fr->fr_icmpm || fr->fr_icmp) {
|
||||
if ((fi->fi_p != IPPROTO_ICMP) || off ||
|
||||
(fin->fin_dlen < 2))
|
||||
continue;
|
||||
if ((fin->fin_data[0] & fr->fr_icmpm) != fr->fr_icmp) {
|
||||
FR_DEBUG(("i. %#x & %#x != %#x\n",
|
||||
fin->fin_data[0], fr->fr_icmpm,
|
||||
fr->fr_icmp));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
FR_VERBOSE(("*"));
|
||||
/*
|
||||
|
@ -571,6 +580,15 @@ int out;
|
|||
# endif
|
||||
int up;
|
||||
|
||||
#ifdef M_CANFASTFWD
|
||||
/*
|
||||
* XXX For now, IP Filter and fast-forwarding of cached flows
|
||||
* XXX are mutually exclusive. Eventually, IP Filter should
|
||||
* XXX get a "can-fast-forward" filter rule.
|
||||
*/
|
||||
m->m_flags &= ~M_CANFASTFWD;
|
||||
#endif /* M_CANFASTFWD */
|
||||
|
||||
if ((ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP ||
|
||||
ip->ip_p == IPPROTO_ICMP)) {
|
||||
int plen = 0;
|
||||
|
@ -887,7 +905,7 @@ u_short ipf_cksum(addr, len)
|
|||
register u_short *addr;
|
||||
register int len;
|
||||
{
|
||||
register u_long sum = 0;
|
||||
register u_32_t sum = 0;
|
||||
|
||||
for (sum = 0; len > 1; len -= 2)
|
||||
sum += *addr++;
|
||||
|
@ -920,7 +938,7 @@ int len;
|
|||
u_char c[2];
|
||||
u_short s;
|
||||
} bytes;
|
||||
u_long sum;
|
||||
u_32_t sum;
|
||||
u_short *sp;
|
||||
# if SOLARIS || defined(__sgi)
|
||||
int add, hlen;
|
||||
|
@ -1019,7 +1037,7 @@ int len;
|
|||
#endif /* SOLARIS */
|
||||
if (len < 2)
|
||||
break;
|
||||
if((u_long)sp & 1) {
|
||||
if((u_32_t)sp & 1) {
|
||||
bcopy((char *)sp++, (char *)&bytes.s, sizeof(bytes.s));
|
||||
sum += bytes.s;
|
||||
} else
|
||||
|
@ -1073,7 +1091,7 @@ nodata:
|
|||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
|
||||
* $Id: fil.c,v 2.0.2.41.2.9 1997/12/02 13:56:06 darrenr Exp $
|
||||
* $Id: fil.c,v 2.0.2.41.2.14 1998/05/23 19:20:30 darrenr Exp $
|
||||
*/
|
||||
/*
|
||||
* Copy data from an mbuf chain starting "off" bytes from the beginning,
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* to the original author and the contributors.
|
||||
*/
|
||||
#if !defined(lint)
|
||||
static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.0.2.21.2.2 1997/11/12 10:45:51 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.0.2.21.2.3 1998/04/08 13:43:29 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#if !defined(_KERNEL) && !defined(KERNEL)
|
||||
|
@ -86,6 +86,9 @@ extern struct ifqueue ipintrq; /* ip packet input queue */
|
|||
#include "netinet/ip_auth.h"
|
||||
#if !SOLARIS && !defined(linux)
|
||||
# include <net/netisr.h>
|
||||
# ifdef __FreeBSD__
|
||||
# include <machine/cpufunc.h>
|
||||
# endif
|
||||
#endif
|
||||
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* to the original author and the contributors.
|
||||
*
|
||||
* @(#)ip_compat.h 1.8 1/14/96
|
||||
* $Id: ip_compat.h,v 2.0.2.31.2.8 1997/12/02 13:42:52 darrenr Exp $
|
||||
* $Id: ip_compat.h,v 2.0.2.31.2.11 1998/05/23 14:29:36 darrenr Exp $
|
||||
*/
|
||||
|
||||
#ifndef __IP_COMPAT_H__
|
||||
|
@ -123,7 +123,7 @@ typedef unsigned int u_32_t;
|
|||
# else
|
||||
typedef unsigned long u_32_t;
|
||||
# endif
|
||||
#endif /* __NetBSD__ || __OpenBSD__ || __FreeBSD__ */
|
||||
#endif /* __NetBSD__ || __OpenBSD__ || __FreeBSD__ || __sgi */
|
||||
|
||||
#ifndef MAX
|
||||
#define MAX(a,b) (((a) > (b)) ? (a) : (b))
|
||||
|
@ -369,6 +369,9 @@ typedef struct mbuf mb_t;
|
|||
* not be in other places or maybe one day linux will grow up and some
|
||||
* of these will turn up there too.
|
||||
*/
|
||||
#ifndef ICMP_MINLEN
|
||||
# define ICMP_MINLEN 8
|
||||
#endif
|
||||
#ifndef ICMP_UNREACH
|
||||
# define ICMP_UNREACH ICMP_DEST_UNREACH
|
||||
#endif
|
||||
|
@ -680,6 +683,12 @@ typedef struct uio {
|
|||
# undef UINT_MAX
|
||||
# undef LONG_MAX
|
||||
# undef ULONG_MAX
|
||||
# define s8 __s8
|
||||
# define u8 __u8
|
||||
# define s16 __s16
|
||||
# define u16 __u16
|
||||
# define s32 __s32
|
||||
# define u32 __u32
|
||||
# include <linux/netdevice.h>
|
||||
# undef __KERNEL__
|
||||
# endif
|
||||
|
@ -714,4 +723,5 @@ struct ether_addr {
|
|||
#ifndef ICMP_ROUTERSOLICIT
|
||||
# define ICMP_ROUTERSOLICIT 10
|
||||
#endif
|
||||
|
||||
#endif /* __IP_COMPAT_H__ */
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
*/
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.0.2.44.2.5 1997/11/24 10:02:02 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.0.2.44.2.7 1998/05/03 10:55:49 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#ifndef SOLARIS
|
||||
|
@ -164,7 +164,7 @@ struct devsw iplsw = {
|
|||
};
|
||||
#endif /* _BSDI_VERSION >= 199510 && _KERNEL */
|
||||
|
||||
#if defined(__NetBSD__) || defined(__OpenBSD__)
|
||||
#if defined(__NetBSD__) || defined(__OpenBSD__) || (_BSDI_VERSION >= 199701)
|
||||
# include <sys/conf.h>
|
||||
# if defined(NETBSD_PF)
|
||||
# include <net/pfil.h>
|
||||
|
@ -933,7 +933,8 @@ frdest_t *fdp;
|
|||
if (ro->ro_rt->rt_flags & RTF_GATEWAY)
|
||||
dst = (struct sockaddr_in *)&ro->ro_rt->rt_gateway;
|
||||
}
|
||||
ro->ro_rt->rt_use++;
|
||||
if (ro->ro_rt)
|
||||
ro->ro_rt->rt_use++;
|
||||
|
||||
/*
|
||||
* For input packets which are being "fastrouted", they won't
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* to the original author and the contributors.
|
||||
*
|
||||
* @(#)ip_fil.h 1.35 6/5/96
|
||||
* $Id: ip_fil.h,v 2.0.2.39.2.10 1997/12/03 10:02:30 darrenr Exp $
|
||||
* $Id: ip_fil.h,v 2.0.2.39.2.11 1998/05/23 14:29:37 darrenr Exp $
|
||||
*/
|
||||
|
||||
#ifndef __IP_FIL_H__
|
||||
|
@ -518,4 +518,5 @@ extern int iplused[IPL_LOGMAX + 1];
|
|||
extern struct frentry *ipfilter[2][2], *ipacct[2][2];
|
||||
extern struct frgroup *ipfgroups[3][2];
|
||||
extern struct filterstats frstats[];
|
||||
|
||||
#endif /* __IP_FIL_H__ */
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* to the original author and the contributors.
|
||||
*
|
||||
* @(#)ip_frag.h 1.5 3/24/96
|
||||
* $Id: ip_frag.h,v 2.0.2.12 1997/10/23 14:56:01 darrenr Exp $
|
||||
* $Id: ip_frag.h,v 2.0.2.12.2.1 1998/05/23 14:29:39 darrenr Exp $
|
||||
*/
|
||||
|
||||
#ifndef __IP_FRAG_H__
|
||||
|
@ -55,4 +55,5 @@ extern void ipfr_slowtimer __P((void));
|
|||
#else
|
||||
extern int ipfr_slowtimer __P((void));
|
||||
#endif
|
||||
|
||||
#endif /* __IP_FIL_H__ */
|
||||
|
|
|
@ -54,18 +54,18 @@ tcphdr_t *tcp;
|
|||
ap_session_t *aps;
|
||||
nat_t *nat;
|
||||
{
|
||||
u_long sum1, sum2;
|
||||
u_32_t sum1, sum2;
|
||||
short sel;
|
||||
|
||||
if (tcp->th_sport == aps->aps_dport) {
|
||||
sum2 = (u_long)ntohl(tcp->th_ack);
|
||||
sum2 = (u_32_t)ntohl(tcp->th_ack);
|
||||
sel = aps->aps_sel;
|
||||
if ((aps->aps_after[!sel] > aps->aps_after[sel]) &&
|
||||
(sum2 > aps->aps_after[!sel])) {
|
||||
sel = aps->aps_sel = !sel; /* switch to other set */
|
||||
}
|
||||
if (aps->aps_seqoff[sel] && (sum2 > aps->aps_after[sel])) {
|
||||
sum1 = (u_long)aps->aps_seqoff[sel];
|
||||
sum1 = (u_32_t)aps->aps_seqoff[sel];
|
||||
tcp->th_ack = htonl(sum2 - sum1);
|
||||
return 2;
|
||||
}
|
||||
|
@ -110,7 +110,7 @@ tcphdr_t *tcp;
|
|||
ap_session_t *aps;
|
||||
nat_t *nat;
|
||||
{
|
||||
register u_long sum1, sum2;
|
||||
register u_32_t sum1, sum2;
|
||||
char newbuf[IPF_MAXPORTLEN+1];
|
||||
char portbuf[IPF_MAXPORTLEN+1], *s;
|
||||
int ch = 0, off = (ip->ip_hl << 2) + (tcp->th_off << 2);
|
||||
|
@ -243,17 +243,17 @@ nat_t *nat;
|
|||
|
||||
adjust_seqack:
|
||||
if (tcp->th_dport == aps->aps_dport) {
|
||||
sum2 = (u_long)ntohl(tcp->th_seq);
|
||||
sum2 = (u_32_t)ntohl(tcp->th_seq);
|
||||
off = aps->aps_sel;
|
||||
if ((aps->aps_after[!off] > aps->aps_after[off]) &&
|
||||
(sum2 > aps->aps_after[!off])) {
|
||||
off = aps->aps_sel = !off; /* switch to other set */
|
||||
}
|
||||
if (aps->aps_seqoff[off]) {
|
||||
sum1 = (u_long)aps->aps_after[off] -
|
||||
sum1 = (u_32_t)aps->aps_after[off] -
|
||||
aps->aps_seqoff[off];
|
||||
if (sum2 > sum1) {
|
||||
sum1 = (u_long)aps->aps_seqoff[off];
|
||||
sum1 = (u_32_t)aps->aps_seqoff[off];
|
||||
sum2 += sum1;
|
||||
tcp->th_seq = htonl(sum2);
|
||||
ch = 1;
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
*/
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.0.2.44.2.7 1997/12/02 13:54:27 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.0.2.44.2.10 1998/05/23 19:05:29 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
|
||||
|
@ -130,10 +130,10 @@ static int nat_ifpaddr __P((nat_t *, void *, struct in_addr *));
|
|||
|
||||
void fix_outcksum(sp, n)
|
||||
u_short *sp;
|
||||
u_long n;
|
||||
u_32_t n;
|
||||
{
|
||||
register u_short sumshort;
|
||||
register u_long sum1;
|
||||
register u_32_t sum1;
|
||||
|
||||
if (!n)
|
||||
return;
|
||||
|
@ -149,10 +149,10 @@ u_long n;
|
|||
|
||||
void fix_incksum(sp, n)
|
||||
u_short *sp;
|
||||
u_long n;
|
||||
u_32_t n;
|
||||
{
|
||||
register u_short sumshort;
|
||||
register u_long sum1;
|
||||
register u_32_t sum1;
|
||||
|
||||
if (!n)
|
||||
return;
|
||||
|
@ -456,7 +456,7 @@ struct in_addr *inp;
|
|||
struct in_addr in;
|
||||
|
||||
#if SOLARIS
|
||||
in.s_addr = ill->ill_ipif->ipif_local_addr;
|
||||
in.s_addr = ntohl(ill->ill_ipif->ipif_local_addr);
|
||||
#else /* SOLARIS */
|
||||
# if linux
|
||||
;
|
||||
|
@ -521,7 +521,7 @@ fr_info_t *fin;
|
|||
u_short flags;
|
||||
int direction;
|
||||
{
|
||||
register u_long sum1, sum2, sumd, l;
|
||||
register u_32_t sum1, sum2, sumd, l;
|
||||
u_short port = 0, sport = 0, dport = 0, nport = 0;
|
||||
struct in_addr in;
|
||||
tcphdr_t *tcp = NULL;
|
||||
|
@ -779,7 +779,7 @@ int *nflags;
|
|||
*/
|
||||
if (flags & IPN_TCPUDP) {
|
||||
tcphdr_t *tcp = (tcphdr_t *)(oip + 1);
|
||||
u_long sum1, sum2, sumd;
|
||||
u_32_t sum1, sum2, sumd;
|
||||
struct in_addr in;
|
||||
|
||||
if (nat->nat_dir == NAT_OUTBOUND) {
|
||||
|
@ -964,7 +964,7 @@ int hlen;
|
|||
fr_info_t *fin;
|
||||
{
|
||||
register ipnat_t *np;
|
||||
register u_long ipa;
|
||||
register u_32_t ipa;
|
||||
tcphdr_t *tcp = NULL;
|
||||
u_short nflags = 0, sport = 0, dport = 0, *csump = NULL;
|
||||
struct ifnet *ifp;
|
||||
|
@ -1281,7 +1281,7 @@ void *ifp;
|
|||
#endif
|
||||
{
|
||||
register nat_t *nat;
|
||||
register u_long sum1, sum2, sumd;
|
||||
register u_32_t sum1, sum2, sumd;
|
||||
struct in_addr in;
|
||||
ipnat_t *np;
|
||||
#if defined(_KERNEL) && !SOLARIS
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* to the original author and the contributors.
|
||||
*
|
||||
* @(#)ip_nat.h 1.5 2/4/96
|
||||
* $Id: ip_nat.h,v 2.0.2.23.2.1 1997/11/05 11:08:18 darrenr Exp $
|
||||
* $Id: ip_nat.h,v 2.0.2.23.2.3 1998/05/23 18:52:44 darrenr Exp $
|
||||
*/
|
||||
|
||||
#ifndef __IP_NAT_H__
|
||||
|
@ -44,8 +44,8 @@
|
|||
typedef struct nat {
|
||||
u_long nat_age;
|
||||
int nat_flags;
|
||||
u_long nat_sumd;
|
||||
u_long nat_ipsumd;
|
||||
u_32_t nat_sumd;
|
||||
u_32_t nat_ipsumd;
|
||||
void *nat_data;
|
||||
struct in_addr nat_inip;
|
||||
struct in_addr nat_outip;
|
||||
|
@ -175,6 +175,7 @@ extern int ip_natout __P((ip_t *, int, fr_info_t *));
|
|||
extern int ip_natin __P((ip_t *, int, fr_info_t *));
|
||||
extern void ip_natunload __P((void)), ip_natexpire __P((void));
|
||||
extern void nat_log __P((struct nat *, u_short));
|
||||
extern void fix_incksum __P((u_short *, u_long));
|
||||
extern void fix_outcksum __P((u_short *, u_long));
|
||||
extern void fix_incksum __P((u_short *, u_32_t));
|
||||
extern void fix_outcksum __P((u_short *, u_32_t));
|
||||
|
||||
#endif /* __IP_NAT_H__ */
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* to the original author and the contributors.
|
||||
*/
|
||||
#if !defined(lint)
|
||||
static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.0.2.11.2.6 1997/11/28 00:41:25 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.0.2.11.2.7 1998/05/18 11:15:22 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
|
||||
|
@ -111,15 +111,37 @@ ipnat_t *nat;
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
ap_matchsrcdst(aps, src, dst, tcp, sport, dport)
|
||||
ap_session_t *aps;
|
||||
struct in_addr src, dst;
|
||||
void *tcp;
|
||||
u_short sport, dport;
|
||||
{
|
||||
if (aps->aps_dst.s_addr == dst.s_addr) {
|
||||
if ((aps->aps_src.s_addr == src.s_addr) &&
|
||||
(!tcp || (sport == aps->aps_sport) &&
|
||||
(dport == aps->aps_dport)))
|
||||
return 1;
|
||||
} else if (aps->aps_dst.s_addr == src.s_addr) {
|
||||
if ((aps->aps_src.s_addr == dst.s_addr) &&
|
||||
(!tcp || (sport == aps->aps_dport) &&
|
||||
(dport == aps->aps_sport)))
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static ap_session_t *ap_find(ip, tcp)
|
||||
ip_t *ip;
|
||||
tcphdr_t *tcp;
|
||||
{
|
||||
struct in_addr src, dst;
|
||||
register u_long hv;
|
||||
register u_short sp, dp;
|
||||
register ap_session_t *aps;
|
||||
register u_char p = ip->ip_p;
|
||||
register ap_session_t *aps;
|
||||
register u_short sp, dp;
|
||||
register u_long hv;
|
||||
struct in_addr src, dst;
|
||||
|
||||
src = ip->ip_src, dst = ip->ip_dst;
|
||||
sp = dp = 0; /* XXX gcc -Wunitialized */
|
||||
|
@ -136,14 +158,8 @@ tcphdr_t *tcp;
|
|||
|
||||
for (aps = ap_sess_tab[hv]; aps; aps = aps->aps_next)
|
||||
if ((aps->aps_p == p) &&
|
||||
IPPAIR(aps->aps_src, aps->aps_dst, src, dst)) {
|
||||
if (tcp) {
|
||||
if (PAIRS(aps->aps_sport, aps->aps_dport,
|
||||
sp, dp))
|
||||
break;
|
||||
} else
|
||||
break;
|
||||
}
|
||||
ap_matchsrcdst(aps, src, dst, tcp, sp, dp))
|
||||
break;
|
||||
return aps;
|
||||
}
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
*/
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.0.2.24.2.4 1997/11/19 11:44:09 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.0.2.24.2.14 1998/05/24 03:53:04 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#if !defined(_KERNEL) && !defined(KERNEL) && !defined(__KERNEL__)
|
||||
|
@ -85,6 +85,11 @@ ips_stat_t ips_stats;
|
|||
extern kmutex_t ipf_state;
|
||||
#endif
|
||||
|
||||
static int fr_matchsrcdst __P((ipstate_t *, struct in_addr, struct in_addr,
|
||||
fr_info_t *, void *, u_short, u_short));
|
||||
static int fr_state_flush __P((int));
|
||||
static ips_stat_t *fr_statetstats __P((void));
|
||||
|
||||
|
||||
#define FIVE_DAYS (2 * 5 * 86400) /* 5 days: half closed session */
|
||||
|
||||
|
@ -97,7 +102,7 @@ u_long fr_tcpidletimeout = FIVE_DAYS,
|
|||
fr_icmptimeout = 120;
|
||||
|
||||
|
||||
ips_stat_t *fr_statetstats()
|
||||
static ips_stat_t *fr_statetstats()
|
||||
{
|
||||
ips_stats.iss_active = ips_num;
|
||||
ips_stats.iss_table = ips_table;
|
||||
|
@ -111,7 +116,7 @@ ips_stat_t *fr_statetstats()
|
|||
* which == 1 : flush TCP connections which have started to close but are
|
||||
* stuck for some reason.
|
||||
*/
|
||||
int fr_state_flush(which)
|
||||
static int fr_state_flush(which)
|
||||
int which;
|
||||
{
|
||||
register int i;
|
||||
|
@ -134,10 +139,10 @@ int which;
|
|||
break;
|
||||
case 1 :
|
||||
if ((is->is_p == IPPROTO_TCP) &&
|
||||
((is->is_state[0] <= TCPS_ESTABLISHED) &&
|
||||
(is->is_state[1] > TCPS_ESTABLISHED)) ||
|
||||
((is->is_state[1] <= TCPS_ESTABLISHED) &&
|
||||
(is->is_state[0] > TCPS_ESTABLISHED)))
|
||||
(((is->is_state[0] <= TCPS_ESTABLISHED) &&
|
||||
(is->is_state[1] > TCPS_ESTABLISHED)) ||
|
||||
((is->is_state[1] <= TCPS_ESTABLISHED) &&
|
||||
(is->is_state[0] > TCPS_ESTABLISHED))))
|
||||
delete = 1;
|
||||
break;
|
||||
}
|
||||
|
@ -237,7 +242,7 @@ u_int pass;
|
|||
switch (ic->icmp_type)
|
||||
{
|
||||
case ICMP_ECHO :
|
||||
is->is_icmp.ics_type = 0;
|
||||
is->is_icmp.ics_type = ICMP_ECHOREPLY; /* XXX */
|
||||
hv += (is->is_icmp.ics_id = ic->icmp_id);
|
||||
hv += (is->is_icmp.ics_seq = ic->icmp_seq);
|
||||
break;
|
||||
|
@ -301,11 +306,33 @@ u_int pass;
|
|||
bcopy((char *)&ips, (char *)is, sizeof(*is));
|
||||
hv %= IPSTATE_SIZE;
|
||||
MUTEX_ENTER(&ipf_state);
|
||||
is->is_next = ips_table[hv];
|
||||
ips_table[hv] = is;
|
||||
|
||||
is->is_pass = pass;
|
||||
is->is_pkts = 1;
|
||||
is->is_bytes = ip->ip_len;
|
||||
/*
|
||||
* Copy these from the rule itself.
|
||||
*/
|
||||
is->is_opt = fin->fin_fr->fr_ip.fi_optmsk;
|
||||
is->is_optmsk = fin->fin_fr->fr_mip.fi_optmsk;
|
||||
is->is_sec = fin->fin_fr->fr_ip.fi_secmsk;
|
||||
is->is_secmsk = fin->fin_fr->fr_mip.fi_secmsk;
|
||||
is->is_auth = fin->fin_fr->fr_ip.fi_auth;
|
||||
is->is_authmsk = fin->fin_fr->fr_mip.fi_auth;
|
||||
is->is_flags = fin->fin_fr->fr_ip.fi_fl;
|
||||
is->is_flags |= fin->fin_fr->fr_mip.fi_fl << 4;
|
||||
/*
|
||||
* add into table.
|
||||
*/
|
||||
is->is_next = ips_table[hv];
|
||||
ips_table[hv] = is;
|
||||
if (fin->fin_out) {
|
||||
is->is_ifpin = NULL;
|
||||
is->is_ifpout = fin->fin_ifp;
|
||||
} else {
|
||||
is->is_ifpin = fin->fin_ifp;
|
||||
is->is_ifpout = NULL;
|
||||
}
|
||||
if (pass & FR_LOGFIRST)
|
||||
is->is_pass &= ~(FR_LOGFIRST|FR_LOG);
|
||||
ips_num++;
|
||||
|
@ -324,12 +351,11 @@ u_int pass;
|
|||
* change timeout depending on whether new packet is a SYN-ACK returning for a
|
||||
* SYN or a RST or FIN which indicate time to close up shop.
|
||||
*/
|
||||
int fr_tcpstate(is, fin, ip, tcp, sport)
|
||||
int fr_tcpstate(is, fin, ip, tcp)
|
||||
register ipstate_t *is;
|
||||
fr_info_t *fin;
|
||||
ip_t *ip;
|
||||
tcphdr_t *tcp;
|
||||
u_short sport;
|
||||
{
|
||||
register int seqskew, ackskew;
|
||||
register u_short swin, dwin;
|
||||
|
@ -341,7 +367,7 @@ u_short sport;
|
|||
*/
|
||||
seq = ntohl(tcp->th_seq);
|
||||
ack = ntohl(tcp->th_ack);
|
||||
source = (sport == is->is_sport);
|
||||
source = (ip->ip_src.s_addr == is->is_src.s_addr);
|
||||
|
||||
if (!(tcp->th_flags & TH_ACK)) /* Pretend an ack was sent */
|
||||
ack = source ? is->is_ack : is->is_seq;
|
||||
|
@ -385,7 +411,7 @@ u_short sport;
|
|||
swin = is->is_dwin;
|
||||
}
|
||||
|
||||
if ((seqskew <= swin) && (ackskew <= dwin)) {
|
||||
if ((seqskew <= dwin) && (ackskew <= swin)) {
|
||||
if (source) {
|
||||
is->is_seq = seq;
|
||||
is->is_ack = ack;
|
||||
|
@ -401,14 +427,81 @@ u_short sport;
|
|||
/*
|
||||
* Nearing end of connection, start timeout.
|
||||
*/
|
||||
fr_tcp_age(&is->is_age, is->is_state, ip, fin,
|
||||
tcp->th_sport == is->is_sport);
|
||||
fr_tcp_age(&is->is_age, is->is_state, ip, fin, source);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int fr_matchsrcdst(is, src, dst, fin, tcp, sp, dp)
|
||||
ipstate_t *is;
|
||||
struct in_addr src, dst;
|
||||
fr_info_t *fin;
|
||||
void *tcp;
|
||||
u_short sp, dp;
|
||||
{
|
||||
int ret = 0, rev, out;
|
||||
void *ifp;
|
||||
|
||||
rev = (is->is_dst.s_addr != dst.s_addr);
|
||||
ifp = fin->fin_ifp;
|
||||
out = fin->fin_out;
|
||||
|
||||
if (!rev) {
|
||||
if (out) {
|
||||
if (!is->is_ifpout)
|
||||
is->is_ifpout = ifp;
|
||||
} else {
|
||||
if (!is->is_ifpin)
|
||||
is->is_ifpin = ifp;
|
||||
}
|
||||
} else {
|
||||
if (out) {
|
||||
if (!is->is_ifpin)
|
||||
is->is_ifpin = ifp;
|
||||
} else {
|
||||
if (!is->is_ifpout)
|
||||
is->is_ifpout = ifp;
|
||||
}
|
||||
}
|
||||
|
||||
if (!rev) {
|
||||
if (((out && is->is_ifpout == ifp) ||
|
||||
(!out && is->is_ifpin == ifp)) &&
|
||||
(is->is_dst.s_addr == dst.s_addr) &&
|
||||
(is->is_src.s_addr == src.s_addr) &&
|
||||
(!tcp || (sp == is->is_sport) &&
|
||||
(dp == is->is_dport))) {
|
||||
ret = 1;
|
||||
}
|
||||
} else {
|
||||
if (((out && is->is_ifpin == ifp) ||
|
||||
(!out && is->is_ifpout == ifp)) &&
|
||||
(is->is_dst.s_addr == src.s_addr) &&
|
||||
(is->is_src.s_addr == dst.s_addr) &&
|
||||
(!tcp || (sp == is->is_dport) &&
|
||||
(dp == is->is_sport))) {
|
||||
ret = 1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Whether or not this should be here, is questionable, but the aim
|
||||
* is to get this out of the main line.
|
||||
*/
|
||||
if (ret) {
|
||||
if (((fin->fin_fi.fi_optmsk & is->is_optmsk) != is->is_opt) ||
|
||||
((fin->fin_fi.fi_secmsk & is->is_secmsk) != is->is_sec) ||
|
||||
((fin->fin_fi.fi_auth & is->is_authmsk) != is->is_auth) ||
|
||||
((fin->fin_fi.fi_fl & (is->is_flags >> 4)) !=
|
||||
(is->is_flags & 0xf)))
|
||||
ret = 0;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Check if a packet has a registered state.
|
||||
*/
|
||||
|
@ -447,13 +540,8 @@ fr_info_t *fin;
|
|||
if ((is->is_p == pr) &&
|
||||
(ic->icmp_id == is->is_icmp.ics_id) &&
|
||||
(ic->icmp_seq == is->is_icmp.ics_seq) &&
|
||||
IPPAIR(src, dst, is->is_src, is->is_dst)) {
|
||||
/*
|
||||
* If we have type 0 stored, allow any icmp
|
||||
* replies through.
|
||||
*/
|
||||
if (is->is_icmp.ics_type &&
|
||||
is->is_icmp.ics_type != ic->icmp_type)
|
||||
fr_matchsrcdst(is, src, dst, fin, NULL, 0, 0)) {
|
||||
if (is->is_icmp.ics_type != ic->icmp_type)
|
||||
continue;
|
||||
is->is_age = fr_icmptimeout;
|
||||
is->is_pkts++;
|
||||
|
@ -473,11 +561,11 @@ fr_info_t *fin;
|
|||
hv += sport;
|
||||
hv %= IPSTATE_SIZE;
|
||||
MUTEX_ENTER(&ipf_state);
|
||||
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_next) {
|
||||
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_next)
|
||||
if ((is->is_p == pr) &&
|
||||
PAIRS(sport, dport, is->is_sport, is->is_dport) &&
|
||||
IPPAIR(src, dst, is->is_src, is->is_dst))
|
||||
if (fr_tcpstate(is, fin, ip, tcp, sport)) {
|
||||
fr_matchsrcdst(is, src, dst, fin, tcp,
|
||||
sport, dport)) {
|
||||
if (fr_tcpstate(is, fin, ip, tcp)) {
|
||||
pass = is->is_pass;
|
||||
#ifdef _KERNEL
|
||||
MUTEX_EXIT(&ipf_state);
|
||||
|
@ -491,7 +579,7 @@ fr_info_t *fin;
|
|||
#endif
|
||||
return pass;
|
||||
}
|
||||
}
|
||||
}
|
||||
MUTEX_EXIT(&ipf_state);
|
||||
break;
|
||||
}
|
||||
|
@ -508,8 +596,8 @@ fr_info_t *fin;
|
|||
MUTEX_ENTER(&ipf_state);
|
||||
for (is = ips_table[hv]; is; is = is->is_next)
|
||||
if ((is->is_p == pr) &&
|
||||
PAIRS(sport, dport, is->is_sport, is->is_dport) &&
|
||||
IPPAIR(src, dst, is->is_src, is->is_dst)) {
|
||||
fr_matchsrcdst(is, src, dst, fin,
|
||||
tcp, sport, dport)) {
|
||||
ips_stats.iss_hits++;
|
||||
is->is_pkts++;
|
||||
is->is_bytes += ip->ip_len;
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* to the original author and the contributors.
|
||||
*
|
||||
* @(#)ip_state.h 1.3 1/12/96 (C) 1995 Darren Reed
|
||||
* $Id: ip_state.h,v 2.0.2.14.2.1 1997/11/06 21:23:15 darrenr Exp $
|
||||
* $Id: ip_state.h,v 2.0.2.14.2.6 1998/05/24 05:18:04 darrenr Exp $
|
||||
*/
|
||||
#ifndef __IP_STATE_H__
|
||||
#define __IP_STATE_H__
|
||||
|
@ -47,10 +47,18 @@ typedef struct ipstate {
|
|||
u_int is_pass;
|
||||
U_QUAD_T is_pkts;
|
||||
U_QUAD_T is_bytes;
|
||||
void *is_ifpin;
|
||||
void *is_ifpout;
|
||||
struct in_addr is_src;
|
||||
struct in_addr is_dst;
|
||||
u_char is_p;
|
||||
u_char is_flags;
|
||||
u_32_t is_opt;
|
||||
u_32_t is_optmsk;
|
||||
u_short is_sec;
|
||||
u_short is_secmsk;
|
||||
u_short is_auth;
|
||||
u_short is_authmsk;
|
||||
union {
|
||||
icmpstate_t is_ics;
|
||||
tcpstate_t is_ts;
|
||||
|
@ -120,14 +128,11 @@ extern u_long fr_tcptimeout;
|
|||
extern u_long fr_tcpclosed;
|
||||
extern u_long fr_udptimeout;
|
||||
extern u_long fr_icmptimeout;
|
||||
extern int fr_tcpstate __P((ipstate_t *, fr_info_t *, ip_t *,
|
||||
tcphdr_t *, u_short));
|
||||
extern ips_stat_t *fr_statetstats __P((void));
|
||||
extern int fr_tcpstate __P((ipstate_t *, fr_info_t *, ip_t *, tcphdr_t *));
|
||||
extern int fr_addstate __P((ip_t *, fr_info_t *, u_int));
|
||||
extern int fr_checkstate __P((ip_t *, fr_info_t *));
|
||||
extern void fr_timeoutstate __P((void));
|
||||
extern void fr_tcp_age __P((u_long *, u_char *, ip_t *, fr_info_t *, int));
|
||||
extern int fr_state_flush __P((int));
|
||||
extern void fr_stateunload __P((void));
|
||||
extern void ipstate_log __P((struct ipstate *, u_short));
|
||||
#if defined(__NetBSD__) || defined(__OpenBSD__)
|
||||
|
@ -135,4 +140,5 @@ extern int fr_state_ioctl __P((caddr_t, u_long, int));
|
|||
#else
|
||||
extern int fr_state_ioctl __P((caddr_t, int, int));
|
||||
#endif
|
||||
|
||||
#endif /* __IP_STATE_H__ */
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.0.2.13.2.2 1997/11/06 21:23:36 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.0.2.13.2.4 1998/05/23 14:29:44 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
static void frsync __P((void));
|
||||
|
@ -204,12 +204,10 @@ char *name, *file;
|
|||
exit(1);
|
||||
}
|
||||
|
||||
while (getline(line, sizeof(line)-1, fp)) {
|
||||
while (getline(line, sizeof(line), fp)) {
|
||||
/*
|
||||
* treat both CR and LF as EOL
|
||||
* treat CR as EOL. LF is converted to NUL by getline().
|
||||
*/
|
||||
if ((s = index(line, '\n')))
|
||||
*s = '\0';
|
||||
if ((s = index(line, '\r')))
|
||||
*s = '\0';
|
||||
/*
|
||||
|
@ -222,7 +220,7 @@ char *name, *file;
|
|||
continue;
|
||||
|
||||
if (opts & OPT_VERBOSE)
|
||||
(void)fprintf(stderr, "[%s]\n",line);
|
||||
(void)fprintf(stderr, "[%s]\n", line);
|
||||
|
||||
fr = parse(line);
|
||||
(void)fflush(stdout);
|
||||
|
@ -269,24 +267,34 @@ char *name, *file;
|
|||
}
|
||||
}
|
||||
}
|
||||
if (ferror(fp) || !feof(fp)) {
|
||||
fprintf(stderr, "%s: %s: file error or line too long\n",
|
||||
name, file);
|
||||
exit(1);
|
||||
}
|
||||
(void)fclose(fp);
|
||||
}
|
||||
|
||||
/*
|
||||
* Similar to fgets(3) but can handle '\\'
|
||||
* Similar to fgets(3) but can handle '\\' and NL is converted to NUL.
|
||||
* Returns NULL if error occured, EOF encounterd or input line is too long.
|
||||
*/
|
||||
static char *getline(str, size, file)
|
||||
register char *str;
|
||||
size_t size;
|
||||
FILE *file;
|
||||
{
|
||||
register char *p;
|
||||
register int len;
|
||||
char *p;
|
||||
int s, len;
|
||||
|
||||
do {
|
||||
for (p = str; ; p += strlen(p) - 1) {
|
||||
if (!fgets(p, size, file))
|
||||
return(NULL);
|
||||
for (p = str, s = size;; p += len, s -= len) {
|
||||
/*
|
||||
* if an error occured, EOF was encounterd, or there
|
||||
* was no room to put NUL, return NULL.
|
||||
*/
|
||||
if (fgets(p, s, file) == NULL)
|
||||
return (NULL);
|
||||
len = strlen(p);
|
||||
p[len - 1] = '\0';
|
||||
if (p[len - 1] != '\\')
|
||||
|
@ -294,7 +302,7 @@ FILE *file;
|
|||
size -= len;
|
||||
}
|
||||
} while (*str == '\0' || *str == '\n');
|
||||
return(str);
|
||||
return (str);
|
||||
}
|
||||
|
||||
|
||||
|
@ -398,7 +406,9 @@ static void swapactive()
|
|||
|
||||
static void frsync()
|
||||
{
|
||||
if (opendevice(ipfname) != -2 && ioctl(fd, SIOCFRSYN, 0) == -1)
|
||||
int frsyn = 0;
|
||||
|
||||
if (opendevice(ipfname) != -2 && ioctl(fd, SIOCFRSYN, &frsyn) == -1)
|
||||
perror("SIOCFRSYN");
|
||||
else
|
||||
printf("filter sync'd\n");
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.0.2.11.2.1 1997/11/12 10:56:11 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.0.2.11.2.3 1998/05/23 19:20:32 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
extern int opts;
|
||||
|
@ -62,7 +62,7 @@ struct ipread iptext = { text_open, text_close, text_readip };
|
|||
static FILE *tfp = NULL;
|
||||
static int tfd = -1;
|
||||
|
||||
static u_long tx_hostnum __P((char *, int *));
|
||||
static u_32_t tx_hostnum __P((char *, int *));
|
||||
static u_short tx_portnum __P((char *));
|
||||
|
||||
|
||||
|
@ -70,7 +70,7 @@ static u_short tx_portnum __P((char *));
|
|||
* returns an ip address as a long var as a result of either a DNS lookup or
|
||||
* straight inet_addr() call
|
||||
*/
|
||||
static u_long tx_hostnum(host, resolved)
|
||||
static u_32_t tx_hostnum(host, resolved)
|
||||
char *host;
|
||||
int *resolved;
|
||||
{
|
||||
|
@ -89,7 +89,7 @@ int *resolved;
|
|||
fprintf(stderr, "can't resolve hostname: %s\n", host);
|
||||
return 0;
|
||||
}
|
||||
return np->n_net;
|
||||
return htonl(np->n_net);
|
||||
}
|
||||
return *(u_32_t *)hp->h_addr;
|
||||
}
|
||||
|
|
|
@ -11,6 +11,6 @@
|
|||
#ifndef __IPL_H__
|
||||
#define __IPL_H__
|
||||
|
||||
#define IPL_VERSION "IP Filter v3.2.3"
|
||||
#define IPL_VERSION "IP Filter v3.2.7"
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
%e 1500
|
||||
%p 4000
|
||||
%a 4000
|
||||
%o 6000
|
||||
%{
|
||||
/*
|
||||
* Copyright (C) 1997 by Darren Reed.
|
||||
|
@ -10,7 +6,7 @@
|
|||
* provided that this notice is preserved and due credit is given
|
||||
* to the original author and the contributors.
|
||||
*
|
||||
* $Id: iplang_l.l,v 2.0.2.15.2.2 1997/12/10 09:54:15 darrenr Exp $
|
||||
* $Id: iplang_l.l,v 2.0.2.15.2.5 1997/12/28 01:32:13 darrenr Exp $
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
@ -46,134 +42,143 @@ int next_item __P((int));
|
|||
int save_token __P((void));
|
||||
void swallow __P((void));
|
||||
int yylex __P((void));
|
||||
%}
|
||||
|
||||
struct wordtab {
|
||||
char *word;
|
||||
int state;
|
||||
int next;
|
||||
};
|
||||
|
||||
struct wordtab words[] = {
|
||||
{ "interface", IL_INTERFACE, -1 },
|
||||
{ "iface", IL_INTERFACE, -1 },
|
||||
{ "name", IL_IFNAME, IL_TOKEN },
|
||||
{ "ifname", IL_IFNAME, IL_TOKEN },
|
||||
{ "router", IL_DEFROUTER, IL_TOKEN },
|
||||
{ "mtu", IL_MTU, IL_NUMBER },
|
||||
{ "eaddr", IL_EADDR, IL_TOKEN },
|
||||
{ "v4addr", IL_V4ADDR, IL_TOKEN },
|
||||
{ "ipv4", IL_IPV4, -1 },
|
||||
{ "v", IL_V4V, IL_TOKEN },
|
||||
{ "proto", IL_V4PROTO, IL_TOKEN },
|
||||
{ "hl", IL_V4HL, IL_TOKEN },
|
||||
{ "id", IL_V4ID, IL_TOKEN },
|
||||
{ "ttl", IL_V4TTL, IL_TOKEN },
|
||||
{ "tos", IL_V4TOS, IL_TOKEN },
|
||||
{ "src", IL_V4SRC, IL_TOKEN },
|
||||
{ "dst", IL_V4DST, IL_TOKEN },
|
||||
{ "opt", IL_OPT, -1 },
|
||||
{ "len", IL_LEN, IL_TOKEN },
|
||||
{ "off", IL_OFF, IL_TOKEN },
|
||||
{ "sum", IL_SUM, IL_TOKEN },
|
||||
{ "tcp", IL_TCP, -1 },
|
||||
{ "sport", IL_SPORT, IL_TOKEN },
|
||||
{ "dport", IL_DPORT, IL_TOKEN },
|
||||
{ "seq", IL_TCPSEQ, IL_TOKEN },
|
||||
{ "ack", IL_TCPACK, IL_TOKEN },
|
||||
{ "flags", IL_TCPFL, IL_TOKEN },
|
||||
{ "urp", IL_TCPURP, IL_TOKEN },
|
||||
{ "win", IL_TCPWIN, IL_TOKEN },
|
||||
{ "udp", IL_UDP, -1 },
|
||||
{ "send", IL_SEND, -1 },
|
||||
{ "via", IL_VIA, IL_TOKEN },
|
||||
{ "arp", IL_ARP, -1 },
|
||||
{ "data", IL_DATA, -1 },
|
||||
{ "value", IL_DVALUE, IL_TOKEN },
|
||||
{ "file", IL_DFILE, IL_TOKEN },
|
||||
{ "nop", IL_IPO_NOP, -1 },
|
||||
{ "eol", IL_IPO_EOL, -1 },
|
||||
{ "rr", IL_IPO_RR, -1 },
|
||||
{ "zsu", IL_IPO_ZSU, -1 },
|
||||
{ "mtup", IL_IPO_MTUP, -1 },
|
||||
{ "mtur", IL_IPO_MTUR, -1 },
|
||||
{ "encode", IL_IPO_ENCODE, -1 },
|
||||
{ "ts", IL_IPO_TS, -1 },
|
||||
{ "tr", IL_IPO_TR, -1 },
|
||||
{ "sec", IL_IPO_SEC, -1 },
|
||||
{ "secclass", IL_IPO_SECCLASS, IL_TOKEN },
|
||||
{ "lsrr", IL_IPO_LSRR, -1 },
|
||||
{ "esec", IL_IPO_ESEC, -1 },
|
||||
{ "cipso", IL_IPO_CIPSO, -1 },
|
||||
{ "satid", IL_IPO_SATID, -1 },
|
||||
{ "ssrr", IL_IPO_SSRR, -1 },
|
||||
{ "addext", IL_IPO_ADDEXT, -1 },
|
||||
{ "visa", IL_IPO_VISA, -1 },
|
||||
{ "imitd", IL_IPO_IMITD, -1 },
|
||||
{ "eip", IL_IPO_EIP, -1 },
|
||||
{ "finn", IL_IPO_FINN, -1 },
|
||||
{ "mss", IL_TCPO_MSS, IL_TOKEN },
|
||||
{ "wscale", IL_TCPO_WSCALE, IL_TOKEN },
|
||||
{ "reserv-4", IL_IPS_RESERV4, -1 },
|
||||
{ "topsecret", IL_IPS_TOPSECRET, -1 },
|
||||
{ "secret", IL_IPS_SECRET, -1 },
|
||||
{ "reserv-3", IL_IPS_RESERV3, -1 },
|
||||
{ "confid", IL_IPS_CONFID, -1 },
|
||||
{ "unclass", IL_IPS_UNCLASS, -1 },
|
||||
{ "reserv-2", IL_IPS_RESERV2, -1 },
|
||||
{ "reserv-1", IL_IPS_RESERV1, -1 },
|
||||
{ "icmp", IL_ICMP, -1 },
|
||||
{ "type", IL_ICMPTYPE, -1 },
|
||||
{ "code", IL_ICMPCODE, -1 },
|
||||
{ "echorep", IL_ICMP_ECHOREPLY, -1 },
|
||||
{ "unreach", IL_ICMP_UNREACH, -1 },
|
||||
{ "squench", IL_ICMP_SOURCEQUENCH, -1 },
|
||||
{ "redir", IL_ICMP_REDIRECT, -1 },
|
||||
{ "echo", IL_ICMP_ECHO, -1 },
|
||||
{ "routerad", IL_ICMP_ROUTERADVERT, -1 },
|
||||
{ "routersol", IL_ICMP_ROUTERSOLICIT, -1 },
|
||||
{ "timex", IL_ICMP_TIMXCEED, -1 },
|
||||
{ "paramprob", IL_ICMP_PARAMPROB, -1 },
|
||||
{ "timest", IL_ICMP_TSTAMP, -1 },
|
||||
{ "timestrep", IL_ICMP_TSTAMPREPLY, -1 },
|
||||
{ "inforeq", IL_ICMP_IREQ, -1 },
|
||||
{ "inforep", IL_ICMP_IREQREPLY, -1 },
|
||||
{ "maskreq", IL_ICMP_MASKREQ, -1 },
|
||||
{ "maskrep", IL_ICMP_MASKREPLY, -1 },
|
||||
{ "net-unr", IL_ICMP_UNREACH_NET, -1 },
|
||||
{ "host-unr", IL_ICMP_UNREACH_HOST, -1 },
|
||||
{ "proto-unr", IL_ICMP_UNREACH_PROTOCOL, -1 },
|
||||
{ "port-unr", IL_ICMP_UNREACH_PORT, -1 },
|
||||
{ "needfrag", IL_ICMP_UNREACH_NEEDFRAG, -1 },
|
||||
{ "srcfail", IL_ICMP_UNREACH_SRCFAIL, -1 },
|
||||
{ "net-unk", IL_ICMP_UNREACH_NET_UNKNOWN, -1 },
|
||||
{ "host-unk", IL_ICMP_UNREACH_HOST_UNKNOWN, -1 },
|
||||
{ "isolate", IL_ICMP_UNREACH_ISOLATED, -1 },
|
||||
{ "net-prohib", IL_ICMP_UNREACH_NET_PROHIB, -1 },
|
||||
{ "host-prohib", IL_ICMP_UNREACH_HOST_PROHIB, -1 },
|
||||
{ "net-tos", IL_ICMP_UNREACH_TOSNET, -1 },
|
||||
{ "host-tos", IL_ICMP_UNREACH_TOSHOST, -1 },
|
||||
{ "filter-prohib", IL_ICMP_UNREACH_FILTER_PROHIB, -1 },
|
||||
{ "host-preced", IL_ICMP_UNREACH_HOST_PRECEDENCE, -1 },
|
||||
{ "cutoff-preced", IL_ICMP_UNREACH_PRECEDENCE_CUTOFF, -1 },
|
||||
{ "net-redir", IL_ICMP_REDIRECT_NET, -1 },
|
||||
{ "host-redir", IL_ICMP_REDIRECT_HOST, -1 },
|
||||
{ "tos-net-redir", IL_ICMP_REDIRECT_TOSNET, -1 },
|
||||
{ "tos-host-redir", IL_ICMP_REDIRECT_TOSHOST, -1 },
|
||||
{ "intrans", IL_ICMP_TIMXCEED_INTRANS, -1 },
|
||||
{ "reass", IL_ICMP_TIMXCEED_REASS, -1 },
|
||||
{ "optabsent", IL_ICMP_PARAMPROB_OPTABSENT, -1 },
|
||||
{ "otime", IL_ICMP_OTIME, -1 },
|
||||
{ "rtime", IL_ICMP_RTIME, -1 },
|
||||
{ "ttime", IL_ICMP_TTIME, -1 },
|
||||
{ "icmpseq", IL_ICMP_SEQ, -1 },
|
||||
{ "icmpid", IL_ICMP_SEQ, -1 },
|
||||
{ ".", IL_DOT, -1 },
|
||||
{ NULL, 0, 0 }
|
||||
};
|
||||
%}
|
||||
white [ \t\r]+
|
||||
%%
|
||||
[ \t\r] ;
|
||||
{white} ;
|
||||
\n { lineNum++; swallow(); }
|
||||
interface |
|
||||
iface { return next_state(IL_INTERFACE, -1); }
|
||||
name |
|
||||
ifname { return next_state(IL_IFNAME, IL_TOKEN); }
|
||||
router { return next_state(IL_DEFROUTER, IL_TOKEN); }
|
||||
mtu { return next_state(IL_MTU, IL_NUMBER); }
|
||||
eaddr { return next_state(IL_EADDR, IL_TOKEN); }
|
||||
v4addr { return next_state(IL_V4ADDR, IL_TOKEN); }
|
||||
ipv4 { return next_state(IL_IPV4, -1); }
|
||||
v { return next_state(IL_V4V, IL_TOKEN); }
|
||||
proto { return next_state(IL_V4PROTO, IL_TOKEN); }
|
||||
hl { return next_state(IL_V4HL, IL_TOKEN); }
|
||||
id { return next_state(IL_V4ID, IL_TOKEN); }
|
||||
ttl { return next_state(IL_V4TTL, IL_TOKEN); }
|
||||
tos { return next_state(IL_V4TOS, IL_TOKEN); }
|
||||
src { return next_state(IL_V4SRC, IL_TOKEN); }
|
||||
dst { return next_state(IL_V4DST, IL_TOKEN); }
|
||||
opt { return next_state(IL_OPT, -1); }
|
||||
len { return next_state(IL_LEN, IL_TOKEN); }
|
||||
off { return next_state(IL_OFF, IL_TOKEN); }
|
||||
sum { return next_state(IL_SUM, IL_TOKEN); }
|
||||
tcp { return next_state(IL_TCP, -1); }
|
||||
sport { return next_state(IL_SPORT, IL_TOKEN); }
|
||||
dport { return next_state(IL_DPORT, IL_TOKEN); }
|
||||
seq { return next_state(IL_TCPSEQ, IL_TOKEN); }
|
||||
ack { return next_state(IL_TCPACK, IL_TOKEN); }
|
||||
flags { return next_state(IL_TCPFL, IL_TOKEN); }
|
||||
urp { return next_state(IL_TCPURP, IL_TOKEN); }
|
||||
win { return next_state(IL_TCPWIN, IL_TOKEN); }
|
||||
udp { return next_state(IL_UDP, -1); }
|
||||
send { return next_state(IL_SEND, -1); }
|
||||
via { return next_state(IL_VIA, IL_TOKEN); }
|
||||
arp { return next_state(IL_ARP, -1); }
|
||||
data { return next_state(IL_DATA, -1); }
|
||||
value { return next_state(IL_DVALUE, IL_TOKEN); }
|
||||
file { return next_state(IL_DFILE, IL_TOKEN); }
|
||||
nop { return next_state(IL_IPO_NOP, -1); }
|
||||
eol { return next_state(IL_IPO_EOL, -1); }
|
||||
rr { return next_state(IL_IPO_RR, -1); }
|
||||
zsu { return next_state(IL_IPO_ZSU, -1); }
|
||||
mtup { return next_state(IL_IPO_MTUP, -1); }
|
||||
mtur { return next_state(IL_IPO_MTUR, -1); }
|
||||
encode { return next_state(IL_IPO_ENCODE, -1); }
|
||||
ts { return next_state(IL_IPO_TS, -1); }
|
||||
tr { return next_state(IL_IPO_TR, -1); }
|
||||
sec { return next_state(IL_IPO_SEC, -1); }
|
||||
secclass { return next_state(IL_IPO_SECCLASS, IL_TOKEN); }
|
||||
lsrr { return next_state(IL_IPO_LSRR, -1); }
|
||||
esec { return next_state(IL_IPO_ESEC, -1); }
|
||||
cipso { return next_state(IL_IPO_CIPSO, -1); }
|
||||
satid { return next_state(IL_IPO_SATID, -1); }
|
||||
ssrr { return next_state(IL_IPO_SSRR, -1); }
|
||||
addext { return next_state(IL_IPO_ADDEXT, -1); }
|
||||
visa { return next_state(IL_IPO_VISA, -1); }
|
||||
imitd { return next_state(IL_IPO_IMITD, -1); }
|
||||
eip { return next_state(IL_IPO_EIP, -1); }
|
||||
finn { return next_state(IL_IPO_FINN, -1); }
|
||||
mss { return next_state(IL_TCPO_MSS, IL_TOKEN); }
|
||||
wscale { return next_state(IL_TCPO_MSS, IL_TOKEN); }
|
||||
reserv-4 { return next_state(IL_IPS_RESERV4, -1); }
|
||||
topsecret { return next_state(IL_IPS_TOPSECRET, -1); }
|
||||
secret { return next_state(IL_IPS_SECRET, -1); }
|
||||
reserv-3 { return next_state(IL_IPS_RESERV3, -1); }
|
||||
confid { return next_state(IL_IPS_CONFID, -1); }
|
||||
unclass { return next_state(IL_IPS_UNCLASS, -1); }
|
||||
reserv-2 { return next_state(IL_IPS_RESERV2, -1); }
|
||||
reserv-1 { return next_state(IL_IPS_RESERV1, -1); }
|
||||
icmp { return next_state(IL_ICMP, -1); }
|
||||
type { return next_state(IL_ICMPTYPE, -1); }
|
||||
code { return next_state(IL_ICMPCODE, -1); }
|
||||
echorep { return next_state(IL_ICMP_ECHOREPLY, -1); }
|
||||
unreach { return next_state(IL_ICMP_UNREACH, -1); }
|
||||
squench { return next_state(IL_ICMP_SOURCEQUENCH, -1); }
|
||||
redir { return next_state(IL_ICMP_REDIRECT, -1); }
|
||||
echo { return next_state(IL_ICMP_ECHO, -1); }
|
||||
routerad { return next_state(IL_ICMP_ROUTERADVERT, -1); }
|
||||
routersol { return next_state(IL_ICMP_ROUTERSOLICIT, -1); }
|
||||
timex { return next_state(IL_ICMP_TIMXCEED, -1); }
|
||||
paramprob { return next_state(IL_ICMP_PARAMPROB, -1); }
|
||||
timest { return next_state(IL_ICMP_TSTAMP, -1); }
|
||||
timestrep { return next_state(IL_ICMP_TSTAMPREPLY, -1); }
|
||||
inforeq { return next_state(IL_ICMP_IREQ, -1); }
|
||||
inforep { return next_state(IL_ICMP_IREQREPLY, -1); }
|
||||
maskreq { return next_state(IL_ICMP_MASKREQ, -1); }
|
||||
maskrep { return next_state(IL_ICMP_MASKREPLY, -1); }
|
||||
net-unr { return next_state(IL_ICMP_UNREACH_NET, -1); }
|
||||
host-unr { return next_state(IL_ICMP_UNREACH_HOST, -1); }
|
||||
proto-unr { return next_state(IL_ICMP_UNREACH_PROTOCOL, -1); }
|
||||
port-unr { return next_state(IL_ICMP_UNREACH_PORT, -1); }
|
||||
needfrag { return next_state(IL_ICMP_UNREACH_NEEDFRAG, -1); }
|
||||
srcfail { return next_state(IL_ICMP_UNREACH_SRCFAIL, -1); }
|
||||
net-unk { return next_state(IL_ICMP_UNREACH_NET_UNKNOWN, -1); }
|
||||
host-unk { return next_state(IL_ICMP_UNREACH_HOST_UNKNOWN, -1); }
|
||||
isolate { return next_state(IL_ICMP_UNREACH_ISOLATED, -1); }
|
||||
net-prohib { return next_state(IL_ICMP_UNREACH_NET_PROHIB, -1); }
|
||||
host-prohib { return next_state(IL_ICMP_UNREACH_HOST_PROHIB, -1); }
|
||||
net-tos { return next_state(IL_ICMP_UNREACH_TOSNET, -1); }
|
||||
host-tos { return next_state(IL_ICMP_UNREACH_TOSHOST, -1); }
|
||||
filter-prohib { return next_state(IL_ICMP_UNREACH_FILTER_PROHIB, -1); }
|
||||
host-preced { return next_state(IL_ICMP_UNREACH_HOST_PRECEDENCE, -1); }
|
||||
cutoff-preced { return next_state(IL_ICMP_UNREACH_PRECEDENCE_CUTOFF, -1); }
|
||||
net-redir { return next_state(IL_ICMP_REDIRECT_NET, -1); }
|
||||
host-redir { return next_state(IL_ICMP_REDIRECT_HOST, -1); }
|
||||
tos-net-redir { return next_state(IL_ICMP_REDIRECT_TOSNET, -1); }
|
||||
tos-host-redir { return next_state(IL_ICMP_REDIRECT_TOSHOST, -1); }
|
||||
intrans { return next_state(IL_ICMP_TIMXCEED_INTRANS, -1); }
|
||||
reass { return next_state(IL_ICMP_TIMXCEED_REASS, -1); }
|
||||
optabsent { return next_state(IL_ICMP_PARAMPROB_OPTABSENT, -1); }
|
||||
otime { return next_state(IL_ICMP_OTIME, -1); }
|
||||
rtime { return next_state(IL_ICMP_RTIME, -1); }
|
||||
ttime { return next_state(IL_ICMP_TTIME, -1); }
|
||||
icmpseq { return next_state(IL_ICMP_SEQ, -1); }
|
||||
icmpid { return next_state(IL_ICMP_SEQ, -1); }
|
||||
\377 { return 0; } /* EOF */
|
||||
\{ { push_proto(); return next_item('{'); }
|
||||
\} { pop_proto(); return next_item('}'); }
|
||||
\. { return next_item(IL_DOT); }
|
||||
; { return next_item(';'); }
|
||||
[0-9]+ { return next_item(IL_NUMBER); }
|
||||
[0-9a-fA-F] { return next_item(IL_HEXDIGIT); }
|
||||
: { return next_item(IL_COLON); }
|
||||
#[^\n]* { return next_item(IL_COMMENT); }
|
||||
[^ {}\n\t;]* { return next_item(IL_TOKEN); }
|
||||
[^ \{\}\n\t;:{}]* { return next_item(IL_TOKEN); }
|
||||
\"[^\"]*\" { return next_item(IL_TOKEN); }
|
||||
%%
|
||||
void yyerror(msg)
|
||||
|
@ -220,10 +225,21 @@ int save_token()
|
|||
int next_item(nstate)
|
||||
int nstate;
|
||||
{
|
||||
struct wordtab *wt;
|
||||
|
||||
if (opts & OPT_DEBUG)
|
||||
printf("text=[%s] id=%d next=%d\n", yytext, nstate, next);
|
||||
if (next == IL_TOKEN) {
|
||||
next = -1;
|
||||
return save_token();
|
||||
}
|
||||
token++;
|
||||
|
||||
for (wt = words; wt->word; wt++)
|
||||
if (!strcasecmp(wt->word, yytext))
|
||||
return next_state(wt->state, wt->next);
|
||||
if (opts & OPT_DEBUG)
|
||||
printf("unknown keyword=[%s]\n", yytext);
|
||||
next = -1;
|
||||
if (nstate == IL_NUMBER)
|
||||
yylval.num = atoi(yytext);
|
||||
|
@ -235,13 +251,6 @@ int nstate;
|
|||
int next_state(nstate, fornext)
|
||||
int nstate, fornext;
|
||||
{
|
||||
token++;
|
||||
|
||||
if (next == IL_TOKEN) {
|
||||
next = -1;
|
||||
return save_token();
|
||||
}
|
||||
|
||||
next = fornext;
|
||||
|
||||
switch (nstate)
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* provided that this notice is preserved and due credit is given
|
||||
* to the original author and the contributors.
|
||||
*
|
||||
* $Id: iplang_y.y,v 2.0.2.18.2.5 1997/12/10 09:54:45 darrenr Exp $
|
||||
* $Id: iplang_y.y,v 2.0.2.18.2.7 1998/05/23 14:29:53 darrenr Exp $
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
|
@ -48,7 +48,9 @@
|
|||
#include "ipf.h"
|
||||
#include "iplang.h"
|
||||
|
||||
#ifndef __NetBSD__
|
||||
extern struct ether_addr *ether_aton __P((char *));
|
||||
#endif
|
||||
|
||||
extern int opts;
|
||||
extern struct ipopt_names ionames[];
|
||||
|
@ -345,7 +347,7 @@ tcpopts:
|
|||
tcpopt: IL_TCPO_NOP ';' { set_tcpopt(IL_TCPO_NOP, NULL); }
|
||||
| IL_TCPO_EOL ';' { set_tcpopt(IL_TCPO_EOL, NULL); }
|
||||
| IL_TCPO_MSS optoken { set_tcpopt(IL_TCPO_MSS,&$2);}
|
||||
| IL_TCPO_WSCALE optoken { set_tcpopt(IL_TCPO_MSS,&$2);}
|
||||
| IL_TCPO_WSCALE optoken { set_tcpopt(IL_TCPO_WSCALE,&$2);}
|
||||
| IL_TCPO_TS optoken { set_tcpopt(IL_TCPO_TS, &$2);}
|
||||
;
|
||||
|
||||
|
@ -779,6 +781,8 @@ char **arg;
|
|||
*t++ = (u_char)(val & 0xff);
|
||||
todo = 0;
|
||||
}
|
||||
if (todo)
|
||||
continue;
|
||||
}
|
||||
if (quote) {
|
||||
if (isdigit(c)) {
|
||||
|
@ -807,8 +811,8 @@ char **arg;
|
|||
*t++ = '\t';
|
||||
break;
|
||||
}
|
||||
quote = 0;
|
||||
}
|
||||
quote = 0;
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -817,6 +821,8 @@ char **arg;
|
|||
else
|
||||
*t++ = c;
|
||||
}
|
||||
if (todo)
|
||||
*t++ = (u_char)(val & 0xff);
|
||||
if (quote)
|
||||
*t++ = '\\';
|
||||
len = t - (u_char *)canip->ah_data;
|
||||
|
@ -910,7 +916,7 @@ char **arg;
|
|||
void set_ipv4off(arg)
|
||||
char **arg;
|
||||
{
|
||||
ip->ip_off = strtol(*arg, NULL, 0);
|
||||
ip->ip_off = htons(strtol(*arg, NULL, 0));
|
||||
free(*arg);
|
||||
*arg = NULL;
|
||||
}
|
||||
|
@ -961,7 +967,7 @@ char **arg;
|
|||
void set_ipv4id(arg)
|
||||
char **arg;
|
||||
{
|
||||
ip->ip_id = strtol(*arg, NULL, 0);
|
||||
ip->ip_id = htons(strtol(*arg, NULL, 0));
|
||||
free(*arg);
|
||||
*arg = NULL;
|
||||
}
|
||||
|
@ -999,7 +1005,7 @@ void new_tcpheader()
|
|||
ip->ip_p = IPPROTO_TCP;
|
||||
|
||||
tcp = (tcphdr_t *)new_header(IPPROTO_TCP);
|
||||
tcp->th_win = 4096;
|
||||
tcp->th_win = htons(4096);
|
||||
tcp->th_off = sizeof(*tcp) >> 2;
|
||||
}
|
||||
|
||||
|
@ -1047,7 +1053,7 @@ char **arg;
|
|||
void set_tcpseq(arg)
|
||||
char **arg;
|
||||
{
|
||||
tcp->th_seq = strtol(*arg, NULL, 0);
|
||||
tcp->th_seq = htonl(strtol(*arg, NULL, 0));
|
||||
free(*arg);
|
||||
*arg = NULL;
|
||||
}
|
||||
|
@ -1056,7 +1062,7 @@ char **arg;
|
|||
void set_tcpack(arg)
|
||||
char **arg;
|
||||
{
|
||||
tcp->th_ack = strtol(*arg, NULL, 0);
|
||||
tcp->th_ack = htonl(strtol(*arg, NULL, 0));
|
||||
free(*arg);
|
||||
*arg = NULL;
|
||||
}
|
||||
|
@ -1078,7 +1084,7 @@ char **arg;
|
|||
void set_tcpurp(arg)
|
||||
char **arg;
|
||||
{
|
||||
tcp->th_urp = strtol(*arg, NULL, 0);
|
||||
tcp->th_urp = htons(strtol(*arg, NULL, 0));
|
||||
free(*arg);
|
||||
*arg = NULL;
|
||||
}
|
||||
|
@ -1087,7 +1093,7 @@ char **arg;
|
|||
void set_tcpwin(arg)
|
||||
char **arg;
|
||||
{
|
||||
tcp->th_win = strtol(*arg, NULL, 0);
|
||||
tcp->th_win = htons(strtol(*arg, NULL, 0));
|
||||
free(*arg);
|
||||
*arg = NULL;
|
||||
}
|
||||
|
@ -1298,7 +1304,8 @@ void packet_done()
|
|||
u_char *s = (u_char *)ipbuffer, *t = (u_char *)outline;
|
||||
|
||||
if (opts & OPT_VERBOSE) {
|
||||
for (i = ip->ip_len, j = 0; i; i--, j++, s++) {
|
||||
ip->ip_len = htons(ip->ip_len);
|
||||
for (i = ntohs(ip->ip_len), j = 0; i; i--, j++, s++) {
|
||||
if (j && !(j & 0xf)) {
|
||||
*t++ = '\n';
|
||||
*t = '\0';
|
||||
|
@ -1338,6 +1345,7 @@ void packet_done()
|
|||
}
|
||||
fputs(outline, stdout);
|
||||
fflush(stdout);
|
||||
ip->ip_len = ntohs(ip->ip_len);
|
||||
}
|
||||
|
||||
prep_packet();
|
||||
|
@ -1542,35 +1550,35 @@ char **type;
|
|||
void set_icmpid(arg)
|
||||
int arg;
|
||||
{
|
||||
icmp->icmp_id = arg;
|
||||
icmp->icmp_id = htons(arg);
|
||||
}
|
||||
|
||||
|
||||
void set_icmpseq(arg)
|
||||
int arg;
|
||||
{
|
||||
icmp->icmp_seq = arg;
|
||||
icmp->icmp_seq = htons(arg);
|
||||
}
|
||||
|
||||
|
||||
void set_icmpotime(arg)
|
||||
int arg;
|
||||
{
|
||||
icmp->icmp_otime = arg;
|
||||
icmp->icmp_otime = htonl(arg);
|
||||
}
|
||||
|
||||
|
||||
void set_icmprtime(arg)
|
||||
int arg;
|
||||
{
|
||||
icmp->icmp_rtime = arg;
|
||||
icmp->icmp_rtime = htonl(arg);
|
||||
}
|
||||
|
||||
|
||||
void set_icmpttime(arg)
|
||||
int arg;
|
||||
{
|
||||
icmp->icmp_ttime = arg;
|
||||
icmp->icmp_ttime = htonl(arg);
|
||||
}
|
||||
|
||||
|
||||
|
@ -1578,7 +1586,7 @@ void set_icmpmtu(arg)
|
|||
int arg;
|
||||
{
|
||||
#if BSD >= 199306
|
||||
icmp->icmp_nextmtu = arg;
|
||||
icmp->icmp_nextmtu = htons(arg);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -1730,7 +1738,9 @@ void end_ipv4()
|
|||
aniphdr_t *aip;
|
||||
|
||||
ip->ip_sum = 0;
|
||||
ip->ip_len = htons(ip->ip_len);
|
||||
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
|
||||
ip->ip_len = ntohs(ip->ip_len);
|
||||
free_anipheader();
|
||||
for (aip = aniphead, ip = NULL; aip; aip = aip->ah_next)
|
||||
if (aip->ah_p == IPPROTO_IP)
|
||||
|
@ -1761,9 +1771,10 @@ void end_udp()
|
|||
iptmp.ip_p = ip->ip_p;
|
||||
iptmp.ip_src = ip->ip_src;
|
||||
iptmp.ip_dst = ip->ip_dst;
|
||||
iptmp.ip_len = ip->ip_len - (ip->ip_hl << 2);
|
||||
iptmp.ip_len = htons(ip->ip_len - (ip->ip_hl << 2));
|
||||
sum = p_chksum((u_short *)&iptmp, (u_int)sizeof(iptmp));
|
||||
udp->uh_sum = c_chksum((u_short *)udp, (u_int)iptmp.ip_len, sum);
|
||||
udp->uh_ulen = htons(udp->uh_ulen);
|
||||
udp->uh_sum = c_chksum((u_short *)udp, (u_int)ntohs(iptmp.ip_len), sum);
|
||||
free_anipheader();
|
||||
for (aip = aniphead, udp = NULL; aip; aip = aip->ah_next)
|
||||
if (aip->ah_p == IPPROTO_UDP)
|
||||
|
@ -1781,10 +1792,10 @@ void end_tcp()
|
|||
iptmp.ip_p = ip->ip_p;
|
||||
iptmp.ip_src = ip->ip_src;
|
||||
iptmp.ip_dst = ip->ip_dst;
|
||||
iptmp.ip_len = ip->ip_len - (ip->ip_hl << 2);
|
||||
iptmp.ip_len = htons(ip->ip_len - (ip->ip_hl << 2));
|
||||
sum = p_chksum((u_short *)&iptmp, (u_int)sizeof(iptmp));
|
||||
tcp->th_sum = 0;
|
||||
tcp->th_sum = c_chksum((u_short *)tcp, (u_int)iptmp.ip_len, sum);
|
||||
tcp->th_sum = c_chksum((u_short *)tcp, (u_int)ntohs(iptmp.ip_len), sum);
|
||||
free_anipheader();
|
||||
for (aip = aniphead, tcp = NULL; aip; aip = aip->ah_next)
|
||||
if (aip->ah_p == IPPROTO_TCP)
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <fcntl.h>
|
||||
#include <errno.h>
|
||||
#include <sys/types.h>
|
||||
#if !defined(__SVR4) && !defined(__svr4__)
|
||||
#include <strings.h>
|
||||
|
@ -52,9 +53,16 @@
|
|||
#include "netinet/ip_nat.h"
|
||||
#include "kmem.h"
|
||||
|
||||
#if defined(sun) && !SOLARIS2
|
||||
# define STRERROR(x) sys_errlist[x]
|
||||
extern char *sys_errlist[];
|
||||
#else
|
||||
# define STRERROR(x) strerror(x)
|
||||
#endif
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.0.2.21.2.1 1997/11/08 04:55:55 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.0.2.21.2.6 1998/05/23 19:07:02 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -65,14 +73,14 @@ static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.0.2.21.2.1 1997/11/08 04:55:55
|
|||
extern char *optarg;
|
||||
|
||||
ipnat_t *parse __P((char *));
|
||||
u_long hostnum __P((char *, int *));
|
||||
u_long hostmask __P((char *));
|
||||
u_32_t hostnum __P((char *, int *));
|
||||
u_32_t hostmask __P((char *));
|
||||
u_short portnum __P((char *, char *));
|
||||
void dostats __P((int, int)), flushtable __P((int, int));
|
||||
void printnat __P((ipnat_t *, int, void *));
|
||||
void parsefile __P((int, char *, int));
|
||||
void usage __P((char *));
|
||||
int countbits __P((u_long));
|
||||
int countbits __P((u_32_t));
|
||||
char *getnattype __P((ipnat_t *));
|
||||
int main __P((int, char*[]));
|
||||
|
||||
|
@ -133,7 +141,8 @@ char *argv[];
|
|||
|
||||
if (!(opts & OPT_NODO) && ((fd = open(IPL_NAT, O_RDWR)) == -1) &&
|
||||
((fd = open(IPL_NAT, O_RDONLY)) == -1)) {
|
||||
perror("open");
|
||||
(void) fprintf(stderr, "%s: open: %s\n", IPL_NAT,
|
||||
STRERROR(errno));
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
|
@ -153,9 +162,9 @@ char *argv[];
|
|||
* of bits.
|
||||
*/
|
||||
int countbits(ip)
|
||||
u_long ip;
|
||||
u_32_t ip;
|
||||
{
|
||||
u_long ipn;
|
||||
u_32_t ipn;
|
||||
int cnt = 0, i, j;
|
||||
|
||||
ip = ipn = ntohl(ip);
|
||||
|
@ -233,7 +242,7 @@ void *ptr;
|
|||
else
|
||||
printf("%s", inet_ntoa(np->in_in[1]));
|
||||
printf(" -> %s/", inet_ntoa(np->in_out[0]));
|
||||
bits = countbits(ntohl(np->in_out[1].s_addr));
|
||||
bits = countbits(np->in_out[1].s_addr);
|
||||
if (bits != -1)
|
||||
printf("%d ", bits);
|
||||
else
|
||||
|
@ -408,18 +417,18 @@ char *name, *proto;
|
|||
}
|
||||
|
||||
|
||||
u_long hostmask(msk)
|
||||
u_32_t hostmask(msk)
|
||||
char *msk;
|
||||
{
|
||||
int bits = -1;
|
||||
u_long mask;
|
||||
u_32_t mask;
|
||||
|
||||
if (!isdigit(*msk))
|
||||
return (u_long)-1;
|
||||
return (u_32_t)-1;
|
||||
if (strchr(msk, '.'))
|
||||
return inet_addr(msk);
|
||||
if (strchr(msk, 'x'))
|
||||
return (u_long)strtol(msk, NULL, 0);
|
||||
return (u_32_t)strtol(msk, NULL, 0);
|
||||
/*
|
||||
* set x most significant bits
|
||||
*/
|
||||
|
@ -436,7 +445,7 @@ char *msk;
|
|||
* returns an ip address as a long var as a result of either a DNS lookup or
|
||||
* straight inet_addr() call
|
||||
*/
|
||||
u_long hostnum(host, resolved)
|
||||
u_32_t hostnum(host, resolved)
|
||||
char *host;
|
||||
int *resolved;
|
||||
{
|
||||
|
@ -455,7 +464,7 @@ int *resolved;
|
|||
fprintf(stderr, "can't resolve hostname: %s\n", host);
|
||||
return 0;
|
||||
}
|
||||
return np->n_net;
|
||||
return htonl(np->n_net);
|
||||
}
|
||||
return *(u_32_t *)hp->h_addr;
|
||||
}
|
||||
|
@ -760,7 +769,8 @@ int opts;
|
|||
|
||||
if (strcmp(file, "-")) {
|
||||
if (!(fp = fopen(file, "r"))) {
|
||||
perror(file);
|
||||
(void) fprintf(stderr, "%s: open: %s\n", file,
|
||||
STRERROR(errno));
|
||||
exit(1);
|
||||
}
|
||||
} else
|
||||
|
|
|
@ -29,4 +29,4 @@ Lastly, being passive means that no action is taken to stop port scans being
|
|||
done or discourage them.
|
||||
|
||||
Darren
|
||||
darrenr@cyber.com.au
|
||||
darrenr@pobox.com
|
||||
|
|
|
@ -5,4 +5,4 @@ http://coombs.anu.edu.au/~avalon/ip-filter.html
|
|||
|
||||
Patches, bugs, etc, please send to:
|
||||
|
||||
darrenr@cyber.com.au
|
||||
darrenr@pobox.com
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
*/
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "%W% %G% (C)1995";
|
||||
static const char rcsid[] = "@(#)$Id: ip.c,v 2.0.2.11.2.2 1997/11/28 03:36:47 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ip.c,v 2.0.2.11.2.3 1997/12/21 12:17:37 darrenr Exp $";
|
||||
#endif
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
|
@ -117,7 +117,6 @@ int frag;
|
|||
last_gw.s_addr = gwip.s_addr;
|
||||
iplen = ip->ip_len;
|
||||
ip->ip_len = htons(iplen);
|
||||
ip->ip_off = htons(ip->ip_off);
|
||||
if (!(frag & 2)) {
|
||||
if (!ip->ip_v)
|
||||
ip->ip_v = IPVERSION;
|
||||
|
@ -260,7 +259,7 @@ struct in_addr gwip;
|
|||
|
||||
i = sizeof(struct tcpiphdr) / sizeof(long);
|
||||
|
||||
if ((ti->ti_flags == TH_SYN) && !ip->ip_off &&
|
||||
if ((ti->ti_flags == TH_SYN) && !ntohs(ip->ip_off) &&
|
||||
(lbuf[i] != htonl(0x020405b4))) {
|
||||
lbuf[i] = htonl(0x020405b4);
|
||||
bcopy((char *)ip + hlen + thlen, (char *)ip + hlen + thlen + 4,
|
||||
|
|
|
@ -92,8 +92,6 @@ option combinations:
|
|||
.B \-X
|
||||
The input file is composed of text descriptions of IP packets.
|
||||
.TP
|
||||
.SH FILES
|
||||
.DT
|
||||
.SH SEE ALSO
|
||||
snoop(1m), tcpdump(8), etherfind(8c), ipftest(1), ipresend(1), iptest(1), bpf(4), dlpi(7p)
|
||||
.SH DIAGNOSTICS
|
||||
|
@ -103,5 +101,5 @@ Needs to be run as root.
|
|||
.PP
|
||||
Not all of the input formats are sufficiently capable of introducing a
|
||||
wide enough variety of packets for them to be all useful in testing.
|
||||
If you find any, please send email to me at darrenr@cyber.com.au
|
||||
If you find any, please send email to me at darrenr@pobox.com
|
||||
|
||||
|
|
|
@ -106,4 +106,4 @@ ipsend(1), ipresend(1), iptest(1), protocols(4), bpf(4), dlpi(7p)
|
|||
Needs to be run as root.
|
||||
.SH BUGS
|
||||
.PP
|
||||
If you find any, please send email to me at darrenr@cyber.com.au
|
||||
If you find any, please send email to me at darrenr@pobox.com
|
||||
|
|
|
@ -392,7 +392,10 @@ Address mask request.
|
|||
.B maskrep
|
||||
Address mask reply.
|
||||
.SH FILES
|
||||
/etc/protocols
|
||||
/etc/services
|
||||
/etc/hosts
|
||||
.br
|
||||
/etc/protocols
|
||||
.br
|
||||
/etc/services
|
||||
.SH SEE ALSO
|
||||
ipsend(1), iptest(1), hosts(5), protocols(5), services(5)
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
*/
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: iptests.c,v 2.0.2.13.2.1 1997/11/28 03:37:10 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: iptests.c,v 2.0.2.13.2.2 1997/12/21 12:17:38 darrenr Exp $";
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
|
@ -98,24 +98,21 @@ int ptest;
|
|||
ip->ip_p = IPPROTO_UDP;
|
||||
ip->ip_sum = 0;
|
||||
u = (udphdr_t *)(ip + 1);
|
||||
u->uh_sport = 1;
|
||||
u->uh_dport = 9;
|
||||
u->uh_sport = htons(1);
|
||||
u->uh_dport = htons(9);
|
||||
u->uh_sum = 0;
|
||||
u->uh_ulen = sizeof(*u) + 4;
|
||||
ip->ip_len = sizeof(*ip) + u->uh_ulen;
|
||||
u->uh_ulen = htons(sizeof(*u) + 4);
|
||||
ip->ip_len = sizeof(*ip) + ntohs(u->uh_ulen);
|
||||
len = ip->ip_len;
|
||||
nfd = initdevice(dev, u->uh_sport, 1);
|
||||
|
||||
u->uh_sport = htons(u->uh_sport);
|
||||
u->uh_dport = htons(u->uh_dport);
|
||||
u->uh_ulen = htons(u->uh_ulen);
|
||||
if (!ptest || (ptest == 1)) {
|
||||
/*
|
||||
* Part1: hl < len
|
||||
*/
|
||||
ip->ip_id = 0;
|
||||
printf("1.1. sending packets with ip_hl < ip_len\n");
|
||||
for (i = 0; i < ((sizeof(*ip) + u->uh_ulen) >> 2); i++) {
|
||||
for (i = 0; i < ((sizeof(*ip) + ntohs(u->uh_ulen)) >> 2); i++) {
|
||||
ip->ip_hl = i >> 2;
|
||||
(void) send_ip(nfd, 1500, ip, gwip, 1);
|
||||
printf("%d\r", i);
|
||||
|
@ -131,7 +128,7 @@ int ptest;
|
|||
*/
|
||||
ip->ip_id = 0;
|
||||
printf("1.2. sending packets with ip_hl > ip_len\n");
|
||||
for (; i < ((sizeof(*ip) * 2 + u->uh_ulen) >> 2); i++) {
|
||||
for (; i < ((sizeof(*ip) * 2 + ntohs(u->uh_ulen)) >> 2); i++) {
|
||||
ip->ip_hl = i >> 2;
|
||||
(void) send_ip(nfd, 1500, ip, gwip, 1);
|
||||
printf("%d\r", i);
|
||||
|
@ -181,10 +178,8 @@ int ptest;
|
|||
ip->ip_id = 0;
|
||||
ip->ip_v = IPVERSION;
|
||||
i = ip->ip_len + 1;
|
||||
ip->ip_len = htons(ip->ip_len);
|
||||
ip->ip_off = htons(ip->ip_off);
|
||||
printf("1.5.0 ip_len < packet size (size++, long packets)\n");
|
||||
for (; i < (ntohs(ip->ip_len) * 2); i++) {
|
||||
for (; i < (ip->ip_len * 2); i++) {
|
||||
ip->ip_id = htons(id++);
|
||||
ip->ip_sum = 0;
|
||||
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
|
||||
|
@ -197,7 +192,7 @@ int ptest;
|
|||
printf("1.5.1 ip_len < packet size (ip_len-, short packets)\n");
|
||||
for (i = len; i > 0; i--) {
|
||||
ip->ip_id = htons(id++);
|
||||
ip->ip_len = htons(i);
|
||||
ip->ip_len = i;
|
||||
ip->ip_sum = 0;
|
||||
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
|
||||
(void) send_ether(nfd, (char *)ip, len, gwip);
|
||||
|
@ -216,7 +211,7 @@ int ptest;
|
|||
printf("1.6.0 ip_len > packet size (increase ip_len)\n");
|
||||
for (i = len + 1; i < (len * 2); i++) {
|
||||
ip->ip_id = htons(id++);
|
||||
ip->ip_len = htons(i);
|
||||
ip->ip_len = i;
|
||||
ip->ip_sum = 0;
|
||||
ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2);
|
||||
(void) send_ether(nfd, (char *)ip, len, gwip);
|
||||
|
@ -225,7 +220,7 @@ int ptest;
|
|||
PAUSE();
|
||||
}
|
||||
putchar('\n');
|
||||
ip->ip_len = htons(len);
|
||||
ip->ip_len = len;
|
||||
printf("1.6.1 ip_len > packet size (size--, short packets)\n");
|
||||
for (i = len; i > 0; i--) {
|
||||
ip->ip_id = htons(id++);
|
||||
|
@ -288,7 +283,7 @@ int ptest;
|
|||
* about that here.
|
||||
*/
|
||||
ip->ip_p = IPPROTO_ICMP;
|
||||
ip->ip_off = IP_MF;
|
||||
ip->ip_off = htons(IP_MF);
|
||||
u->uh_dport = htons(9);
|
||||
ip->ip_id = htons(id++);
|
||||
printf("1.8.1 63k packet + 1k fragment at offset 0x1ffe\n");
|
||||
|
@ -299,14 +294,14 @@ int ptest;
|
|||
ip->ip_len = MIN(768 + 20, mtu - 68);
|
||||
i = 512;
|
||||
for (; i < (63 * 1024 + 768); i += 768) {
|
||||
ip->ip_off = IP_MF | (i >> 3);
|
||||
ip->ip_off = htons(IP_MF | (i >> 3));
|
||||
(void) send_ip(nfd, mtu, ip, gwip, 1);
|
||||
printf("%d\r", i);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
}
|
||||
ip->ip_len = 896 + 20;
|
||||
ip->ip_off = (i >> 3);
|
||||
ip->ip_off = htons(i >> 3);
|
||||
(void) send_ip(nfd, mtu, ip, gwip, 1);
|
||||
printf("%d\r", i);
|
||||
putchar('\n');
|
||||
|
@ -319,7 +314,7 @@ int ptest;
|
|||
* about that here. (Lossage here)
|
||||
*/
|
||||
ip->ip_p = IPPROTO_ICMP;
|
||||
ip->ip_off = IP_MF;
|
||||
ip->ip_off = htons(IP_MF);
|
||||
u->uh_dport = htons(9);
|
||||
ip->ip_id = htons(id++);
|
||||
printf("1.8.2 63k packet + 1k fragment at offset 0x1ffe\n");
|
||||
|
@ -333,7 +328,7 @@ int ptest;
|
|||
ip->ip_len = MIN(768 + 20, mtu - 68);
|
||||
i = 512;
|
||||
for (; i < (63 * 1024 + 768); i += 768) {
|
||||
ip->ip_off = IP_MF | (i >> 3);
|
||||
ip->ip_off = htons(IP_MF | (i >> 3));
|
||||
if ((rand() & 0x1f) != 0) {
|
||||
(void) send_ip(nfd, mtu, ip, gwip, 1);
|
||||
printf("%d\r", i);
|
||||
|
@ -343,7 +338,7 @@ int ptest;
|
|||
PAUSE();
|
||||
}
|
||||
ip->ip_len = 896 + 20;
|
||||
ip->ip_off = (i >> 3);
|
||||
ip->ip_off = htons(i >> 3);
|
||||
if ((rand() & 0x1f) != 0) {
|
||||
(void) send_ip(nfd, mtu, ip, gwip, 1);
|
||||
printf("%d\r", i);
|
||||
|
@ -359,7 +354,7 @@ int ptest;
|
|||
* about that here.
|
||||
*/
|
||||
ip->ip_p = IPPROTO_ICMP;
|
||||
ip->ip_off = IP_MF;
|
||||
ip->ip_off = htons(IP_MF);
|
||||
u->uh_dport = htons(9);
|
||||
ip->ip_id = htons(id++);
|
||||
printf("1.8.3 33k packet\n");
|
||||
|
@ -370,14 +365,14 @@ int ptest;
|
|||
ip->ip_len = MIN(768 + 20, mtu - 68);
|
||||
i = 512;
|
||||
for (; i < (32 * 1024 + 768); i += 768) {
|
||||
ip->ip_off = IP_MF | (i >> 3);
|
||||
ip->ip_off = htons(IP_MF | (i >> 3));
|
||||
(void) send_ip(nfd, mtu, ip, gwip, 1);
|
||||
printf("%d\r", i);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
}
|
||||
ip->ip_len = 896 + 20;
|
||||
ip->ip_off = (i >> 3);
|
||||
ip->ip_off = htons(i >> 3);
|
||||
(void) send_ip(nfd, mtu, ip, gwip, 1);
|
||||
printf("%d\r", i);
|
||||
putchar('\n');
|
||||
|
@ -391,7 +386,7 @@ int ptest;
|
|||
* Part9: off & 0x8000 == 0x8000
|
||||
*/
|
||||
ip->ip_id = 0;
|
||||
ip->ip_off = 0x8000;
|
||||
ip->ip_off = htons(0x8000);
|
||||
printf("1.9. ip_off & 0x8000 == 0x8000\n");
|
||||
(void) send_ip(nfd, mtu, ip, gwip, 1);
|
||||
fflush(stdout);
|
||||
|
@ -440,7 +435,7 @@ int ptest;
|
|||
u_char *s;
|
||||
|
||||
s = (u_char *)(ip + 1);
|
||||
nfd = initdevice(dev, 1, 1);
|
||||
nfd = initdevice(dev, htons(1), 1);
|
||||
|
||||
ip->ip_hl = 6;
|
||||
ip->ip_len = ip->ip_hl << 2;
|
||||
|
@ -539,7 +534,7 @@ int ptest;
|
|||
ip->ip_sum = 0;
|
||||
ip->ip_len = sizeof(*ip) + sizeof(*icp);
|
||||
icp = (struct icmp *)((char *)ip + (ip->ip_hl << 2));
|
||||
nfd = initdevice(dev, 1, 1);
|
||||
nfd = initdevice(dev, htons(1), 1);
|
||||
|
||||
if (!ptest || (ptest == 1)) {
|
||||
/*
|
||||
|
@ -731,20 +726,20 @@ int ptest;
|
|||
ip->ip_p = IPPROTO_UDP;
|
||||
ip->ip_sum = 0;
|
||||
u = (udphdr_t *)((char *)ip + (ip->ip_hl << 2));
|
||||
u->uh_sport = 1;
|
||||
u->uh_dport = 1;
|
||||
u->uh_ulen = sizeof(*u) + 4;
|
||||
u->uh_sport = htons(1);
|
||||
u->uh_dport = htons(1);
|
||||
u->uh_ulen = htons(sizeof(*u) + 4);
|
||||
nfd = initdevice(dev, u->uh_sport, 1);
|
||||
|
||||
if (!ptest || (ptest == 1)) {
|
||||
/*
|
||||
* Test 1. ulen > packet
|
||||
*/
|
||||
u->uh_ulen = sizeof(*u) + 4;
|
||||
ip->ip_len = (ip->ip_hl << 2) + u->uh_ulen;
|
||||
u->uh_ulen = htons(sizeof(*u) + 4);
|
||||
ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen);
|
||||
printf("4.1 UDP uh_ulen > packet size - short packets\n");
|
||||
for (i = u->uh_ulen * 2; i > sizeof(*u) + 4; i--) {
|
||||
u->uh_ulen = i;
|
||||
for (i = ntohs(u->uh_ulen) * 2; i > sizeof(*u) + 4; i--) {
|
||||
u->uh_ulen = htons(i);
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
printf("%d\r", i);
|
||||
fflush(stdout);
|
||||
|
@ -757,10 +752,10 @@ int ptest;
|
|||
/*
|
||||
* Test 2. ulen < packet
|
||||
*/
|
||||
u->uh_ulen = sizeof(*u) + 4;
|
||||
ip->ip_len = (ip->ip_hl << 2) + u->uh_ulen;
|
||||
u->uh_ulen = htons(sizeof(*u) + 4);
|
||||
ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen);
|
||||
printf("4.2 UDP uh_ulen < packet size - short packets\n");
|
||||
for (i = u->uh_ulen * 2; i > sizeof(*u) + 4; i--) {
|
||||
for (i = ntohs(u->uh_ulen) * 2; i > sizeof(*u) + 4; i--) {
|
||||
ip->ip_len = i;
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
printf("%d\r", i);
|
||||
|
@ -776,7 +771,7 @@ int ptest;
|
|||
* sport = 32768, sport = 65535
|
||||
*/
|
||||
u->uh_ulen = sizeof(*u) + 4;
|
||||
ip->ip_len = (ip->ip_hl << 2) + u->uh_ulen;
|
||||
ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen);
|
||||
printf("4.3.1 UDP sport = 0\n");
|
||||
u->uh_sport = 0;
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
|
@ -784,26 +779,26 @@ int ptest;
|
|||
fflush(stdout);
|
||||
PAUSE();
|
||||
printf("4.3.2 UDP sport = 1\n");
|
||||
u->uh_sport = 1;
|
||||
u->uh_sport = htons(1);
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
printf("1\n");
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
printf("4.3.3 UDP sport = 32767\n");
|
||||
u->uh_sport = 32767;
|
||||
u->uh_sport = htons(32767);
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
printf("32767\n");
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
printf("4.3.4 UDP sport = 32768\n");
|
||||
u->uh_sport = 32768;
|
||||
u->uh_sport = htons(32768);
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
printf("32768\n");
|
||||
putchar('\n');
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
printf("4.3.5 UDP sport = 65535\n");
|
||||
u->uh_sport = 65535;
|
||||
u->uh_sport = htons(65535);
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
printf("65535\n");
|
||||
fflush(stdout);
|
||||
|
@ -815,9 +810,9 @@ int ptest;
|
|||
* Test 4: dport = 0, dport = 1, dport = 32767
|
||||
* dport = 32768, dport = 65535
|
||||
*/
|
||||
u->uh_ulen = sizeof(*u) + 4;
|
||||
u->uh_sport = 1;
|
||||
ip->ip_len = (ip->ip_hl << 2) + u->uh_ulen;
|
||||
u->uh_ulen = ntohs(sizeof(*u) + 4);
|
||||
u->uh_sport = htons(1);
|
||||
ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen);
|
||||
printf("4.4.1 UDP dport = 0\n");
|
||||
u->uh_dport = 0;
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
|
@ -825,25 +820,25 @@ int ptest;
|
|||
fflush(stdout);
|
||||
PAUSE();
|
||||
printf("4.4.2 UDP dport = 1\n");
|
||||
u->uh_dport = 1;
|
||||
u->uh_dport = htons(1);
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
printf("1\n");
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
printf("4.4.3 UDP dport = 32767\n");
|
||||
u->uh_dport = 32767;
|
||||
u->uh_dport = htons(32767);
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
printf("32767\n");
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
printf("4.4.4 UDP dport = 32768\n");
|
||||
u->uh_dport = 32768;
|
||||
u->uh_dport = htons(32768);
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
printf("32768\n");
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
printf("4.4.5 UDP dport = 65535\n");
|
||||
u->uh_dport = 65535;
|
||||
u->uh_dport = htons(65535);
|
||||
(void) send_udp(nfd, 1500, ip, gwip);
|
||||
printf("65535\n");
|
||||
fflush(stdout);
|
||||
|
@ -856,7 +851,7 @@ int ptest;
|
|||
* sizeof(ip_t)
|
||||
*/
|
||||
printf("4.5 UDP 20 <= MTU <= 32\n");
|
||||
for (i = sizeof(*ip); i <= u->uh_ulen; i++) {
|
||||
for (i = sizeof(*ip); i <= ntohs(u->uh_ulen); i++) {
|
||||
(void) send_udp(nfd, i, ip, gwip);
|
||||
printf("%d\r", i);
|
||||
fflush(stdout);
|
||||
|
@ -885,12 +880,12 @@ int ptest;
|
|||
t->th_x2 = 0;
|
||||
#endif
|
||||
t->th_off = 0;
|
||||
t->th_sport = 1;
|
||||
t->th_dport = 1;
|
||||
t->th_win = 4096;
|
||||
t->th_sport = htons(1);
|
||||
t->th_dport = htons(1);
|
||||
t->th_win = htons(4096);
|
||||
t->th_urp = 0;
|
||||
t->th_sum = 0;
|
||||
t->th_seq = 1;
|
||||
t->th_seq = htonl(1);
|
||||
t->th_ack = 0;
|
||||
ip->ip_len = sizeof(ip_t) + sizeof(tcphdr_t);
|
||||
nfd = initdevice(dev, t->th_sport, 1);
|
||||
|
@ -919,37 +914,37 @@ int ptest;
|
|||
* seq = 0xa000000, seq = 0xffffffff
|
||||
*/
|
||||
printf("5.2.1 TCP seq = 0\n");
|
||||
t->th_seq = 0;
|
||||
t->th_seq = htonl(0);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.2.2 TCP seq = 1\n");
|
||||
t->th_seq = 1;
|
||||
t->th_seq = htonl(1);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.2.3 TCP seq = 0x7fffffff\n");
|
||||
t->th_seq = 0x7fffffff;
|
||||
t->th_seq = htonl(0x7fffffff);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.2.4 TCP seq = 0x80000000\n");
|
||||
t->th_seq = 0x80000000;
|
||||
t->th_seq = htonl(0x80000000);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.2.5 TCP seq = 0xc0000000\n");
|
||||
t->th_seq = 0xc0000000;
|
||||
t->th_seq = htonl(0xc0000000);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.2.6 TCP seq = 0xffffffff\n");
|
||||
t->th_seq = 0xffffffff;
|
||||
t->th_seq = htonl(0xffffffff);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
@ -968,31 +963,31 @@ int ptest;
|
|||
PAUSE();
|
||||
|
||||
printf("5.3.2 TCP ack = 1\n");
|
||||
t->th_ack = 1;
|
||||
t->th_ack = htonl(1);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.3.3 TCP ack = 0x7fffffff\n");
|
||||
t->th_ack = 0x7fffffff;
|
||||
t->th_ack = htonl(0x7fffffff);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.3.4 TCP ack = 0x80000000\n");
|
||||
t->th_ack = 0x80000000;
|
||||
t->th_ack = htonl(0x80000000);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.3.5 TCP ack = 0xc0000000\n");
|
||||
t->th_ack = 0xc0000000;
|
||||
t->th_ack = htonl(0xc0000000);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.3.6 TCP ack = 0xffffffff\n");
|
||||
t->th_ack = 0xffffffff;
|
||||
t->th_ack = htonl(0xffffffff);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
@ -1004,19 +999,19 @@ int ptest;
|
|||
* Test 4: win = 0, win = 32768, win = 65535
|
||||
*/
|
||||
printf("5.4.1 TCP win = 0\n");
|
||||
t->th_seq = 0;
|
||||
t->th_seq = htonl(0);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.4.2 TCP win = 32768\n");
|
||||
t->th_seq = 0x7fff;
|
||||
t->th_seq = htonl(0x7fff);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.4.3 TCP win = 65535\n");
|
||||
t->th_win = 0xffff;
|
||||
t->th_win = htons(0xffff);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
@ -1061,7 +1056,7 @@ int ptest;
|
|||
}
|
||||
KMCPY(&tcb, tcbp, sizeof(tcb));
|
||||
ti.ti_win = tcb.rcv_adv;
|
||||
ti.ti_seq = tcb.snd_nxt - 1;
|
||||
ti.ti_seq = htonl(tcb.snd_nxt - 1);
|
||||
ti.ti_ack = tcb.rcv_nxt;
|
||||
|
||||
if (!ptest || (ptest == 5)) {
|
||||
|
@ -1075,7 +1070,7 @@ int ptest;
|
|||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
PAUSE();
|
||||
|
||||
t->th_seq = tcb.snd_nxt;
|
||||
t->th_seq = htonl(tcb.snd_nxt);
|
||||
ip->ip_len = sizeof(ip_t) + sizeof(tcphdr_t) + 1;
|
||||
t->th_urp = htons(0x7fff);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
|
@ -1086,7 +1081,7 @@ int ptest;
|
|||
t->th_urp = htons(0xffff);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
PAUSE();
|
||||
t->th_urp = htons(0);
|
||||
t->th_urp = 0;
|
||||
t->th_flags &= ~TH_URG;
|
||||
ip->ip_len = sizeof(ip_t) + sizeof(tcphdr_t);
|
||||
}
|
||||
|
@ -1112,8 +1107,8 @@ int ptest;
|
|||
}
|
||||
skip_five_and_six:
|
||||
#endif
|
||||
t->th_seq = 1;
|
||||
t->th_ack = 1;
|
||||
t->th_seq = htonl(1);
|
||||
t->th_ack = htonl(1);
|
||||
t->th_off = 0;
|
||||
|
||||
if (!ptest || (ptest == 7)) {
|
||||
|
@ -1129,32 +1124,32 @@ skip_five_and_six:
|
|||
PAUSE();
|
||||
|
||||
printf("5.7.2 TCP sport = 1\n");
|
||||
t->th_sport = 1;
|
||||
t->th_sport = htons(1);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.7.3 TCP sport = 32767\n");
|
||||
t->th_sport = 32767;
|
||||
t->th_sport = htons(32767);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.7.4 TCP sport = 32768\n");
|
||||
t->th_sport = 32768;
|
||||
t->th_sport = htons(32768);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.7.5 TCP sport = 65535\n");
|
||||
t->th_sport = 65535;
|
||||
t->th_sport = htons(65535);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
}
|
||||
|
||||
if (!ptest || (ptest == 8)) {
|
||||
t->th_sport = 1;
|
||||
t->th_sport = htons(1);
|
||||
t->th_flags = TH_SYN;
|
||||
/*
|
||||
* Test 8: dport = 0, dport = 1, dport = 32767
|
||||
|
@ -1167,25 +1162,25 @@ skip_five_and_six:
|
|||
PAUSE();
|
||||
|
||||
printf("5.8.2 TCP dport = 1\n");
|
||||
t->th_dport = 1;
|
||||
t->th_dport = htons(1);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.8.3 TCP dport = 32767\n");
|
||||
t->th_dport = 32767;
|
||||
t->th_dport = htons(32767);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.8.4 TCP dport = 32768\n");
|
||||
t->th_dport = 32768;
|
||||
t->th_dport = htons(32768);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
||||
printf("5.8.5 TCP dport = 65535\n");
|
||||
t->th_dport = 65535;
|
||||
t->th_dport = htons(65535);
|
||||
(void) send_tcp(nfd, mtu, ip, gwip);
|
||||
fflush(stdout);
|
||||
PAUSE();
|
||||
|
@ -1229,14 +1224,12 @@ int ptest;
|
|||
ip->ip_p = IPPROTO_UDP;
|
||||
ip->ip_sum = 0;
|
||||
u = (udphdr_t *)(ip + 1);
|
||||
u->uh_sport = 1;
|
||||
u->uh_dport = 9;
|
||||
u->uh_sport = htons(1);
|
||||
u->uh_dport = htons(9);
|
||||
u->uh_sum = 0;
|
||||
|
||||
nfd = initdevice(dev, u->uh_sport, 1);
|
||||
u->uh_sport = htons(u->uh_sport);
|
||||
u->uh_dport = htons(u->uh_dport);
|
||||
u->uh_ulen = 7168;
|
||||
u->uh_ulen = htons(7168);
|
||||
|
||||
printf("6. Exhaustive mbuf test.\n");
|
||||
printf(" Send 7k packet in 768 & 128 byte fragments, 128 times.\n");
|
||||
|
@ -1247,7 +1240,7 @@ int ptest;
|
|||
*/
|
||||
ip->ip_len = sizeof(*ip) + 768 + sizeof(*u);
|
||||
ip->ip_hl = sizeof(*ip) >> 2;
|
||||
ip->ip_off = IP_MF;
|
||||
ip->ip_off = htons(IP_MF);
|
||||
(void) send_ip(nfd, 1500, ip, gwip, 1);
|
||||
printf("%d %d\r", i, 0);
|
||||
fflush(stdout);
|
||||
|
@ -1256,7 +1249,7 @@ int ptest;
|
|||
* And again using 128 byte chunks.
|
||||
*/
|
||||
ip->ip_len = sizeof(*ip) + 128 + sizeof(*u);
|
||||
ip->ip_off = IP_MF;
|
||||
ip->ip_off = htons(IP_MF);
|
||||
(void) send_ip(nfd, 1500, ip, gwip, 1);
|
||||
printf("%d %d\r", i, 0);
|
||||
fflush(stdout);
|
||||
|
@ -1264,7 +1257,7 @@ int ptest;
|
|||
|
||||
for (j = 768; j < 3584; j += 768) {
|
||||
ip->ip_len = sizeof(*ip) + 768;
|
||||
ip->ip_off = IP_MF|(j>>3);
|
||||
ip->ip_off = htons(IP_MF|(j>>3));
|
||||
(void) send_ip(nfd, 1500, ip, gwip, 1);
|
||||
printf("%d %d\r", i, j);
|
||||
fflush(stdout);
|
||||
|
@ -1272,7 +1265,7 @@ int ptest;
|
|||
|
||||
ip->ip_len = sizeof(*ip) + 128;
|
||||
for (k = j - 768; k < j; k += 128) {
|
||||
ip->ip_off = IP_MF|(k>>3);
|
||||
ip->ip_off = htons(IP_MF|(k>>3));
|
||||
(void) send_ip(nfd, 1500, ip, gwip, 1);
|
||||
printf("%d %d\r", i, k);
|
||||
fflush(stdout);
|
||||
|
@ -1326,7 +1319,7 @@ int ptest;
|
|||
for (s = (u_char *)pip, j = 0; j < sizeof(tbuf); j++, s++)
|
||||
*s = (rand() >> 13) & 0xff;
|
||||
pip->ip_v = IPVERSION;
|
||||
pip->ip_off &= 0xc000;
|
||||
pip->ip_off &= htons(0xc000);
|
||||
bcopy((char *)&ip->ip_dst, (char *)&pip->ip_dst,
|
||||
sizeof(struct in_addr));
|
||||
pip->ip_sum = 0;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
.TH IPF 5
|
||||
.SH NAME
|
||||
ipf \- IP packet filter rule syntax
|
||||
ipf, ipf.conf \- IP packet filter rule syntax
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
A rule file for \fBipf\fP may have any name or even be stdin. As
|
||||
|
@ -477,8 +477,14 @@ Note, that if we wanted to say "port = telnet", "proto tcp" would
|
|||
need to be specified as the parser interprets each rule on its own and
|
||||
qualifies all service/port names with the protocol specified.
|
||||
.SH FILES
|
||||
/etc/services
|
||||
/dev/ipauth
|
||||
.br
|
||||
/dev/ipl
|
||||
.br
|
||||
/dev/ipstate
|
||||
.br
|
||||
/etc/hosts
|
||||
.br
|
||||
/etc/services
|
||||
.SH SEE ALSO
|
||||
ipf(8), ipftest(1), mkfilters(1), ipmon(8)
|
||||
ipftest(1), iptest(1), mkfilters(1), ipf(4), ipnat(5), ipf(8), ipfstat(8)
|
||||
|
|
|
@ -66,7 +66,7 @@ lists.
|
|||
.B \-I
|
||||
Set the list to make changes to the inactive list.
|
||||
.TP
|
||||
.B \-l \0<param>
|
||||
.B \-l \0<pass|block|nomatch>
|
||||
Use of the \fB-l\fP flag toggles default logging of packets. Valid
|
||||
arguments to this option are \fBpass\fP, \fBblock\fP and \fBnomatch\fP.
|
||||
When an option is set, any packet which exits filtering and matches the
|
||||
|
@ -106,12 +106,18 @@ display the statistics prior to them being zero'd.
|
|||
Zero global statistics held in the kernel for filtering only (this doesn't
|
||||
affect fragment or state statistics).
|
||||
.DT
|
||||
.SH FILES
|
||||
/dev/ipauth
|
||||
.br
|
||||
/dev/ipl
|
||||
.br
|
||||
/dev/ipstate
|
||||
.SH SEE ALSO
|
||||
ipfstat(8), ipftest(1), ipf(5), mkfilters(1)
|
||||
ipftest(1), mkfilters(1), ipf(4), ipl(4), ipf(5), ipfstat(8), ipmon(8), ipnat(8)
|
||||
.SH DIAGNOSTICS
|
||||
.PP
|
||||
Needs to be run as root for the packet filtering lists to actually
|
||||
be affected inside the kernel.
|
||||
.SH BUGS
|
||||
.PP
|
||||
If you find any, please send email to me at darrenr@cyber.com.au
|
||||
If you find any, please send email to me at darrenr@pobox.com
|
||||
|
|
|
@ -69,6 +69,10 @@ kernel.
|
|||
.SH FILES
|
||||
/dev/kmem
|
||||
.br
|
||||
/dev/ipl
|
||||
.br
|
||||
/dev/ipstate
|
||||
.br
|
||||
/vmunix
|
||||
.SH SEE ALSO
|
||||
ipf(8)
|
||||
|
|
|
@ -41,5 +41,7 @@ Remove matching NAT rules rather than add them to the internal lists
|
|||
.B \-v
|
||||
Turn verbose mode on. Displays information relating to rule processing.
|
||||
.DT
|
||||
.SH FILES
|
||||
/dev/ipnat
|
||||
.SH SEE ALSO
|
||||
ipfstat(1), ipftest(8), ipf(8), ipnat(5)
|
||||
ipnat(5), ipf(8), ipfstat(8)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
.TH IPNAT 5
|
||||
.SH NAME
|
||||
ipnat \- IP NAT file format
|
||||
ipnat, ipnat.conf \- IP NAT file format
|
||||
.SH DESCRIPTION
|
||||
The format for files accepted by ipnat is described by the following grammar:
|
||||
.LP
|
||||
|
@ -37,10 +37,10 @@ range of port numbers to remap into given as \fBport-number:port-number\fP.
|
|||
.SH Examples
|
||||
.PP
|
||||
To change IP#'s used internally from network 10 into an ISP provided 8 bit
|
||||
subnet at 209.1.2.0, the following would be used:
|
||||
subnet at 209.1.2.0 through the ppp0 interface, the following would be used:
|
||||
.LP
|
||||
.nf
|
||||
map 10.0.0.0/8 -> 209.1.2.0/24
|
||||
map ppp0 10.0.0.0/8 -> 209.1.2.0/24
|
||||
.fi
|
||||
.PP
|
||||
The obvious problem here is we're trying to squeeze over 16,000,000 IP
|
||||
|
@ -48,7 +48,7 @@ addresses into a 254 address space. To increase the scope, remapping for TCP
|
|||
and/or UDP, port remapping can be used;
|
||||
.LP
|
||||
.nf
|
||||
map 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000
|
||||
map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000
|
||||
.fi
|
||||
.PP
|
||||
which falls only 527,566 `addresses' short of the space available in network
|
||||
|
@ -56,15 +56,17 @@ which falls only 527,566 `addresses' short of the space available in network
|
|||
follows:
|
||||
.LP
|
||||
.nf
|
||||
map 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000
|
||||
map 10.0.0.0/8 -> 209.1.2.0/24
|
||||
map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000
|
||||
map ppp0 10.0.0.0/8 -> 209.1.2.0/24
|
||||
.fi
|
||||
.PP
|
||||
so that all TCP/UDP packets were port mapped and only other protocols, such as
|
||||
ICMP, only have their IP# changed.
|
||||
.SH FILES
|
||||
/dev/ipnat
|
||||
.br
|
||||
/etc/services
|
||||
.br
|
||||
/etc/hosts
|
||||
.SH SEE ALSO
|
||||
ipnat(1), ipf(5), ipnat(4)
|
||||
ipnat(4), hosts(5), ipf(5), services(5), ipf(8), ipnat(8)
|
||||
|
|
|
@ -27,6 +27,9 @@
|
|||
# include <sys/kernel.h>
|
||||
# ifdef DEVFS
|
||||
# include <sys/devfsext.h>
|
||||
# if defined(IPFILTER) && defined(_KERNEL)
|
||||
# include "opt_devfs.h"
|
||||
# endif
|
||||
# endif /*DEVFS*/
|
||||
#endif
|
||||
#include <sys/conf.h>
|
||||
|
@ -375,7 +378,8 @@ static void ipl_drvinit __P((void *unused))
|
|||
}
|
||||
}
|
||||
|
||||
# ifdef IPFILTER_LKM
|
||||
# if defined(IPFILTER_LKM) || \
|
||||
defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
|
||||
SYSINIT(ipldev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipl_drvinit,NULL)
|
||||
# endif /* IPFILTER_LKM */
|
||||
#endif /* _FreeBSD_version */
|
||||
|
|
|
@ -48,6 +48,9 @@
|
|||
#include "ip_compat.h"
|
||||
#include "ip_fil.h"
|
||||
|
||||
#if !defined(__NetBSD_Version__) || __NetBSD_Version__ < 103050000
|
||||
#define vn_lock(v,f) VOP_LOCK(v)
|
||||
#endif
|
||||
|
||||
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
|
||||
#define VOP_LEASE LEASE_CHECK
|
||||
|
@ -179,7 +182,7 @@ static int ipl_remove()
|
|||
if ((error = namei(&nd)))
|
||||
return (error);
|
||||
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
VOP_LOCK(nd.ni_vp);
|
||||
vn_lock(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY);
|
||||
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
|
||||
}
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] ="@(#)parse.c 1.44 6/5/96 (C) 1993-1996 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: parse.c,v 2.0.2.18.2.1 1997/11/20 12:43:49 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: parse.c,v 2.0.2.18.2.5 1998/05/23 19:20:33 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
extern struct ipopt_names ionames[], secclass[];
|
||||
|
@ -57,7 +57,7 @@ int icmpcode __P((char *)), addkeep __P((char ***, struct frentry *));
|
|||
int to_interface __P((frdest_t *, char *));
|
||||
void print_toif __P((char *, frdest_t *));
|
||||
void optprint __P((u_short, u_short, u_long, u_long));
|
||||
int countbits __P((u_long));
|
||||
int countbits __P((u_32_t));
|
||||
char *portname __P((int, int));
|
||||
|
||||
|
||||
|
@ -475,12 +475,21 @@ char *line;
|
|||
/*
|
||||
* lazy users...
|
||||
*/
|
||||
if (!fil.fr_proto && !(fil.fr_ip.fi_fl & FI_TCPUDP) &&
|
||||
(fil.fr_dcmp || fil.fr_scmp || fil.fr_tcpf)) {
|
||||
(void)fprintf(stderr,
|
||||
"no protocol given for TCP/UDP comparisons\n");
|
||||
if ((fil.fr_tcpf || fil.fr_tcpfm) && fil.fr_proto != IPPROTO_TCP) {
|
||||
(void)fprintf(stderr, "TCP protocol not specified\n");
|
||||
return NULL;
|
||||
}
|
||||
if (!(fil.fr_ip.fi_fl & FI_TCPUDP) && (fil.fr_proto != IPPROTO_TCP) &&
|
||||
(fil.fr_proto != IPPROTO_UDP) && (fil.fr_dcmp || fil.fr_scmp)) {
|
||||
if (!fil.fr_proto) {
|
||||
fil.fr_ip.fi_fl |= FI_TCPUDP;
|
||||
fil.fr_mip.fi_fl |= FI_TCPUDP;
|
||||
} else {
|
||||
(void)fprintf(stderr,
|
||||
"port comparisons for non-TCP/UDP\n");
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
/*
|
||||
if ((fil.fr_flags & FR_KEEPFRAG) &&
|
||||
(!(fil.fr_ip.fi_fl & FI_FRAG) || !(fil.fr_ip.fi_fl & FI_FRAG))) {
|
||||
|
@ -621,7 +630,7 @@ int *resolved;
|
|||
fprintf(stderr, "can't resolve hostname: %s\n", host);
|
||||
return 0;
|
||||
}
|
||||
return np->n_net;
|
||||
return htonl(np->n_net);
|
||||
}
|
||||
return *(u_32_t *)hp->h_addr;
|
||||
}
|
||||
|
@ -980,7 +989,6 @@ struct frentry *fp;
|
|||
fp->fr_proto = IPPROTO_ICMP;
|
||||
if (isdigit(***cp)) {
|
||||
i = atoi(**cp);
|
||||
(*cp)++;
|
||||
} else {
|
||||
for (t = icmptypes, i = 0; ; t++, i++) {
|
||||
if (!*t)
|
||||
|
@ -1082,9 +1090,9 @@ struct frentry *fp;
|
|||
* of bits.
|
||||
*/
|
||||
int countbits(ip)
|
||||
u_long ip;
|
||||
u_32_t ip;
|
||||
{
|
||||
u_long ipn;
|
||||
u_32_t ipn;
|
||||
int cnt = 0, i, j;
|
||||
|
||||
ip = ipn = ntohl(ip);
|
||||
|
|
|
@ -48,7 +48,7 @@ pass out quick on lo0 all
|
|||
#
|
||||
block in log quick from 10.0.0.0/8 to any group 100
|
||||
block in log quick from 192.168.0.0/16 to any group 100
|
||||
block in log quick from 172.16.0.0/16 to any group 100
|
||||
block in log quick from 172.16.0.0/12 to any group 100
|
||||
#
|
||||
# Prevent IP spoofing.
|
||||
#
|
||||
|
|
|
@ -33,7 +33,7 @@ block out log on ed0 all head 250
|
|||
#
|
||||
block in log quick from 10.0.0.0/8 to any group 100
|
||||
block in log quick from 192.168.0.0/16 to any group 100
|
||||
block in log quick from 172.16.0.0/16 to any group 100
|
||||
block in log quick from 172.16.0.0/12 to any group 100
|
||||
#
|
||||
# Prevent IP spoofing.
|
||||
#
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* to the original author and the contributors.
|
||||
*/
|
||||
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
|
||||
#pragma ident "@(#)$Id: solaris.c,v 2.0.2.22.2.2 1997/11/24 06:15:52 darrenr Exp $";
|
||||
#pragma ident "@(#)$Id: solaris.c,v 2.0.2.22.2.4 1998/02/28 02:35:21 darrenr Exp $";
|
||||
|
||||
#include <sys/systm.h>
|
||||
#include <sys/types.h>
|
||||
|
@ -190,15 +190,16 @@ static int ipf_attach(dip, cmd)
|
|||
dev_info_t *dip;
|
||||
ddi_attach_cmd_t cmd;
|
||||
{
|
||||
#ifdef IPFDEBUG
|
||||
int instance;
|
||||
|
||||
#ifdef IPFDEBUG
|
||||
cmn_err(CE_NOTE, "IP Filter: ipf_attach(%x,%x)", dip, cmd);
|
||||
#endif
|
||||
switch (cmd) {
|
||||
case DDI_ATTACH:
|
||||
instance = ddi_get_instance(dip);
|
||||
#ifdef IPFDEBUG
|
||||
instance = ddi_get_instance(dip);
|
||||
|
||||
cmn_err(CE_NOTE, "IP Filter: attach ipf instance %d", instance);
|
||||
#endif
|
||||
if (ddi_create_minor_node(dip, "ipf", S_IFCHR, IPL_LOGIPF,
|
||||
|
@ -895,7 +896,7 @@ void solattach()
|
|||
* Activate any rules directly associated with this interface
|
||||
*/
|
||||
mutex_enter(&ipf_mutex);
|
||||
for (f = ipfilter[0][0]; f; f = f->fr_next) {
|
||||
for (f = ipfilter[0][fr_active]; f; f = f->fr_next) {
|
||||
if ((f->fr_ifa == (struct ifnet *)-1)) {
|
||||
len = strlen(f->fr_ifname)+1; /* includes \0 */
|
||||
if (len && (len == il->ill_name_length) &&
|
||||
|
@ -903,7 +904,7 @@ void solattach()
|
|||
f->fr_ifa = il;
|
||||
}
|
||||
}
|
||||
for (f = ipfilter[1][0]; f; f = f->fr_next) {
|
||||
for (f = ipfilter[1][fr_active]; f; f = f->fr_next) {
|
||||
if ((f->fr_ifa == (struct ifnet *)-1)) {
|
||||
len = strlen(f->fr_ifname)+1; /* includes \0 */
|
||||
if (len && (len == il->ill_name_length) &&
|
||||
|
@ -996,10 +997,10 @@ int ipfsync()
|
|||
np->in_ifp = (struct ifnet *)-1;
|
||||
mutex_exit(&ipf_nat);
|
||||
mutex_enter(&ipf_mutex);
|
||||
for (f = ipfilter[0][0]; f; f = f->fr_next)
|
||||
for (f = ipfilter[0][fr_active]; f; f = f->fr_next)
|
||||
if (f->fr_ifa == (void *)qif->qf_ill)
|
||||
f->fr_ifa = (struct ifnet *)-1;
|
||||
for (f = ipfilter[1][0]; f; f = f->fr_next)
|
||||
for (f = ipfilter[1][fr_active]; f; f = f->fr_next)
|
||||
if (f->fr_ifa == (void *)qif->qf_ill)
|
||||
f->fr_ifa = (struct ifnet *)-1;
|
||||
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
in tcp 1.1.1.1,1 2.1.2.2,23 S
|
||||
in tcp 1.1.1.1,1 2.1.2.2,23 A
|
||||
in tcp 2.1.2.2,23 1.1.1.1,1 A
|
||||
in tcp 1.1.1.1,1 2.1.2.2,23 F
|
||||
in tcp 1.1.1.1,1 2.1.2.2,23 A
|
||||
in tcp 1.1.1.1,2 2.1.2.2,23 A
|
||||
in udp 1.1.1.1,1 4.4.4.4,53
|
||||
in udp 2.2.2.2,2 4.4.4.4,53
|
||||
in udp 4.4.4.4,53 1.1.1.1,1
|
||||
in udp 4.4.4.4,1023 1.1.1.1,2049
|
||||
in udp 4.4.4.4,2049 1.1.1.1,1023
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 S
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
|
||||
in on e1 tcp 2.1.2.2,23 1.1.1.1,1 A
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 F
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
|
||||
in on e0 tcp 1.1.1.1,2 2.1.2.2,23 A
|
||||
in on e1 udp 1.1.1.1,1 4.4.4.4,53
|
||||
in on e1 udp 2.2.2.2,2 4.4.4.4,53
|
||||
in on e0 udp 4.4.4.4,53 1.1.1.1,1
|
||||
in on e0 udp 4.4.4.4,1023 1.1.1.1,2049
|
||||
in on e0 udp 4.4.4.4,2049 1.1.1.1,1023
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
block in from any to any and not ipopts
|
||||
pass in from any to any and not opt sec-class topsecret
|
||||
block in from any to any and not opt ssrr,sec-class topsecret
|
||||
pass in from any to any and not opt ssrr,sec-class topsecret
|
||||
block in from any to any and not opt ts,sec-class topsecret
|
||||
pass in from any to any and not opt ts,sec-class topsecret
|
||||
block in from any to any and not opt sec-class secret
|
||||
pass in from any to any and not opt sec-class secret
|
||||
block in from any to any and not opt lsrr,ssrr
|
||||
pass in from any to any and not opt lsrr,ssrr
|
||||
pass in from any to any and not ipopts
|
||||
block in from any to any and not opt lsrr
|
||||
pass in from any to any and not opt lsrr
|
||||
block in from any to any and not opt ssrr,ts
|
||||
pass in from any to any and not opt ssrr,ts
|
||||
block in from any to any and not opt rr
|
||||
pass in from any to any and not opt rr
|
||||
block in from any to any and not opt sec-class topsecret
|
||||
block in from any to any with not ipopts
|
||||
pass in from any to any with not opt sec-class topsecret
|
||||
block in from any to any with not opt ssrr,sec-class topsecret
|
||||
pass in from any to any with not opt ssrr,sec-class topsecret
|
||||
block in from any to any with not opt ts,sec-class topsecret
|
||||
pass in from any to any with not opt ts,sec-class topsecret
|
||||
block in from any to any with not opt sec-class secret
|
||||
pass in from any to any with not opt sec-class secret
|
||||
block in from any to any with not opt lsrr,ssrr
|
||||
pass in from any to any with not opt lsrr,ssrr
|
||||
pass in from any to any with not ipopts
|
||||
block in from any to any with not opt lsrr
|
||||
pass in from any to any with not opt lsrr
|
||||
block in from any to any with not opt ssrr,ts
|
||||
pass in from any to any with not opt ssrr,ts
|
||||
block in from any to any with not opt rr
|
||||
pass in from any to any with not opt rr
|
||||
block in from any to any with not opt sec-class topsecret
|
||||
|
|
|
@ -34,3 +34,8 @@ done
|
|||
* ipfsync() should change IP#'s in current mappings as well as what's
|
||||
in rules.
|
||||
|
||||
document bimap
|
||||
|
||||
document NAT rule order processing
|
||||
|
||||
add more docs
|
||||
|
|
Loading…
Reference in New Issue