d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r80486,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Darren Reed 2001-07-28 11:59:33 +00:00
commit 7d3ce0223a
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=80487
69 changed files with 925 additions and 515 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/ipfilter/BNF
View File

@ -17,7 +17,7 @@ log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
call = "call" [ "now" ] function-name .
skip = "skip" decnumber .
dup = "dup-to" interface-name[":"ipaddr] .
froute = "fastroute" | "to" interface-name .
froute = "fastroute" | "to" interface-name [ ":" ipaddr ] .
protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber .
srcdst = "all" | fromto .
fromto = "from" object "to" object .

115
contrib/ipfilter/HISTORY
View File

@ -22,6 +22,121 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
3.4.20 24/07/2001 - Released
adjust NAT hashing to give a better spread across the table
show icmp code/type names in output, where known
fix bug in altering cached interface names in state when resync'ing
fix bug in real audio proxy that caused crashs
fix compiling using sunos4 cc
patch from casper to address weird exit problem for ipstat in top mode
patch from Greg Woods to produce names for icmp types/unreach codes,
where they are known
fix bug where ipfr_fastroute() would use a mblk and it would also get
freed later.
don't match fragments which would cause 64k length to be exceeded
ftp proxy fix for port numbers being setup for pasv ftp with state/nat
change hashing for NAT to include both IP#'s and ports.
Solaris fixes for IPv6
fix compiling iplang bits, under Solaris, for ipsend
3.4.19 29/06/2001 - Released
fix to support suspend/resume on solaris8 as well as ipv6
include group/group-head in match of filter rules
fix endian problem reading snoop files
make all licence comments point to the one place
fix ftp proxy to only advance state if a reply is received in response to
a recognised command
3.4.18 05/06/2001 - Released
fix up parsing of "from ! host" where '!' is separate
disable hardware checksums for NetBSD
put ipftest temporary files in . rather than /tmp
modify ftp proxy to be more intelligent about moving between states
and recognise new authentication commands
allow state/nat table sizes to be externally influenced
print out host mapping table for NAT with ipnat -l
fix handling of hardware checksum'ing on Solaris
fixup makefiles for Solaris
update regression tests
fix surrender of SPL's for failure cases
include patches for OpenBSD's new timeout mechanism
default ipl_unreach to ICMP_UNREACH_FILTER_PROHIB if defined, else make it
ICMP_UNREACH_FILTER
fix up handling of packets matching auth rules and interaction with state
add -q command line option to ipfstat on Solaris to list bound interfaces
add command line option to ipfstat/ipnat to select different core image
don't use ncurses on Solaris for STATETOP
fix includes to get FreeBSD version
do not byte swap ip_id
fix handling success for packets matching the auth rule
don't double-count short packets
add ICMP router discovery message size recognition
fix packet length calculation for IPv6
set CPUDIR when for install-sunos5 make target
SUNWspro -xF causes Solaris 2.5.1 kernel to crash
3.4.17 06/04/2001 - Released
fix fragment#0 handling bug where they could get in via cache information
created by state table entries
use ire_walk to look for ire cache entries with link layer headers cached
deal with bad SPL assumptions for log reading on BSD
fix ftp proxy to allow logins with passwords
some auth rule patches, fixing byte endian problems and returning as an error
support LOG_SECURITY, where available, in ipmon
don't return an error for packets which match auth rules
introduce fr_icmpacktimeout to timeout entries once an ICMP reply has
been seen separately to when created
3.4.16 15/01/2001 - Released
fix race condition in flushing of state entries that are timing out

35
contrib/ipfilter/IMPORTANT
View File

@ -3,41 +3,6 @@
****************************************
1)
If you're using this software and have a rule which ends like this:
flags S
(for TCP), then to make it totally effective, you need to change it to appear
as follows:
flags S/SA
The problem is that the old code would compare all the TCP flags against the
rule (which just has "S") to see if that matched exactly. It is very possible
for this to not be the case and in these cases, the rule would fail to match
a 'valid' TCP SYN packet.
Why does it need to be "S/SA" and not "S/S" ?
"S/S" will match the SYN-ACK as well the SYN.
By defalt, "flags S" will now be converted to "flags S/AUPRFS".
If you have any queries regarding this, see the examples and ipf(4).
If you still have a query or suggestion, please email me.
2)
If a filter rule used, in combination port comparisons and the flags
keywords, a "short" TCP packet, if not explicitly blocked high up in
the list of packets, would actually get matched even though it would
otherwise not have been (due to the ports not). This behaviour has
subsequently been fixed.
3)
If you have BOTH GNU make and the normal make shipped with your system,
DO NOT use the GNU make to build this package.

11
contrib/ipfilter/Makefile
View File

@ -1,11 +1,9 @@
#
# Copyright (C) 1993-2000 by Darren Reed.
# Copyright (C) 1993-2001 by Darren Reed.
#
# Redistribution and use in source and binary forms are permitted
# provided that this notice is preserved and due credit is given
# to the original author and the contributors.
# See the IPFILTER.LICENCE file for details on licencing.
#
# $Id: Makefile,v 2.11.2.6 2000/12/17 12:43:15 darrenr Exp $
# $Id: Makefile,v 2.11.2.8 2001/06/26 10:43:10 darrenr Exp $
#
BINDEST=/usr/local/bin
SBINDEST=/sbin
@ -19,6 +17,7 @@ TOP=../..
CFLAGS=-I$$(TOP)
CPU=`uname -m`
CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`
IPFILKERN=`/bin/ls -1tr /usr/src/sys/compile | grep -v .bak | tail -1`
#
# To enable this to work as a Loadable Kernel Module...
#
@ -262,7 +261,7 @@ install-sunos4: solaris
(cd SunOS4; $(MAKE) "CPU=$(CPU) TOP=.." install)
install-sunos5: solaris
(cd SunOS5; $(MAKE) "CPU=$(CPU) TOP=.." install)
(cd SunOS5; $(MAKE) "CPUDIR=`uname -p`-`uname -r`" "CPU=$(CPU) TOP=.." install)
install-irix: irix
(cd IRIX; smake install "CPU=$(CPU) TOP=.." $(DEST) $(MFLAGS))

6
contrib/ipfilter/common.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)

1
contrib/ipfilter/etc/services
View File

@ -2360,6 +2360,7 @@ dpserve 7020/udp # DP Serve
dpserveadmin 7021/tcp # DP Serve Admin
dpserveadmin 7021/udp # DP Serve Admin
arcp 7070/tcp # ARCP
raudio 7070/tcp # Real Audio
arcp 7070/udp # ARCP
clutild 7174/tcp # Clutild
clutild 7174/udp # Clutild

15
contrib/ipfilter/facpri.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <string.h>
@ -18,8 +16,12 @@
#include <syslog.h>
#include "facpri.h"
#ifndef __STDC__
# define const
#endif
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: facpri.c,v 1.3 2000/03/13 22:10:18 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: facpri.c,v 1.3.2.4 2001/07/15 22:06:12 darrenr Exp $";
#endif
typedef struct table {
@ -54,6 +56,9 @@ table_t facs[] = {
{ "cron", LOG_CRON2 },
#else
{ "cron2", LOG_CRON2 },
#endif
#ifdef LOG_SECURITY
{ "security", LOG_SECURITY },
#endif
{ "local0", LOG_LOCAL0 }, { "local1", LOG_LOCAL1 },
{ "local2", LOG_LOCAL2 }, { "local3", LOG_LOCAL3 },

8
contrib/ipfilter/facpri.h
View File

@ -1,10 +1,8 @@
/*
* Copyright (C) 1999-2000 by Darren Reed.
* Copyright (C) 1999-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* $Id: facpri.h,v 1.3 2000/03/13 22:10:18 darrenr Exp $
* See the IPFILTER.LICENCE file for details on licencing.
* $Id: facpri.h,v 1.3.2.1 2001/06/26 10:43:11 darrenr Exp $
*/
#ifndef __FACPRI_H__

197
contrib/ipfilter/fils.c
View File

@ -1,12 +1,16 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
# include <osreldate.h>
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#include <stdio.h>
#include <string.h>
@ -25,10 +29,6 @@
#include <fcntl.h>
#include <stddef.h>
#include <nlist.h>
#ifdef STATETOP
#include <ctype.h>
#include <ncurses.h>
#endif
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
@ -56,8 +56,17 @@
#include "netinet/ip_state.h"
#include "netinet/ip_auth.h"
#ifdef STATETOP
#include "netinet/ipl.h"
#endif
# include "netinet/ipl.h"
# include <ctype.h>
# if SOLARIS
# ifdef ERR
# undef ERR
# endif
# include <curses.h>
# else /* SOLARIS */
# include <ncurses.h>
# endif /* SOLARIS */
#endif /* STATETOP */
#include "kmem.h"
#if defined(__NetBSD__) || (__OpenBSD__)
# include <paths.h>
@ -65,10 +74,11 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.7 2000/12/02 00:13:56 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.17 2001/07/19 12:24:09 darrenr Exp $";
#endif
extern char *optarg;
extern int optind;
#define PRINTF (void)printf
#define FPRINTF (void)fprintf
@ -86,6 +96,7 @@ int use_inet6 = 0;
#ifdef STATETOP
#define STSTRSIZE 80
#define STGROWSIZE 16
#define HOSTNMLEN 40
#define STSORT_PR 0
#define STSORT_PKTS 1
@ -128,6 +139,9 @@ static int sort_pkts __P((const void *, const void *));
static int sort_bytes __P((const void *, const void *));
static int sort_ttl __P((const void *, const void *));
#endif
#if SOLARIS
void showqiflist __P((char *));
#endif
static char *hostname(v, ip)
int v;
@ -160,7 +174,11 @@ char *name;
#else
fprintf(stderr, "Usage: %s [-aAfhIinosv] [-d <device>]\n", name);
#endif
fprintf(stderr, " %s -t [-S source address] [-D destination address] [-P protocol] [-T refreshtime] [-C] [-d <device>]\n", name);
fprintf(stderr, "\t\t[-M corefile]");
#if SOLARIS
fprintf(stderr, " [-N symbol-list]");
#endif
fprintf(stderr, "\n %s -t [-S source address] [-D destination address] [-P protocol] [-T refreshtime] [-C] [-d <device>]\n", name);
exit(1);
}
@ -177,8 +195,11 @@ char *argv[];
ips_stat_t *ipsstp = &ipsst;
ipfrstat_t ifrst;
ipfrstat_t *ifrstp = &ifrst;
char *name = NULL, *device = IPL_NAME;
int c, fd;
char *name = NULL, *device = IPL_NAME, *memf = NULL;
#if SOLARIS
char *kern = NULL;
#endif
int c, fd, myoptind;
struct protoent *proto;
int protocol = -1; /* -1 = wild card for any protocol */
@ -190,13 +211,50 @@ char *argv[];
saddr.s_addr = INADDR_ANY; /* default any source addr */
daddr.s_addr = INADDR_ANY; /* default any dest addr */
if (openkmem() == -1)
/*
* Parse these two arguments now lest there be any buffer overflows
* in the parsing of the rest.
*/
myoptind = optind;
#if SOLARIS
while ((c = getopt(argc, argv, "6aACfghIilnoqstvd:D:M:N:P:S:T:")) != -1)
#else
while ((c = getopt(argc, argv, "6aACfghIilnoqstvd:D:M:P:S:T:")) != -1)
#endif
switch (c)
{
case 'M' :
memf = optarg;
break;
#if SOLARIS
case 'N' :
kern = optarg;
break;
#endif
}
optind = myoptind;
#if SOLARIS
if (kern != NULL || memf != NULL)
#else
if (memf != NULL)
#endif
{
(void)setuid(getuid());
(void)setgid(getgid());
}
if (openkmem(memf) == -1)
exit(-1);
(void)setuid(getuid());
(void)setgid(getgid());
while ((c = getopt(argc, argv, "6aACfghIilnostvd:D:P:S:T:")) != -1)
#if SOLARIS
while ((c = getopt(argc, argv, "6aACfghIilnoqstvd:D:M:N:P:S:T:")) != -1)
#else
while ((c = getopt(argc, argv, "6aACfghIilnostvd:D:M:P:S:T:")) != -1)
#endif
{
switch (c)
{
@ -207,8 +265,7 @@ char *argv[];
#endif
case 'a' :
opts |= OPT_ACCNT|OPT_SHOWLIST;
break;
case 'A' :
break; case 'A' :
device = IPAUTH_NAME;
opts |= OPT_AUTHSTATS;
break;
@ -239,6 +296,10 @@ char *argv[];
case 'l' :
opts |= OPT_SHOWLIST;
break;
case 'M' :
break;
case 'N' :
break;
case 'n' :
opts |= OPT_SHOWLINENO;
break;
@ -255,6 +316,12 @@ char *argv[];
exit(-2);
}
break;
#if SOLARIS
case 'q' :
showqiflist(kern);
exit(0);
break;
#endif
case 's' :
opts |= OPT_IPSTATES;
break;
@ -653,13 +720,52 @@ ips_stat_t *ipsp;
PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n",
ips.is_secmsk, ips.is_sec, ips.is_authmsk,
ips.is_auth);
PRINTF("interfaces: in %s[%p] ",
PRINTF("\tinterfaces: in %s[%p] ",
get_ifname(ips.is_ifpin), ips.is_ifpin);
PRINTF("out %s[%p]\n",
get_ifname(ips.is_ifpout), ips.is_ifpout);
}
}
#if SOLARIS
void showqiflist(kern)
char *kern;
{
struct nlist qifnlist[2] = {
{ "qif_head" },
{ NULL }
};
qif_t qif, *qf;
if (kern == NULL)
kern = "/dev/ksyms";
if (nlist(kern, qifnlist) == -1) {
fprintf(stderr, "nlist error\n");
return;
}
printf("List of interfaces bound by IPFilter:\n");
if (kmemcpy((char *)&qf, (u_long)qifnlist[0].n_value, sizeof(qf)))
return;
while (qf) {
if (kmemcpy((char *)&qif, (u_long)qf, sizeof(qif)))
break;
printf("\tName: %-8s Header Length: %2d SAP: %s (%04x)\n",
qif.qf_name, qif.qf_hl,
#ifdef IP6_DL_SAP
(qif.qf_sap == IP6_DL_SAP) ? "IPv6" : "IPv4"
#else
"IPv4"
#endif
, qif.qf_sap);
qf = qif.qf_next;
}
}
#endif
#ifdef STATETOP
static void topipstates(fd, saddr, daddr, sport, dport, protocol,
refreshtime, topclosed)
@ -679,9 +785,10 @@ int topclosed;
ips_stat_t ipsst, *ipsstp = &ipsst;
statetop_t *tstable = NULL, *tp;
struct timeval selecttimeout;
char hostnm[HOSTNMLEN];
struct protoent *proto;
fd_set readfd;
char c = '\0';
int c = 0;
time_t t;
/* open state device */
@ -694,7 +801,10 @@ int topclosed;
initscr();
cbreak();
noecho();
nodelay(stdscr, 1);
/* init hostname */
gethostname(hostnm, sizeof(hostnm) - 1);
hostnm[sizeof(hostnm) - 1] = '\0';
/* repeat until user aborts */
while ( 1 ) {
@ -799,8 +909,8 @@ int topclosed;
attron(A_BOLD);
winx = 0;
move(winx,0);
sprintf(str1, "%s - state top", IPL_VERSION);
for(j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++)
sprintf(str1, "%s - %s - state top", hostnm, IPL_VERSION);
for (j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++)
printw(" ");
printw("%s", str1);
attroff(A_BOLD);
@ -873,7 +983,9 @@ int topclosed;
if (reverse)
tp += tsentry;
for(i = 0; i <= tsentry; i++) {
if (tsentry > maxy - 6)
tsentry = maxy - 6;
for (i = 0; i <= tsentry; i++) {
/* print src/dest and port */
if ((tp->st_p == IPPROTO_TCP) ||
(tp->st_p == IPPROTO_UDP)) {
@ -938,22 +1050,25 @@ int topclosed;
select(1, &readfd, NULL, NULL, &selecttimeout);
/* if key pressed, read all waiting keys */
if (FD_ISSET(0, &readfd))
while ((c = wgetch(stdscr)) != ERR) {
if (tolower(c) == 'l') {
redraw = 1;
} else if (tolower(c) == 'q') {
nocbreak();
endwin();
exit(0);
} else if (tolower(c) == 'r') {
reverse = !reverse;
} else if (tolower(c) == 's') {
sorting++;
if (sorting > STSORT_MAX)
sorting = 0;
}
if (FD_ISSET(0, &readfd)) {
c = wgetch(stdscr);
if (c == ERR)
continue;
if (tolower(c) == 'l') {
redraw = 1;
} else if (tolower(c) == 'q') {
nocbreak();
endwin();
exit(0);
} else if (tolower(c) == 'r') {
reverse = !reverse;
} else if (tolower(c) == 's') {
sorting++;
if (sorting > STSORT_MAX)
sorting = 0;
}
}
} /* while */
close(sfd);

19
contrib/ipfilter/inet_addr.c
View File

@ -52,10 +52,20 @@
* -
* --Copyright--
*/
#ifdef __STDC__
# ifndef __P
# define __P(x) x
# endif
#else
# undef __P
# define __P(x) ()
# undef const
# define const
#endif
#if !defined(lint)
static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1 1999/08/04 17:29:54 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1.4.1 2001/07/15 22:06:14 darrenr Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
@ -63,13 +73,6 @@ static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1 1999/08/04 17:29:54 darr
#include <arpa/inet.h>
#include <ctype.h>
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
int inet_aton __P((const char *, struct in_addr *));
/*

14
contrib/ipfilter/ip_lfil.c
View File

@ -1,12 +1,10 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6 2000/03/13 22:10:21 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.2 2001/07/18 14:57:09 darrenr Exp $";
#endif
#if defined(KERNEL) && !defined(_KERNEL)
@ -337,7 +335,7 @@ int iplioctl(dev_t dev, int cmd, caddr_t data, int mode)
break;
}
case SIOCATHST :
error = fr_auth_ioctl(data, cmd, NULL, NULL);
error = fr_auth_ioctl(data, mode, cmd, NULL, NULL);
break;
case SIOCFRSYN :
if (!(mode & FWRITE))
@ -484,7 +482,7 @@ caddr_t data;
if (fg && fg->fg_head)
fg->fg_head->fr_ref--;
if (unit == IPL_LOGAUTH)
return fr_auth_ioctl(data, req, f, ftail);
return fr_auth_ioctl(data, mode, req, f, ftail);
if (f->fr_grhead)
fr_delgroup((u_int)f->fr_grhead, fp->fr_flags,
unit, set);
@ -497,7 +495,7 @@ caddr_t data;
error = EEXIST;
else {
if (unit == IPL_LOGAUTH)
return fr_auth_ioctl(data, req, f, ftail);
return fr_auth_ioctl(data, mode, req, f, ftail);
KMALLOC(f, frentry_t *);
if (f != NULL) {
if (fg && fg->fg_head)

20
contrib/ipfilter/ip_sfil.c
View File

@ -1,15 +1,13 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
* I hate legaleese, don't you ?
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.9 2000/11/12 11:55:17 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.12 2001/07/18 14:57:09 darrenr Exp $";
#endif
#include <sys/types.h>
@ -197,7 +195,7 @@ int *rp;
return error;
}
if (unit == IPL_LOGAUTH) {
error = fr_auth_ioctl((caddr_t)data, cmd, NULL, NULL);
error = fr_auth_ioctl((caddr_t)data, mode, cmd, NULL, NULL);
RWLOCK_EXIT(&ipf_solaris);
return error;
}
@ -458,6 +456,7 @@ caddr_t data;
}
fdp = &fp->fr_dif;
fdp->fd_mp = NULL;
fp->fr_flags &= ~FR_DUP;
if (*fdp->fd_ifname) {
ill = get_unit(fdp->fd_ifname, (int)fp->fr_v);
@ -491,6 +490,7 @@ caddr_t data;
}
fdp = &fp->fr_tif;
fdp->fd_mp = NULL;
if (*fdp->fd_ifname) {
ill = get_unit(fdp->fd_ifname, (int)fp->fr_v);
if (!ill)
@ -577,10 +577,6 @@ caddr_t data;
}
if (fg && fg->fg_head)
fg->fg_head->fr_ref--;
if (unit == IPL_LOGAUTH) {
error = fr_auth_ioctl(data, req, fp, ftail);
goto out;
}
if (f->fr_grhead)
fr_delgroup(f->fr_grhead, fp->fr_flags,
unit, set);
@ -594,10 +590,6 @@ caddr_t data;
if (f) {
error = EEXIST;
} else {
if (unit == IPL_LOGAUTH) {
error = fr_auth_ioctl(data, req, fp, ftail);
goto out;
}
KMALLOC(f, frentry_t *);
if (f != NULL) {
if (fg && fg->fg_head)

46
contrib/ipfilter/ipf.c
View File

@ -1,12 +1,16 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
# include <osreldate.h>
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#include <stdio.h>
#include <unistd.h>
@ -43,7 +47,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.5 2000/10/25 10:37:11 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.10 2001/07/18 11:34:19 darrenr Exp $";
#endif
#if SOLARIS
@ -74,13 +78,19 @@ static void closedevice __P((void));
static char *getline __P((char *, size_t, FILE *, int *));
static char *ipfname = IPL_NAME;
static void usage __P((void));
static void showversion __P((void));
static int showversion __P((void));
static int get_flags __P((void));
#if SOLARIS
# define OPTS "6AdDEf:F:Il:noPrsUvVyzZ"
#else
# define OPTS "6AdDEf:F:Il:noPrsvVyzZ"
#endif
static void usage()
{
fprintf(stderr, "usage: ipf [-6AdDEInoPrsUvVyzZ] %s %s %s\n",
fprintf(stderr, "usage: ipf [-%s] %s %s %s\n", OPTS,
"[-l block|pass|nomatch]", "[-F i|o|a|s|S]", "[-f filename]");
exit(1);
}
@ -92,11 +102,9 @@ char *argv[];
{
int c;
while ((c = getopt(argc, argv, "6AdDEf:F:Il:noPrsUvVyzZ")) != -1) {
while ((c = getopt(argc, argv, OPTS)) != -1) {
switch (c)
{
case '?' :
usage();
#ifdef USE_INET6
case '6' :
use_inet6 = 1;
@ -146,10 +154,11 @@ char *argv[];
break;
#endif
case 'v' :
opts |= OPT_VERBOSE;
opts += OPT_VERBOSE;
break;
case 'V' :
showversion();
if (showversion())
exit(1);
break;
case 'y' :
frsync();
@ -160,6 +169,9 @@ char *argv[];
case 'Z' :
zerostats();
break;
default :
usage();
break;
}
}
@ -553,7 +565,7 @@ static void blockunknown()
#endif
static void showversion()
static int showversion()
{
struct friostat fio;
struct friostat *fiop=&fio;
@ -565,13 +577,13 @@ static void showversion()
if ((vfd = open(ipfname, O_RDONLY)) == -1) {
perror("open device");
return;
return 1;
}
if (ioctl(vfd, SIOCGETFS, &fiop)) {
perror("ioctl(SIOCGETFS)");
close(vfd);
return;
return 1;
}
close(vfd);
flags = get_flags();
@ -610,4 +622,6 @@ static void showversion()
s = "nomatch -> block";
printf("%s all, Logging: %savailable\n", s, fio.f_logging ? "" : "un");
printf("Active list: %d\n", fio.f_active);
return 0;
}

8
contrib/ipfilter/ipf.h
View File

@ -1,12 +1,10 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipf.h 1.12 6/5/96
* $Id: ipf.h,v 2.9.2.2 2000/05/06 11:20:20 darrenr Exp $
* $Id: ipf.h,v 2.9.2.3 2001/06/26 10:43:18 darrenr Exp $
*/
#ifndef __IPF_H__

19
contrib/ipfilter/ipfs.c
View File

@ -1,12 +1,16 @@
/*
* Copyright (C) 1999 by Darren Reed.
* Copyright (C) 1999-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
# include <osreldate.h>
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#include <stdio.h>
#include <unistd.h>
@ -41,7 +45,7 @@
#include "ipf.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.3 2001/01/10 06:20:12 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.7 2001/06/26 10:43:18 darrenr Exp $";
#endif
#ifndef IPF_SAVEDIR
@ -532,6 +536,7 @@ char *file;
}
bzero((char *)&ipn, sizeof(ipn));
ipnp = &ipn;
/*
* 1. Read all state information in.
@ -573,7 +578,7 @@ char *file;
}
} else
in = (nat_save_t *)malloc(sizeof(*in));
bcopy((char *)&ipnp, (char *)in, sizeof(ipn));
bcopy((char *)ipnp, (char *)in, sizeof(ipn));
/*
* Check to see if this is the first state entry that will

8
contrib/ipfilter/ipft_ef.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
@ -51,7 +49,7 @@ etherfind -n -t
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $";
#endif
static int etherf_open __P((char *));

8
contrib/ipfilter/ipft_hx.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1995-2000 by Darren Reed.
* Copyright (C) 1995-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <ctype.h>
@ -42,7 +40,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $";
#endif
extern int opts;

17
contrib/ipfilter/ipft_pc.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <string.h>
@ -33,7 +31,7 @@
#include "ipt.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 2.2.2.2 2001/06/26 10:43:18 darrenr Exp $";
#endif
struct llc {
@ -46,7 +44,7 @@ struct llc {
* While many of these maybe the same, some do have different header formats
* which make this useful.
*/
#define DLT_MAX 10
#define DLT_MAX 14
static struct llc llcs[DLT_MAX+1] = {
{ 0, 0, 0 }, /* DLT_NULL */
@ -59,7 +57,10 @@ static struct llc llcs[DLT_MAX+1] = {
{ 0, 0, 0 }, /* DLT_ARCNET */
{ 0, 0, 0 }, /* DLT_SLIP */
{ 0, 0, 0 }, /* DLT_PPP */
{ 0, 0, 0 } /* DLT_FDDI */
{ 0, 0, 0 }, /* DLT_FDDI */
{ 0, 0, 0 }, /* DLT_ATMRFC1483 */
{ 0, 0, 0 }, /* DLT_LOOP */
{ 0, 0, 0 } /* DLT_ENC */
};
static int pcap_open __P((char *));
@ -114,7 +115,7 @@ char *fname;
swap_hdr(&ph);
}
if (ph.pc_v_maj != PCAP_VERSION_MAJ || ph.pc_type > DLT_MAX) {
if (ph.pc_v_maj != PCAP_VERSION_MAJ || ph.pc_type >= DLT_MAX) {
(void) close(fd);
return -2;
}

31
contrib/ipfilter/ipft_sn.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
@ -37,7 +35,7 @@
#include "ipt.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 2.2.2.2 2001/06/26 10:43:18 darrenr Exp $";
#endif
struct llc {
@ -78,6 +76,7 @@ char *fname;
{
struct snoophdr sh;
int fd;
int s_v;
if (sfd != -1)
return sfd;
@ -90,16 +89,18 @@ char *fname;
if (read(fd, (char *)&sh, sizeof(sh)) != sizeof(sh))
return -2;
if (sh.s_v != SNOOP_VERSION ||
sh.s_type < 0 || sh.s_type > SDL_MAX) {
s_v = (int)ntohl(sh.s_v);
s_type = (int)ntohl(sh.s_type);
if (s_v != SNOOP_VERSION ||
s_type < 0 || s_type > SDL_MAX) {
(void) close(fd);
return -2;
}
sfd = fd;
s_type = sh.s_type;
printf("opened snoop file %s:\n", fname);
printf("\tid: %8.8s version: %d type: %d\n", sh.s_id, sh.s_v, s_type);
printf("\tid: %8.8s version: %d type: %d\n", sh.s_id, s_v, s_type);
return fd;
}
@ -118,20 +119,22 @@ static int snoop_close()
static int snoop_read_rec(rec)
struct snooppkt *rec;
{
int n, p;
int n, plen, ilen;
if (read(sfd, (char *)rec, sizeof(*rec)) != sizeof(*rec))
return -2;
if (rec->sp_ilen > rec->sp_plen || rec->sp_plen < sizeof(*rec))
ilen = (int)ntohl(rec->sp_ilen);
plen = (int)ntohl(rec->sp_plen);
if (ilen > plen || plen < sizeof(*rec))
return -2;
p = rec->sp_plen - sizeof(*rec);
n = MIN(p, rec->sp_ilen);
plen -= sizeof(*rec);
n = MIN(plen, ilen);
if (!n || n < 0)
return -3;
return p;
return plen;
}

8
contrib/ipfilter/ipft_td.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
@ -60,7 +58,7 @@ tcpdump -nqte
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $";
#endif
static int tcpd_open __P((char *));

18
contrib/ipfilter/ipft_tx.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1995-2000 by Darren Reed.
* Copyright (C) 1995-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <ctype.h>
@ -43,7 +41,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.3.2.1 2001/01/10 06:19:53 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.3.2.4 2001/06/26 10:43:18 darrenr Exp $";
#endif
extern int opts;
@ -223,12 +221,12 @@ int *out;
bzero(ipopts, sizeof(ipopts));
ip->ip_hl = sizeof(*ip) >> 2;
ip->ip_v = IPVERSION;
for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && i < 19; )
for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && (i < 19); )
cps[++i] = strtok(NULL, " \b\t\r\n");
if (i < 2)
return 1;
cpp = cps;
if (!*cpp)
return 1;
c = **cpp;
if (!isalpha(c) || (tolower(c) != 'o' && tolower(c) != 'i')) {
@ -237,12 +235,16 @@ int *out;
}
*out = (tolower(c) == 'o') ? 1 : 0;
cpp++;
if (!*cpp)
return 1;
if (!strcasecmp(*cpp, "on")) {
cpp++;
if (!*cpp)
return 1;
*ifn = strdup(*cpp++);
if (!*cpp)
return 1;
}
c = **cpp;

4
contrib/ipfilter/iplang/iplang.h
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1997-1998 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
typedef struct iface {
int if_MTU;

76
contrib/ipfilter/ipnat.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
* Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
*/
@ -57,7 +55,7 @@ extern char *sys_errlist[];
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.5 2000/12/02 00:15:04 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.9 2001/07/18 15:06:33 darrenr Exp $";
#endif
@ -110,10 +108,10 @@ int main(argc, argv)
int argc;
char *argv[];
{
char *file = NULL;
int fd = -1, opts = 0, c, mode = O_RDWR;
char *file = NULL, *core = NULL;
while ((c = getopt(argc, argv, "CdFf:hlnrsv")) != -1)
while ((c = getopt(argc, argv, "CdFf:hlM:nrsv")) != -1)
switch (c)
{
case 'C' :
@ -135,6 +133,9 @@ char *argv[];
opts |= OPT_LIST;
mode = O_RDONLY;
break;
case 'M' :
core = optarg;
break;
case 'n' :
opts |= OPT_NODO;
mode = O_RDONLY;
@ -153,6 +154,13 @@ char *argv[];
usage(argv[0]);
}
if (core != NULL) {
if (openkmem(core) == -1)
exit(1);
(void) setgid(getgid());
(void) setuid(getuid());
}
gethostname(thishost, sizeof(thishost));
thishost[sizeof(thishost) - 1] = '\0';
@ -292,8 +300,10 @@ ipnat_t *ipnat;
void dostats(fd, opts)
int fd, opts;
{
hostmap_t hm, *hmp, **maptable;
natstat_t ns, *nsp = &ns;
nat_t **nt[2], *np, nat;
u_int hv, hv1, hv2;
ipnat_t ipn;
bzero((char *)&ns, sizeof(ns));
@ -353,15 +363,21 @@ int fd, opts;
printf("\n\tage %lu use %hu sumd %s/",
nat.nat_age, nat.nat_use,
getsumd(nat.nat_sumd[0]));
hv1 = NAT_HASH_FN(nat.nat_inip.s_addr,
nat.nat_inport,
0xffffffff),
hv1 = NAT_HASH_FN(nat.nat_oip.s_addr,
hv1 + nat.nat_oport,
NAT_TABLE_SZ),
hv2 = NAT_HASH_FN(nat.nat_outip.s_addr,
nat.nat_outport,
0xffffffff),
hv2 = NAT_HASH_FN(nat.nat_oip.s_addr,
hv2 + nat.nat_oport,
NAT_TABLE_SZ),
printf("%s pr %u bkt %d/%d flags %x ",
getsumd(nat.nat_sumd[1]), nat.nat_p,
(int)NAT_HASH_FN(nat.nat_inip.s_addr,
nat.nat_inport,
NAT_TABLE_SZ),
(int)NAT_HASH_FN(nat.nat_outip.s_addr,
nat.nat_outport,
NAT_TABLE_SZ),
nat.nat_flags);
hv1, hv2, nat.nat_flags);
#ifdef USE_QUAD_T
printf("bytes %qu pkts %qu",
(unsigned long long)nat.nat_bytes,
@ -379,6 +395,38 @@ int fd, opts;
printaps(nat.nat_aps, opts);
}
if (opts & OPT_VERBOSE) {
printf("\nList of active host mappings:\n");
maptable = (hostmap_t **)malloc(sizeof(hostmap_t *) *
ns.ns_hostmap_sz);
if (kmemcpy((char *)maptable, (u_long)ns.ns_maptable,
sizeof(hostmap_t *) * ns.ns_hostmap_sz)) {
perror("kmemcpy (maptable)");
return;
}
for (hv = 0; hv < ns.ns_hostmap_sz; hv++) {
hmp = maptable[hv];
while(hmp) {
if (kmemcpy((char *)&hm, (u_long)hmp,
sizeof(hostmap_t))) {
perror("kmemcpy (hostmap)");
return;
}
printf("%s -> ",
inet_ntoa(hm.hm_realip));
printf("%s ", inet_ntoa(hm.hm_mapip));
printf("(use = %d hv = %u)\n",
hm.hm_ref, hv);
hmp = hm.hm_next;
}
}
free(maptable);
}
free(nt[0]);
}
}

6
contrib/ipfilter/ipsd/ipsd.c
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1995-1998 Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
* The author of this software makes no garuntee about the
* performance of this package or its suitability to fulfill any purpose.
@ -37,7 +35,7 @@
#ifndef lint
static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipsd.c,v 2.1 1999/08/04 17:30:56 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipsd.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $";
#endif
extern char *optarg;

4
contrib/ipfilter/ipsd/ipsd.h
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1995-1998 Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
* The author of this software makes no garuntee about the
* performance of this package or its suitability to fulfill any purpose.

6
contrib/ipfilter/ipsd/ipsdr.c
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1995-1998 Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
* The author of this software makes no garuntee about the
* performance of this package or its suitability to fulfill any purpose.
@ -38,7 +36,7 @@
#ifndef lint
static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.1 1999/08/04 17:30:57 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $";
#endif
extern char *optarg;

4
contrib/ipfilter/ipsd/linux.h
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1997-1998 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)linux.h 1.1 8/19/95
*/

4
contrib/ipfilter/ipsd/sbpf.c
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1995-1998 Darren Reed. (from tcplog)
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>

4
contrib/ipfilter/ipsd/sdlpi.c
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
*/

4
contrib/ipfilter/ipsd/slinux.c
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
* The author of this software makes no garuntee about the
* performance of this package or its suitability to fulfill any purpose.

4
contrib/ipfilter/ipsd/snit.c
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*
* The author of this software makes no garuntee about the
* performance of this package or its suitability to fulfill any purpose.

13
contrib/ipfilter/ipsend/arp.c
View File

@ -1,14 +1,8 @@
/*
* arp.c (C) 1995-1998 Darren Reed
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: arp.c,v 2.1 1999/08/04 17:31:03 darrenr Exp $";
#endif
#include <stdio.h>
#include <errno.h>
#include <sys/types.h>
@ -30,6 +24,11 @@ static const char rcsid[] = "@(#)$Id: arp.c,v 2.1 1999/08/04 17:31:03 darrenr Ex
#include "ipsend.h"
#include "iplang/iplang.h"
#if !defined(lint)
static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: arp.c,v 2.1.4.2 2001/07/15 22:00:13 darrenr Exp $";
#endif
/*
* lookup host and return

4
contrib/ipfilter/ipsend/hpux.c
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1997-1998 Darren Reed. (from tcplog)
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <strings.h>

12
contrib/ipfilter/ipsend/ip.c
View File

@ -1,14 +1,8 @@
/*
* ip.c (C) 1995-1998 Darren Reed
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995";
static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.1 2001/01/10 06:21:19 darrenr Exp $";
#endif
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
@ -33,6 +27,10 @@ static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.1 2001/01/10 06:21:19 darrenr
#endif
#include "ipsend.h"
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995";
static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.3 2001/07/15 22:00:13 darrenr Exp $";
#endif
static char *ipbuf = NULL, *ethbuf = NULL;

2
contrib/ipfilter/ipsend/ipresend.1
View File

@ -2,7 +2,7 @@
.SH NAME
ipresend \- resend IP packets out to network
.SH SYNOPSIS
.B ipsend
.B ipresend
[
.B \-EHPRSTX
] [

13
contrib/ipfilter/ipsend/ipresend.c
View File

@ -6,14 +6,8 @@
* conditions, enough of the TCP header is missing for unpredictable
* results unless the filter is aware that this can happen.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1 1999/08/04 17:31:05 darrenr Exp $";
#endif
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@ -34,6 +28,11 @@ static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1 1999/08/04 17:31:05 darre
#endif
#include "ipsend.h"
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1.4.2 2001/07/15 22:00:13 darrenr Exp $";
#endif
extern char *optarg;
extern int optind;

12
contrib/ipfilter/ipsend/ipsend.h
View File

@ -6,11 +6,7 @@
* conditions, enough of the TCP header is missing for unpredictable
* results unless the filter is aware that this can happen.
*
* The author provides this program as-is, with no gaurantee for its
* suitability for any specific purpose. The author takes no responsibility
* for the misuse/abuse of this program and provides it for the sole purpose
* of testing packet filter policies. This file maybe distributed freely
* providing it is not modified and that this notice remains in tact.
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#ifndef __P
@ -67,3 +63,9 @@ extern int kmemcpy __P((char *, void *, int));
#ifndef OPT_RAW
#define OPT_RAW 0x80000
#endif
#ifndef __STDC__
# ifndef const
# define const
# endif
#endif

18
contrib/ipfilter/ipsend/ipsopt.c
View File

@ -1,14 +1,8 @@
/*
* Copyright (C) 1995-1998 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1 1999/08/04 17:31:07 darrenr Exp $";
#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@ -25,13 +19,9 @@ static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1 1999/08/04 17:31:07 darrenr
#include <arpa/inet.h>
#include "ipsend.h"
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#if !defined(lint)
static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.2 2001/07/15 22:00:14 darrenr Exp $";
#endif

13
contrib/ipfilter/ipsend/iptest.c
View File

@ -6,14 +6,8 @@
* conditions, enough of the TCP header is missing for unpredictable
* results unless the filter is aware that this can happen.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2 1999/12/04 03:37:05 darrenr Exp $";
#endif
#include <stdio.h>
#include <netdb.h>
#include <unistd.h>
@ -38,6 +32,11 @@ static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2 1999/12/04 03:37:05 darrenr
#endif
#include "ipsend.h"
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2.2.2 2001/07/15 22:00:14 darrenr Exp $";
#endif
extern char *optarg;
extern int optind;

6
contrib/ipfilter/ipsend/larp.c
View File

@ -1,13 +1,11 @@
/*
* larp.c (C) 1995-1998 Darren Reed
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)larp.c 1.1 8/19/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: larp.c,v 2.1 1999/08/04 17:31:10 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: larp.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $";
#endif
#include <stdio.h>
#include <errno.h>

4
contrib/ipfilter/ipsend/linux.h
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1995-1998 by Darren Reed.
*
* This code may be freely distributed as long as it retains this notice
* and is not changed in any way. The author accepts no responsibility
* for the use of this software. I hate legaleese, don't you ?
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)linux.h 1.1 8/19/95
*/

6
contrib/ipfilter/ipsend/lsock.c
View File

@ -1,13 +1,11 @@
/*
* lsock.c (C) 1995-1998 Darren Reed
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: lsock.c,v 2.1 1999/08/04 17:31:11 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: lsock.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $";
#endif
#include <stdio.h>
#include <unistd.h>

14
contrib/ipfilter/ipsend/resend.c
View File

@ -6,14 +6,8 @@
* conditions, enough of the TCP header is missing for unpredictable
* results unless the filter is aware that this can happen.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.1 2001/01/10 06:21:20 darrenr Exp $";
#endif
#include <stdio.h>
#include <netdb.h>
#include <string.h>
@ -39,6 +33,12 @@ static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.1 2001/01/10 06:21:20 dar
#endif
#include "ipsend.h"
#if !defined(lint)
static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.3 2001/07/15 22:00:14 darrenr Exp $";
#endif
extern int opts;
static u_char pbuf[65536]; /* 1 big packet */

9
contrib/ipfilter/ipsend/sdlpi.c
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
@ -40,7 +38,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.1 1999/08/04 17:31:13 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.1.4.2 2001/06/26 10:43:22 darrenr Exp $";
#endif
#define CHUNKSIZE 8192
@ -58,7 +56,8 @@ int sport, tout;
char devname[16], *s, buf[256];
int i, fd;
(void) sprintf(devname, "/dev/%s", device);
(void) strcpy(devname, "/dev/");
(void) strncat(devname, device, sizeof(devname) - strlen(devname));
s = devname + 5;
while (*s && !isdigit(*s))

4
contrib/ipfilter/ipsend/sirix.c
View File

@ -2,9 +2,7 @@
* (C)opyright 1992-1998 Darren Reed.
* (C)opyright 1997 Marc Boucher.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <sys/types.h>

6
contrib/ipfilter/ipsend/slinux.c
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
@ -29,7 +27,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)slinux.c 1.2 8/25/95";
static const char rcsid[] = "@(#)$Id: slinux.c,v 2.1 1999/08/04 17:31:14 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: slinux.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $";
#endif
#define CHUNKSIZE 8192

6
contrib/ipfilter/ipsend/snit.c
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
@ -40,7 +38,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)snit.c 1.5 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: snit.c,v 2.1 1999/08/04 17:31:15 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: snit.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $";
#endif
#define CHUNKSIZE 8192

4
contrib/ipfilter/ipsend/ultrix.c
View File

@ -1,9 +1,7 @@
/*
* (C)opyright 1998 Darren Reed. (from tcplog)
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <strings.h>

16
contrib/ipfilter/ipt.c
View File

@ -1,12 +1,16 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
# include <osreldate.h>
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#include <stdio.h>
#include <assert.h>
@ -55,7 +59,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6 2000/03/13 22:10:25 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.2 2001/06/26 10:43:19 darrenr Exp $";
#endif
extern char *optarg;

8
contrib/ipfilter/ipt.h
View File

@ -1,10 +1,8 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* $Id: ipt.h,v 2.2 2000/03/13 22:10:25 darrenr Exp $
* See the IPFILTER.LICENCE file for details on licencing.
* $Id: ipt.h,v 2.2.2.1 2001/06/26 10:43:19 darrenr Exp $
*/
#ifndef __IPT_H__

24
contrib/ipfilter/kmem.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* kmemcpy() - copies n bytes from kernel memory into user buffer.
@ -18,16 +16,24 @@
#include <sys/file.h>
#include "kmem.h"
#ifndef __STDC__
# define const
#endif
#if !defined(lint)
static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2 2000/03/13 22:10:25 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.3 2001/07/15 22:06:16 darrenr Exp $";
#endif
static int kmemfd = -1;
int openkmem()
int openkmem(core)
char *core;
{
if ((kmemfd = open(KMEM,O_RDONLY)) == -1)
if (core == NULL)
core = KMEM;
if ((kmemfd = open(core, O_RDONLY)) == -1)
{
perror("kmeminit:open");
return -1;
@ -45,7 +51,7 @@ register int n;
if (!n)
return 0;
if (kmemfd == -1)
if (openkmem() == -1)
if (openkmem(NULL) == -1)
return -1;
if (lseek(kmemfd, pos, 0) == -1)
{
@ -76,7 +82,7 @@ register int n;
if (!n)
return 0;
if (kmemfd == -1)
if (openkmem() == -1)
if (openkmem(NULL) == -1)
return -1;
if (lseek(kmemfd, pos, 0) == -1)
{

10
contrib/ipfilter/kmem.h
View File

@ -1,10 +1,8 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* $Id: kmem.h,v 2.2 2000/03/13 22:10:25 darrenr Exp $
* See the IPFILTER.LICENCE file for details on licencing.
* $Id: kmem.h,v 2.2.2.2 2001/06/26 10:43:19 darrenr Exp $
*/
#ifndef __KMEM_H__
@ -17,7 +15,7 @@
# define __P(x) ()
# endif
#endif
extern int openkmem __P((void));
extern int openkmem __P((char *));
extern int kmemcpy __P((char *, long, int));
extern int kstrncpy __P((char *, long, int));

2
contrib/ipfilter/man/ipl.4
View File

@ -76,4 +76,4 @@ ipf(4)
.SH BUGS
Packet headers are dropped when the internal buffer (static size) fills.
.SH FILES
/dev/ipl0
/dev/ipl

8
contrib/ipfilter/misc.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if (SOLARIS2 >= 7)
# define _SYS_VARARGS_H
@ -52,7 +50,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)misc.c 1.3 2/4/96 (C) 1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: misc.c,v 2.2 2000/03/13 22:10:25 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: misc.c,v 2.2.2.1 2001/06/26 10:43:19 darrenr Exp $";
#endif
extern int opts;

6
contrib/ipfilter/ml_ipl.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors. The author accepts no
* See the IPFILTER.LICENCE file for details on licencing.
* responsibility and is not changed in any way.
*
* I hate legaleese, don't you ?

33
contrib/ipfilter/mlf_ipl.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
@ -13,12 +11,24 @@
#include <sys/param.h>
#if defined(__FreeBSD__) && (__FreeBSD__ > 1)
#if defined(__FreeBSD__)
# ifdef IPFILTER_LKM
# include <osreldate.h>
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
# define ACTUALLY_LKM_NOT_KERNEL
# else
# include <sys/osreldate.h>
# ifndef __FreeBSD_cc_version
# include <sys/osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <sys/osreldate.h>
# endif
# endif
# endif
#endif
#include <sys/systm.h>
@ -53,19 +63,16 @@
#if (__FreeBSD_version >= 300000)
# include <sys/socket.h>
#endif
#if (__FreeBSD_version >= 199511)
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <net/if.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#endif
#if (__FreeBSD__ > 1)
# include <sys/sysent.h>
#endif
#include <sys/sysent.h>
#include <sys/lkm.h>
#include "netinet/ipl.h"
#include "netinet/ip_compat.h"
@ -392,7 +399,7 @@ int cmd, ver;
# endif
}
# endif /* IPFILTER_LKM */
static ipl_devsw_installed = 0;
static int ipl_devsw_installed = 0;
static void ipl_drvinit __P((void *unused))
{

6
contrib/ipfilter/mli_ipl.c
View File

@ -1,10 +1,8 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
* (C)opyright 1997 by Marc Boucher.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original authors and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
/* TODO: (MARCXXX)

6
contrib/ipfilter/mln_ipl.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate

8
contrib/ipfilter/mls_ipl.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
@ -42,7 +40,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)mls_ipl.c 2.6 10/15/95 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: mls_ipl.c,v 2.2 2000/03/13 22:10:26 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: mls_ipl.c,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $";
#endif
extern int ipldetach __P((void));

25
contrib/ipfilter/natparse.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <string.h>
@ -54,7 +52,7 @@ extern char *sys_errlist[];
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.6 2000/07/08 02:14:40 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.11 2001/07/17 14:33:09 darrenr Exp $";
#endif
@ -160,6 +158,8 @@ void *ptr;
printf(" udp");
if (np->in_flags & IPN_ROUNDR)
printf(" round-robin");
if (np->in_flags & IPN_FRAG)
printf(" frag");
printf("\n");
if (opts & OPT_DEBUG)
printf("\t%p %lu %#x %u %p %d\n", np->in_ifp,
@ -231,6 +231,8 @@ void *ptr;
ntohs(np->in_pmax));
}
}
if (np->in_flags & IPN_FRAG)
printf(" frag");
printf("\n");
if (opts & OPT_DEBUG) {
printf("\tifp %p space %lu nextip %s pnext %d",
@ -277,6 +279,7 @@ int linenum;
char *s, *t, *cps[31], **cpp;
int i, cnt;
proto = NULL;
if ((s = strchr(line, '\n')))
*s = '\0';
@ -553,7 +556,7 @@ int linenum;
} else
ipn.in_pmin = 0;
} else if ((ipn.in_redir & NAT_BIMAP) == NAT_REDIRECT) {
if (strrchr(*cpp, '/') != NULL) {
if (!*cpp || strrchr(*cpp, '/') != NULL) {
fprintf(stderr, "%d: No netmask supported in %s\n",
linenum, "destination host for redirect");
return NULL;
@ -623,6 +626,11 @@ int linenum;
ipn.in_flags |= IPN_ROUNDR;
}
if (*cpp && !strcasecmp(*cpp, "frag")) {
cpp++;
ipn.in_flags |= IPN_FRAG;
}
if (*cpp) {
fprintf(stderr,
"%d: extra junk at the end of rdr: %s\n",
@ -641,6 +649,11 @@ int linenum;
if ((ipn.in_redir & NAT_MAPBLK) != 0)
nat_setgroupmap(&ipn);
if (*cpp && !strcasecmp(*cpp, "frag")) {
cpp++;
ipn.in_flags |= IPN_FRAG;
}
if (!*cpp)
return &ipn;

8
contrib/ipfilter/opt.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <string.h>
@ -27,7 +25,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)opt.c 1.8 4/10/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: opt.c,v 2.2 2000/03/13 22:10:26 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: opt.c,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $";
#endif
extern int opts;

26
contrib/ipfilter/parse.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
@ -394,7 +392,15 @@ int linenum;
linenum);
return NULL;
}
if (**cpp == '!') {
if (!strcmp(*cpp, "!")) {
fil.fr_flags |= FR_NOTSRCIP;
if (!*++cpp) {
fprintf(stderr,
"%d: missing host after from\n",
linenum);
return NULL;
}
} else if (**cpp == '!') {
fil.fr_flags |= FR_NOTSRCIP;
(*cpp)++;
}
@ -424,7 +430,15 @@ int linenum;
return NULL;
}
ch = 0;
if (**cpp == '!') {
if (!strcmp(*cpp, "!")) {
fil.fr_flags |= FR_NOTDSTIP;
if (!*++cpp) {
fprintf(stderr,
"%d: missing host after from\n",
linenum);
return NULL;
}
} else if (**cpp == '!') {
fil.fr_flags |= FR_NOTDSTIP;
(*cpp)++;
}

9
contrib/ipfilter/pcap.h
View File

@ -1,10 +1,9 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* $Id: pcap.h,v 2.2 2000/03/13 22:10:27 darrenr Exp $
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: pcap.h,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $
*/
/*
* This header file is constructed to match the version described by

9
contrib/ipfilter/relay.c
View File

@ -107,7 +107,7 @@ char *argv[];
int fd, sl = sizeof(sl), se;
openlog(argv[0], LOG_PID|LOG_NDELAY, LOG_DAEMON);
if ((fd = open("/dev/ipl", O_RDONLY)) == -1) {
if ((fd = open("/dev/ipnat", O_RDONLY)) == -1) {
se = errno;
perror("open");
errno = se;
@ -115,6 +115,9 @@ char *argv[];
exit(-1);
}
bzero(&nl, sizeof(nl));
nl.nl_flags = IPN_TCP;
bzero(&sin, sizeof(sin));
sin.sin_family = AF_INET;
sl = sizeof(sin);
@ -151,8 +154,8 @@ char *argv[];
exit(-1);
}
sin.sin_port = nl.nl_inport;
sin.sin_addr = nl.nl_inip;
sin.sin_port = nl.nl_realport;
sin.sin_addr = nl.nl_realip;
sl = sizeof(sin);
fd = socket(AF_INET, SOCK_STREAM, 0);

8
contrib/ipfilter/snoop.h
View File

@ -1,9 +1,7 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifndef __SNOOP_H__
@ -11,7 +9,7 @@
/*
* written to comply with the RFC (1761) from Sun.
* $Id: snoop.h,v 2.2 2000/03/13 22:10:27 darrenr Exp $
* $Id: snoop.h,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $
*/
struct snoophdr {
char s_id[8];

346
contrib/ipfilter/solaris.c
View File

@ -1,12 +1,10 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
* Copyright (C) 1993-2001 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* See the IPFILTER.LICENCE file for details on licencing.
*/
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
#pragma ident "@(#)$Id: solaris.c,v 2.15.2.8 2000/11/27 10:28:41 darrenr Exp $"
#pragma ident "@(#)$Id: solaris.c,v 2.15.2.20 2001/07/18 14:58:28 darrenr Exp $"
#include <sys/systm.h>
#include <sys/types.h>
@ -147,7 +145,7 @@ static struct modlinkage modlink1 = { MODREV_1, &iplmod, NULL };
static size_t hdrsizes[57][2] = {
{ 0, 0 },
{ IFT_OTHER, 0 },
{ IFT_1822, 0 },
{ IFT_1822, 14 }, /* 14 for ire0 ?? */
{ IFT_HDH1822, 0 },
{ IFT_X25DDN, 0 },
{ IFT_X25, 0 },
@ -210,8 +208,6 @@ int _init()
{
int ipfinst;
if (fr_running < 0)
return -1;
ipfinst = mod_install(&modlink1);
#ifdef IPFDEBUG
cmn_err(CE_NOTE, "IP Filter: _init() = %d", ipfinst);
@ -224,8 +220,6 @@ int _fini(void)
{
int ipfinst;
if (fr_running < 0)
return -1;
ipfinst = mod_remove(&modlink1);
#ifdef IPFDEBUG
cmn_err(CE_NOTE, "IP Filter: _fini() = %d", ipfinst);
@ -239,8 +233,6 @@ struct modinfo *modinfop;
{
int ipfinst;
if (fr_running < 0)
return -1;
ipfinst = mod_info(&modlink1, modinfop);
#ifdef IPFDEBUG
cmn_err(CE_NOTE, "IP Filter: _info(%x) = %x", modinfop, ipfinst);
@ -275,6 +267,31 @@ dev_info_t *dip;
}
static void ipf_ire_walk(ire, arg)
ire_t *ire;
void *arg;
{
qif_t *qif = arg;
if ((ire->ire_type == IRE_CACHE) &&
#if SOLARIS2 >= 6
(ire->ire_ipif != NULL) &&
(ire->ire_ipif->ipif_ill == qif->qf_ill)
#else
(ire_to_ill(ire) == qif->qf_ill)
#endif
) {
#if SOLARIS2 >= 8
mblk_t *m = ire->ire_fp_mp;
#else
mblk_t *m = ire->ire_ll_hdr_mp;
#endif
if (m != NULL)
qif->qf_hl = m->b_wptr - m->b_rptr;
}
}
static int ipf_attach(dip, cmd)
dev_info_t *dip;
ddi_attach_cmd_t cmd;
@ -336,6 +353,14 @@ ddi_attach_cmd_t cmd;
drv_usectohz(500000));
if (fr_running == 1)
return DDI_SUCCESS;
#if SOLARIS2 >= 8
case DDI_RESUME :
case DDI_PM_RESUME :
if (ipfr_timer_id == 0)
ipfr_timer_id = timeout(ipfr_slowtimer, NULL,
drv_usectohz(500000));
return DDI_SUCCESS;
#endif
default:
return DDI_FAILURE;
}
@ -403,6 +428,19 @@ ddi_detach_cmd_t cmd;
cmn_err(CE_CONT, "%s detached\n", ipfilter_version);
return (DDI_SUCCESS);
}
#if SOLARIS2 >= 8
case DDI_SUSPEND :
case DDI_PM_SUSPEND :
if (ipfr_timer_id != 0) {
untimeout(ipfr_timer_id);
ipfr_timer_id = 0;
}
if (synctimeoutid) {
untimeout(synctimeoutid);
synctimeoutid = 0;
}
return DDI_SUCCESS;
#endif
default:
return (DDI_FAILURE);
}
@ -479,7 +517,7 @@ size_t off;
m = m->b_cont;
cmn_err(CE_CONT, " !IP %s:%d %d %p %p %p %d %p/%d %p/%d %p %d %d %p\n",
qif ? qif->qf_name : "?", out, qif->qf_hl, q,
qif ? qif->qf_name : "?", out, qif ? qif->qf_hl : -1, q,
q ? q->q_ptr : NULL, q ? q->q_qinfo : NULL,
mt->b_wptr - mt->b_rptr, m, MTYPE(m), mt, MTYPE(mt), m->b_rptr,
m->b_wptr - m->b_rptr, off, ip);
@ -529,8 +567,8 @@ int out;
{
register mblk_t *m, *mt = *mp;
register ip_t *ip;
size_t hlen, len, off, mlen, iphlen, plen;
int err, synced = 0, sap, p;
size_t hlen, len, off, off2, mlen, iphlen, plen, woff;
int err, synced = 0, sap, p, realigned = 0, multi = 0;
u_char *bp;
#if SOLARIS2 >= 8
ip6_t *ip6;
@ -556,8 +594,21 @@ int out;
bp = (u_char *)ALIGN32(mt->b_rptr);
if (MTYPE(mt) == M_PROTO || MTYPE(mt) == M_PCPROTO) {
dl_unitdata_ind_t *dl = (dl_unitdata_ind_t *)bp;
if (dl->dl_primitive != DL_UNITDATA_IND &&
dl->dl_primitive != DL_UNITDATA_REQ) {
if (dl->dl_primitive == DL_UNITDATA_IND) {
multi = dl->dl_group_address;
m = mt->b_cont;
/*
* This is a complete kludge to try and work around
* some bizarre packets which drop through into
* fr_donotip.
*/
if (m && multi && ((*((u_char *)m->b_rptr) == 0x0) &&
((*((u_char *)m->b_rptr + 2) == 0x45)))) {
ip = (ip_t *)(m->b_rptr + 2);
off = 2;
} else
off = 0;
} else if (dl->dl_primitive != DL_UNITDATA_REQ) {
ip = (ip_t *)dl;
if ((ip->ip_v == IPVERSION) &&
(ip->ip_hl == (sizeof(*ip) >> 2)) &&
@ -584,19 +635,6 @@ int out;
return 0; /* No data blocks */
}
/*
* This is a complete kludge to try and work around some bizarre
* packets which drop through into fr_donotip.
*/
if ((mt != m) && (MTYPE(mt) == M_PROTO || MTYPE(mt) == M_PCPROTO)) {
dl_unitdata_ind_t *dl = (dl_unitdata_ind_t *)bp;
if ((dl->dl_primitive == DL_UNITDATA_IND) &&
(dl->dl_group_address == 1))
if (((*((u_char *)m->b_rptr) == 0x0) &&
((*((u_char *)m->b_rptr + 2) == 0x45))))
off += 2;
}
ip = (ip_t *)(m->b_rptr + off); /* MMM */
/*
@ -648,10 +686,13 @@ int out;
((char *)&tlen)[0] = ((char *)&ip6->ip6_plen)[0];
((char *)&tlen)[1] = ((char *)&ip6->ip6_plen)[1];
plen = ntohs(tlen);
sap = IP6_DL_SAP;
if (!plen)
return -1; /* Jumbo gram */
plen += sizeof(*ip6);
}
#endif
else {
plen = 0;
hlen = 0;
sap = -1;
}
@ -659,34 +700,77 @@ int out;
/*
* Ok, the IP header isn't on a 32bit aligned address so junk it.
*/
if (((u_int)ip & 0x3) || (len < hlen) || (sap == -1)) {
mblk_t *m2;
u_char *s;
if (((u_long)ip & 0x3) || (plen > mlen) || (len < hlen) ||
(sap == -1)) {
mblk_t *m1, *m2;
u_char *s, c;
int v;
/*
* Junk using pullupmsg - it's next to useless.
*/
fixalign:
if (off)
m->b_rptr -= off;
c = *(u_char *)ip;
c >>= 4;
if (c != 4
#if SOLARIS2 >= 8
&& c != 6
#endif
) {
frstats[out].fr_notip++;
return (fr_flags & FF_BLOCKNONIP) ? -1 : 0;
}
if (realigned)
return -1;
realigned = 1;
off2 = (size_t)((u_long)ip & 0x3);
if (off2)
off2 = 4 - off2;
len = msgdsize(m);
m2 = allocb(len, BPRI_HI);
m2 = allocb(len + off2, BPRI_HI);
if (m2 == NULL) {
frstats[out].fr_pull[1]++;
return -1;
}
m2->b_wptr = m2->b_rptr + len;
s = (u_char *)ip;
for (bp = m2->b_rptr; m; bp += len) {
len = m->b_wptr - s;
bcopy(m->b_rptr, bp, len);
m = m->b_cont;
if (m)
s = m->b_rptr;
}
*mp = m2;
MTYPE(m2) = M_DATA;
freemsg(mt);
mt = m2;
if (m->b_rptr != (u_char *)ip)
m2->b_rptr += off2;
m2->b_wptr = m2->b_rptr + len;
m1 = m;
s = (u_char *)m->b_rptr;
for (bp = m2->b_rptr; m1 && (bp < m2->b_wptr); bp += len) {
len = MIN(m1->b_wptr - s, m2->b_wptr - bp);
bcopy(s, bp, len);
m1 = m1->b_cont;
if (m1)
s = m1->b_rptr;
}
if (mt != m && mt->b_cont == m && !off) {
/*
* check if the buffer we're changing is chained in-
* between other buffers and unlink/relink as required.
*/
(void) unlinkb(mt); /* should return 'm' */
m1 = unlinkb(m);
if (m1)
linkb(m2, m1);
freemsg(m);
linkb(mt, m2);
} else {
if (m == mt) {
m1 = unlinkb(mt);
if (m1)
linkb(m2, m1);
}
freemsg(mt);
*mp = m2;
mt = m2;
}
frstats[out].fr_pull[0]++;
synced = 1;
@ -714,7 +798,7 @@ int out;
#ifndef sparc
# if SOLARIS2 >= 8
if (sap == IP6_DL_SAP) {
ip6->ip6_plen = plen;
ip6->ip6_plen = plen - sizeof(*ip6);
} else {
# endif
__ipoff = (u_short)ip->ip_off;
@ -734,7 +818,7 @@ int out;
if ((
#if SOLARIS2 >= 8
(sap == IP6_DL_SAP) && (mlen < iphlen + plen)) ||
(sap == IP6_DL_SAP) && (mlen < plen)) ||
((sap == 0) &&
#endif
((iphlen < hlen) || (iphlen > plen) || (mlen < plen)))) {
@ -744,7 +828,7 @@ int out;
#ifndef sparc
# if SOLARIS2 >= 8
if (sap == IP6_DL_SAP) {
ip6->ip6_plen = htons(plen);
ip6->ip6_plen = htons(plen - sizeof(*ip6));
} else {
# endif
__ipoff = (u_short)ip->ip_off;
@ -790,15 +874,13 @@ int out;
break;
}
woff = 0;
if (hlen > mlen) {
hlen = mlen;
#if SOLARIS2 >= 8
} else if (sap == IP6_DL_SAP) {
if (m->b_wptr - m->b_rptr > plen + hlen)
m->b_wptr = m->b_rptr + plen + hlen;
#endif
} else if (m->b_wptr - m->b_rptr > plen)
m->b_wptr = m->b_rptr + plen;
} else if (m->b_wptr - m->b_rptr > plen) {
woff = m->b_wptr - m->b_rptr - plen;
m->b_wptr -= woff;
}
/*
* If we don't have enough data in the mblk or we haven't yet copied
@ -806,7 +888,7 @@ int out;
*/
if ((hlen > len)) {
if (!pullupmsg(m, (int)hlen)) {
cmn_err(CE_NOTE, "pullupmsg failed\n");
cmn_err(CE_NOTE, "pullupmsg failed");
frstats[out].fr_pull[1]++;
return -1;
}
@ -818,8 +900,9 @@ int out;
qif->qf_off = off;
qif->qf_len = len;
err = fr_check(ip, iphlen, qif->qf_ill, out, qif, mp);
if (err == 2)
if (err == 2) {
goto fixalign;
}
/*
* Copy back the ip header data if it was changed, we haven't yet
* freed the message and we aren't going to drop the packet.
@ -828,11 +911,12 @@ int out;
*/
if (*mp != NULL) {
if (*mp == mt) {
m->b_wptr += woff;
m->b_rptr -= off;
#ifndef sparc
# if SOLARIS2 >= 8
if (sap == IP6_DL_SAP) {
ip6->ip6_plen = htons(plen);
ip6->ip6_plen = htons(plen - sizeof(*ip6));
} else {
# endif
__ipoff = (u_short)ip->ip_off;
@ -847,13 +931,37 @@ int out;
#endif
} else
cmn_err(CE_NOTE,
"!IP Filter: *mp %p mt %p %s\n", *mp, mt,
"!IP Filter: *mp %p mt %p %s", *mp, mt,
"mblk changed, cannot revert ip_len, ip_off");
}
return err;
}
/*
* Only called for M_IOCACK messages
*/
void fr_qif_update(qif, mp)
qif_t *qif;
mblk_t *mp;
{
struct iocblk *iocp;
if (!qif || !mp)
return;
iocp = (struct iocblk *)mp->b_rptr;
if (mp->b_cont && (iocp->ioc_cmd == DL_IOC_HDR_INFO)) {
mp = mp->b_cont;
if (MTYPE(mp) == M_PROTO && mp->b_cont) {
mp = mp->b_cont;
if (MTYPE(mp) == M_DATA) {
qif->qf_hl = mp->b_wptr - mp->b_rptr;
}
}
}
}
int fr_qin(q, mb)
queue_t *q;
mblk_t *mb;
@ -863,6 +971,7 @@ mblk_t *mb;
if (fr_running <= 0) {
mb->b_prev = NULL;
mb->b_next = NULL;
freemsg(mb);
return 0;
}
@ -871,6 +980,17 @@ mblk_t *mb;
mblk_t *m1;
m1 = copymsg(mb);
if (!m1) {
frstats[0].fr_drop++;
mb->b_next = NULL;
mb->b_prev = NULL;
freemsg(mb);
return 0;
}
m1->b_next = mb->b_next;
mb->b_next = NULL;
m1->b_prev = mb->b_prev;
mb->b_prev = NULL;
freemsg(mb);
mb = m1;
frstats[0].fr_copy++;
@ -881,6 +1001,7 @@ mblk_t *mb;
if (fr_running <= 0) {
RWLOCK_EXIT(&ipf_solaris);
mb->b_prev = NULL;
mb->b_next = NULL;
freemsg(mb);
return 0;
}
@ -925,17 +1046,21 @@ mblk_t *mb;
frstats[0].fr_drop++;
RWLOCK_EXIT(&ipf_solaris);
mb->b_prev = NULL;
mb->b_next = NULL;
freemsg(mb);
return 0;
}
bcopy((char *)qif, (char *)&qf, sizeof(qf));
qif = &qf;
type = MTYPE(mb);
pnext = qif->qf_rqinfo->qi_putp;
type = MTYPE(mb);
if (type == M_IOCACK)
fr_qif_update(qif, mb);
else {
bcopy((char *)qif, (char *)&qf, sizeof(qf));
if (datamsg(type) || (type == M_BREAK))
err = fr_precheck(&mb, q, qif, 0);
if (datamsg(type) || (type == M_BREAK))
err = fr_precheck(&mb, q, &qf, 0);
}
RWLOCK_EXIT(&ipfs_mutex);
RWLOCK_EXIT(&ipf_solaris);
@ -944,11 +1069,13 @@ mblk_t *mb;
if (pnext)
return (*pnext)(q, mb);
cmn_err(CE_WARN, "!IP Filter: inp NULL: qif %x q %x info %x",
qif, q, q->q_qinfo);
cmn_err(CE_WARN,
"!IP Filter: inp NULL: qif %x %s q %x info %x",
&qf, qf.qf_name, q, q->q_qinfo);
}
if (mb) {
mb->b_prev = NULL;
mb->b_next = NULL;
freemsg(mb);
}
return 0;
@ -964,14 +1091,32 @@ mblk_t *mb;
if (fr_running <= 0) {
mb->b_prev = NULL;
mb->b_next = NULL;
freemsg(mb);
return 0;
}
if (mb->b_datap->db_ref > 1) {
#if SOLARIS2 >= 6
if ((!dohwcksum || mb->b_ick_flag != ICK_VALID) &&
(mb->b_datap->db_ref > 1))
#else
if (mb->b_datap->db_ref > 1)
#endif
{
mblk_t *m1;
m1 = copymsg(mb);
if (!m1) {
frstats[1].fr_drop++;
mb->b_next = NULL;
mb->b_prev = NULL;
freemsg(mb);
return 0;
}
m1->b_next = mb->b_next;
mb->b_next = NULL;
m1->b_prev = mb->b_prev;
mb->b_prev = NULL;
freemsg(mb);
mb = m1;
frstats[1].fr_copy++;
@ -982,6 +1127,7 @@ mblk_t *mb;
if (fr_running <= 0) {
RWLOCK_EXIT(&ipf_solaris);
mb->b_prev = NULL;
mb->b_next = NULL;
freemsg(mb);
return 0;
}
@ -998,7 +1144,7 @@ mblk_t *mb;
synced = 1;
goto again;
}
/* fr_donotip(0, NULL, q, mb, mb, NULL, 0); */
/* fr_donotip(1, NULL, q, mb, mb, NULL, 0); */
RWLOCK_EXIT(&ipf_solaris);
return (*pnext)(q, mb);
}
@ -1036,17 +1182,21 @@ mblk_t *mb;
frstats[1].fr_drop++;
RWLOCK_EXIT(&ipf_solaris);
mb->b_prev = NULL;
mb->b_next = NULL;
freemsg(mb);
return 0;
}
bcopy((char *)qif, (char *)&qf, sizeof(qf));
qif = &qf;
type = MTYPE(mb);
pnext = qif->qf_wqinfo->qi_putp;
type = MTYPE(mb);
if (type == M_IOCACK)
fr_qif_update(qif, mb);
else {
bcopy((char *)qif, (char *)&qf, sizeof(qf));
if (datamsg(type) || (type == M_BREAK))
err = fr_precheck(&mb, q, qif, 1);
if (datamsg(type) || (type == M_BREAK))
err = fr_precheck(&mb, q, &qf, 1);
}
RWLOCK_EXIT(&ipfs_mutex);
RWLOCK_EXIT(&ipf_solaris);
@ -1057,10 +1207,11 @@ mblk_t *mb;
cmn_err(CE_WARN,
"!IP Filter: outp NULL: qif %x %s q %x info %x",
qif, qif->qf_name, q, q->q_qinfo);
&qf, qf.qf_name, q, q->q_qinfo);
}
if (mb) {
mb->b_prev = NULL;
mb->b_next = NULL;
freemsg(mb);
}
return 0;
@ -1080,6 +1231,7 @@ void *arg;
RWLOCK_EXIT(&ipf_solaris);
}
static int ipf_ip_qin(q, mb)
queue_t *q;
mblk_t *mb;
@ -1089,6 +1241,7 @@ mblk_t *mb;
if (fr_running <= 0) {
mb->b_prev = NULL;
mb->b_next = NULL;
freemsg(mb);
return 0;
}
@ -1100,18 +1253,24 @@ mblk_t *mb;
if (fr_running <= 0) {
RWLOCK_EXIT(&ipf_solaris);
mb->b_prev = NULL;
mb->b_next = NULL;
freemsg(mb);
return 0;
}
ioc = (struct iocblk *)mb->b_rptr;
switch (ioc->ioc_cmd) {
switch (ioc->ioc_cmd)
{
case DL_IOC_HDR_INFO:
fr_qif_update(qif_from_queue(q), mb);
break;
case I_LINK:
case I_UNLINK:
case SIOCSIFADDR:
case SIOCSIFFLAGS:
#ifdef IPFDEBUG
cmn_err(CE_NOTE, "IP Filter: ipf_ip_qin() M_IOCTL type=0x%x\n", ioc->ioc_cmd);
cmn_err(CE_NOTE, "IP Filter: ipf_ip_qin() M_IOCTL type=0x%x",
ioc->ioc_cmd);
#endif
WRITE_ENTER(&ipfs_mutex);
if (synctimeoutid == 0) {
@ -1135,7 +1294,7 @@ extern struct streamtab ipinfo;
void solipdrvattach()
{
#ifdef IPFDEBUG
cmn_err(CE_NOTE, "IP Filter: solipdrvattach() %d ipinfo=0x%lx\n",
cmn_err(CE_NOTE, "IP Filter: solipdrvattach() %d ipinfo=0x%lx",
ipdrvattcnt, &ipinfo);
#endif
@ -1150,7 +1309,7 @@ void solipdrvattach()
int solipdrvdetach()
{
#ifdef IPFDEBUG
cmn_err(CE_NOTE, "IP Filter: solipdrvdetach() %d ipinfo=0x%lx\n",
cmn_err(CE_NOTE, "IP Filter: solipdrvdetach() %d ipinfo=0x%lx",
ipdrvattcnt, &ipinfo);
#endif
@ -1212,7 +1371,7 @@ void solattach()
KMALLOC(qif, qif_t *);
if (!qif) {
cmn_err(CE_WARN,
"IP Filter: malloc(%d) for qif_t failed\n",
"IP Filter: malloc(%d) for qif_t failed",
sizeof(qif_t));
RWLOCK_EXIT(&ipfs_mutex);
continue;
@ -1288,11 +1447,17 @@ void solattach()
(hdrsizes[il->ill_type][0] == il->ill_type))
qif->qf_hl = hdrsizes[il->ill_type][1];
if (qif->qf_hl == 0)
if (qif->qf_hl == 0 && il->ill_type != IFT_OTHER)
cmn_err(CE_WARN,
"Unknown layer 2 header size for %s type %d\n",
qif->qf_name, il->ill_type);
"Unknown layer 2 header size for %s type %d",
il->ill_name, il->ill_type);
}
/*
* XXX Awful hack for PPP; fix when PPP/snoop fixed.
*/
if (il->ill_type == IFT_ETHER && !il->ill_bcast_addr_length)
qif->qf_hl = 0;
#endif
strncpy(qif->qf_name, il->ill_name, sizeof(qif->qf_name));
qif->qf_name[sizeof(qif->qf_name) - 1] = '\0';
@ -1377,6 +1542,7 @@ void solattach()
#endif
out->q_qinfo = &qif->qf_wqinit;
ire_walk(ipf_ire_walk, (char *)qif);
RWLOCK_EXIT(&ipfs_mutex);
cmn_err(CE_CONT, "IP Filter: attach to [%s,%d] - %s\n",
qif->qf_name, il->ill_ppa,
@ -1634,7 +1800,7 @@ frdest_t *fdp;
* data, not the original, if and only if it is already pointing at
* the current mblk data.
*/
if (ip == (ip_t *)qf->qf_m->b_rptr && qf->qf_m != mb)
if ((ip == (ip_t *)qf->qf_m->b_rptr) && (qf->qf_m != mb))
ip = (ip_t *)mb->b_rptr;
/*
@ -1646,6 +1812,7 @@ frdest_t *fdp;
mp = (*mpp)->b_cont;
(*mpp)->b_cont = NULL;
(*mpp)->b_prev = NULL;
(*mpp)->b_next = NULL;
freemsg(*mpp);
*mpp = mp;
}
@ -1666,7 +1833,7 @@ frdest_t *fdp;
if (!ir)
ir = (ire_t *)-1;
fd.fd_ifp = (struct ifnet *)ir;
fd.fd_ifp = (struct ifnet *)ir;
fd.fd_ip = ip->ip_dst;
fdp = &fd;
}
@ -1715,6 +1882,7 @@ frdest_t *fdp;
if (ifp == NULL)
goto bad_fastroute;
fr = fin->fin_fr;
/*
* In case we're here due to "to <if>" being used with
* "keep state", check that we're going in the correct
@ -1722,7 +1890,7 @@ frdest_t *fdp;
*/
if ((fr != NULL) && (fdp->fd_ifp != NULL) &&
(fin->fin_rev != 0) && (fdp == &fr->fr_tif))
return -1;
return 1;
fin->fin_ifp = ifp;
if (fin->fin_out == 0) {
@ -1783,6 +1951,7 @@ frdest_t *fdp;
q = WR(ir->ire_rfq);
if (q) {
mb->b_prev = NULL;
mb->b_next = NULL;
mb->b_queue = q;
RWLOCK_EXIT(&ipfs_mutex);
RWLOCK_EXIT(&ipf_solaris);
@ -1804,13 +1973,16 @@ frdest_t *fdp;
READ_ENTER(&ipf_solaris);
READ_ENTER(&ipfs_mutex);
ipl_frouteok[0]++;
*mpp = NULL;
return 0;
}
}
bad_fastroute:
mb->b_prev = NULL;
mb->b_next = NULL;
freemsg(mb);
ipl_frouteok[1]++;
*mpp = NULL;
return -1;
}

6
contrib/ipfilter/test/Makefile
View File

@ -15,7 +15,7 @@ first:
-mkdir -p results
# Filtering tests
ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f14
ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14
# Rule parsing tests
ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
@ -28,7 +28,7 @@ ntests: n1 n2 n3 n4 n5 n6 n7
f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f14:
@/bin/sh ./dotest $@
f12:
f12 f13:
@/bin/sh ./hextest $@
i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11:
@ -38,6 +38,6 @@ n1 n2 n3 n4 n5 n6 n7:
@/bin/sh ./nattest $@
clean:
/bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f14 results/*
/bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f13 f12 f14 results/*
/bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
/bin/rm -f n1 n2 n3 n4 n5 n6 n7

4
contrib/ipfilter/test/expected/i7
View File

@ -1,4 +1,4 @@
pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 flags S/SA
block in on lo0(!) proto tcp from any to any flags A/0xbf
block in on lo0(!) proto tcp from any to any flags A/FSRPAUC
pass in on lo0(!) proto tcp from any to any flags /SPA
block in on lo0(!) proto tcp from any to any flags 0x80/A
block in on lo0(!) proto tcp from any to any flags C/A

4
contrib/ipfilter/test/input/f13
View File

@ -33,6 +33,10 @@
45 00 001c 0008 2000 3f 11 0000 01010101 02010101
0035003500040000
# 1.1.1.1,1 -> 2.1.1.1,1 TTL=63 UDP MF FO=0 (short)
45 00 0018 0008 2000 3f 11 0000 01010101 02010101
00350036
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP FO=1
45 00 001c 0008 0001 3f 11 0000 01010101 02010101
0000000000000000