Merge 3.2.3 -> 3.2.7 changes into mainline.

svn path=/head/; revision=37078

contrib/ipfilter/ipmon.c

@@ -7,7 +7,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "@(#)ipmon.c	1.21 6/5/96 (C)1993-1997 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.0.2.29.2.4 1997/11/28 06:14:46 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.0.2.29.2.9 1998/05/23 14:29:45 darrenr Exp $";
 #endif
 
 #include <stdio.h>
@@ -19,6 +19,7 @@ static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.0.2.29.2.4 1997/11/28 06:14:46
 #ifndef __FreeBSD__
 #if !defined(__SVR4) && !defined(__svr4__)
 #include <strings.h>
+#include <signal.h>
 #include <sys/dir.h>
 #else
 #include <sys/filio.h>
@@ -89,7 +90,11 @@ struct	flags	tcpfl[] = {
 
 static	char	line[2048];
 static	int	opts = 0;
+static	FILE	*newlog = NULL;
+static	char	*logfile = NULL;
+static	int	donehup = 0;
 static	void	usage __P((char *));
+static	void	handlehup __P((void));
 static	void	flushlogs __P((char *, FILE *));
 static	void	print_log __P((int, FILE *, char *, int));
 static	void	print_ipflog __P((FILE *, char *, int));
@@ -101,6 +106,8 @@ char	*hostname __P((int, struct in_addr));
 char	*portname __P((int, char *, u_short));
 int	main __P((int, char *[]));
 
+static	void	logopts __P((int, char *));
+
 
 #define	OPT_SYSLOG	0x001
 #define	OPT_RESOLVE	0x002
@@ -119,6 +126,17 @@ int	main __P((int, char *[]));
 #endif
 
 
+static void handlehup()
+{
+	FILE	*fp;
+
+	signal(SIGHUP, handlehup);
+	if (logfile && (fp = fopen(logfile, "a")))
+		newlog = fp;
+	donehup = 1;
+}
+
+
 static int read_log(fd, lenp, buf, bufsize, log)
 int fd, bufsize, *lenp;
 char *buf;
@@ -183,7 +201,7 @@ int	len;
 			*t++ = '\n';
 			*t = '\0';
 			if (!(opts & OPT_SYSLOG))
-				fputs(line, stdout);
+				fputs(line, log);
 			else
 				syslog(LOG_INFO, "%s", line);
 			t = (u_char *)line;
@@ -219,8 +237,8 @@ int	len;
 		*t = '\0';
 	}
 	if (!(opts & OPT_SYSLOG)) {
-		fputs(line, stdout);
-		fflush(stdout);
+		fputs(line, log);
+		fflush(log);
 	} else
 		syslog(LOG_INFO, "%s", line);
 }
@@ -234,19 +252,21 @@ int	blen;
 	iplog_t	*ipl = (iplog_t *)buf;
 	char	*t = line;
 	struct	tm	*tm;
-	int	res;
+	int	res, i, len;
 
 	nl = (struct natlog *)((char *)ipl + sizeof(*ipl));
 	res = (opts & OPT_RESOLVE) ? 1 : 0;
 	tm = localtime((time_t *)&ipl->ipl_sec);
+	len = sizeof(line);
 	if (!(opts & OPT_SYSLOG)) {
-		(void) sprintf(t, "%2d/%02d/%4d ",
-			tm->tm_mday, tm->tm_mon + 1, tm->tm_year + 1900);
-		t += strlen(t);
+		(void) strftime(t, len, "%d/%m/%Y ", tm);
+		i = strlen(t);
+		len -= i;
+		t += i;
 	}
-	(void) sprintf(t, "%02d:%02d:%02d.%-.6ld @%hd ",
-		tm->tm_hour, tm->tm_min, tm->tm_sec, ipl->ipl_usec,
-		nl->nl_rule+1);
+	(void) strftime(t, len, "%T", tm);
+	t += strlen(t);
+	(void) sprintf(t, ".%-.6ld @%hd ", ipl->ipl_usec, nl->nl_rule + 1);
 	t += strlen(t);
 
 	if (nl->nl_type == NL_NEWMAP)
@@ -297,18 +317,21 @@ int	blen;
 	struct	protoent *pr;
 	char	*t = line, *proto, pname[6];
 	struct	tm	*tm;
-	int	res;
+	int	res, i, len;
 
 	sl = (struct ipslog *)((char *)ipl + sizeof(*ipl));
 	res = (opts & OPT_RESOLVE) ? 1 : 0;
 	tm = localtime((time_t *)&ipl->ipl_sec);
+	len = sizeof(line);
 	if (!(opts & OPT_SYSLOG)) {
-		(void) sprintf(t, "%2d/%02d/%4d ",
-			tm->tm_mday, tm->tm_mon + 1, tm->tm_year + 1900);
-		t += strlen(t);
+		(void) strftime(t, len, "%d/%m/%Y ", tm);
+		i = strlen(t);
+		len -= i;
+		t += i;
 	}
-	(void) sprintf(t, "%02d:%02d:%02d.%-.6ld ",
-		tm->tm_hour, tm->tm_min, tm->tm_sec, ipl->ipl_usec);
+	(void) strftime(t, len, "%T", tm);
+	t += strlen(t);
+	(void) sprintf(t, ".%-.6ld ", ipl->ipl_usec);
 	t += strlen(t);
 
 	if (sl->isl_type == ISL_NEW)
@@ -366,13 +389,26 @@ char	*buf;
 int	logtype, blen;
 {
 	iplog_t	*ipl;
+	char *bp = NULL, *bpo = NULL;
 	int psize;
 
 	while (blen > 0) {
 		ipl = (iplog_t *)buf;
+		if ((u_long)ipl & (sizeof(long)-1)) {
+			if (bp)
+				bpo = bp;
+			bp = (char *)malloc(blen);
+			bcopy((char *)ipl, bp, blen);
+			if (bpo) {
+				free(bpo);
+				bpo = NULL;
+			}
+			buf = bp;
+			continue;
+		}
 		if (ipl->ipl_magic != IPL_MAGIC) {
 			/* invalid data or out of sync */
-			return;
+			break;
 		}
 		psize = ipl->ipl_dsize;
 		switch (logtype)
@@ -391,6 +427,9 @@ int	logtype, blen;
 		blen -= psize;
 		buf += psize;
 	}
+	if (bp)
+		free(bp);
+	return;
 }
 
 
@@ -423,13 +462,16 @@ int	blen;
 	ip->ip_len = ntohs(ip->ip_len);
 #endif
 
+	len = sizeof(line);
 	if (!(opts & OPT_SYSLOG)) {
-		(void) sprintf(t, "%2d/%02d/%4d ",
-			tm->tm_mday, tm->tm_mon + 1, tm->tm_year + 1900);
-		t += strlen(t);
+		(void) strftime(t, len, "%d/%m/%Y ", tm);
+		i = strlen(t);
+		len -= i;
+		t += i;
 	}
-	(void) sprintf(t, "%02d:%02d:%02d.%-.6ld ", tm->tm_hour, tm->tm_min,
-		tm->tm_sec, ipl->ipl_usec);
+	(void) strftime(t, len, "%T", tm);
+	t += strlen(t);
+	(void) sprintf(t, ".%-.6ld ", ipl->ipl_usec);
 	t += strlen(t);
 	if (ipl->ipl_count > 1) {
 		(void) sprintf(t, "%dx ", ipl->ipl_count);
@@ -521,9 +563,9 @@ int	blen;
 		ic = (struct icmp *)((char *)ip + hl);
 		(void) sprintf(t, "%s -> ", hostname(res, ip->ip_src));
 		t += strlen(t);
-		(void) sprintf(t, "%s PR icmp len %hu (%hu) icmp %d/%d",
-			hostname(res, ip->ip_dst), hl,
-			ntohs(ip->ip_len), ic->icmp_type, ic->icmp_code);
+		(void) sprintf(t, "%s PR icmp len %hu %hu icmp %d/%d",
+			hostname(res, ip->ip_dst), hl, ip->ip_len,
+			ic->icmp_type, ic->icmp_code);
 		if (ic->icmp_type == ICMP_UNREACH ||
 		    ic->icmp_type == ICMP_SOURCEQUENCH ||
 		    ic->icmp_type == ICMP_PARAMPROB ||
@@ -665,7 +707,7 @@ char *argv[];
 	FILE	*log = stdout;
 	int	fd[3], doread, n, i;
 	int	tr, nr, regular[3], c;
-	int	fdt[3], devices = 0;
+	int	fdt[3], devices = 0, make_daemon = 0;
 	char	buf[512], *iplfile[3];
 	extern	int	optind;
 	extern	char	*optarg;
@@ -676,12 +718,15 @@ char *argv[];
 	iplfile[1] = IPNAT_NAME;
 	iplfile[2] = IPSTATE_NAME;
 
-	while ((c = getopt(argc, argv, "?af:FhI:nN:o:O:sS:tvxX")) != -1)
+	while ((c = getopt(argc, argv, "?aDf:FhI:nN:o:O:sS:tvxX")) != -1)
 		switch (c)
 		{
 		case 'a' :
 			opts |= OPT_ALL;
 			break;
+		case 'D' :
+			make_daemon = 1;
+			break;
 		case 'f' : case 'I' :
 			opts |= OPT_FILTER;
 			fdt[0] = IPL_LOGIPF;
@@ -770,7 +815,8 @@ char *argv[];
 	}
 
 	if (!(opts & OPT_SYSLOG)) {
-		log = argv[optind] ? fopen(argv[optind], "a") : stdout;
+		logfile = argv[optind];
+		log = logfile ? fopen(logfile, "a") : stdout;
 		if (log == NULL) {
 			
 			(void) fprintf(stderr, "%s: fopen: %s\n", argv[optind],
@@ -780,6 +826,17 @@ char *argv[];
 		setvbuf(log, NULL, _IONBF, 0);
 	}
 
+	if (make_daemon && (log != stdout)) {
+		if (fork() > 0)
+			exit(0);
+		close(0);
+		close(1);
+		close(2);
+		setsid();
+	}
+
+	signal(SIGHUP, handlehup);
+
 	for (doread = 1; doread; ) {
 		nr = 0;
 
@@ -802,6 +859,15 @@ char *argv[];
 			nr += tr;
 
 			tr = read_log(fd[i], &n, buf, sizeof(buf), log);
+			if (donehup) {
+				donehup = 0;
+				if (newlog) {
+					fclose(log);
+					log = newlog;
+					newlog = NULL;
+				}
+			}
+
 			switch (tr)
 			{
 			case -1 :

contrib/ipfilter/ipsend/ipsend.c

@@ -12,7 +12,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "@(#)ipsend.c	1.5 12/10/95 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.0.2.19 1997/10/12 09:48:38 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.0.2.19.2.1 1998/05/14 14:01:19 darrenr Exp $";
 #endif
 #include <stdio.h>
 #include <stdlib.h>
@@ -358,7 +358,7 @@ char	**argv;
 	    }
 
 	if (ip->ip_p == IPPROTO_TCP)
-		for (s = argv[optind]; (c = *s); s++)
+		for (s = argv[optind]; s && (c = *s); s++)
 			switch(c)
 			{
 			case 'S' : case 's' :

contrib/ipfilter/ipsend/iptest.1

@@ -91,11 +91,11 @@ MTU's without setting them so.
 Run a...
 .DT
 .SH SEE ALSO
-ipsend(1), ipresend(1), bpf(4), dlpi(7p)
+ipsend(1), ipresend(1), bpf(4), ipsend(5), dlpi(7p)
 .SH DIAGNOSTICS
 Only one of the numeric test options may be given when \fIiptest\fP is run.
 .PP
 Needs to be run as root.
 .SH BUGS
 .PP
-If you find any, please send email to me at darrenr@cyber.com.au
+If you find any, please send email to me at darrenr@pobox.com

contrib/ipfilter/man/ipf.4

@@ -3,6 +3,7 @@
 ipf \- packet filtering kernel interface
 .SH SYNOPSIS
 #include <netinet/ip_compat.h>
+.br
 #include <netinet/ip_fil.h>
 .SH IOCTLS
 .PP
@@ -200,5 +201,13 @@ struct	filterstats {
 #endif
 };
 .fi
+.SH FILES
+/dev/ipauth
+.br
+/dev/ipl
+.br
+/dev/ipnat
+.br
+/dev/ipstate
 .SH SEE ALSO
-ipfstat(8), ipf(8), ipf(5)
+ipl(4), ipnat(4), ipf(5), ipf(8), ipfstat(8)

contrib/ipfilter/man/ipftest.1

@@ -1,4 +1,4 @@
-.TH ipftest 8
+.TH ipftest 1
 .SH NAME
 ipftest \- test packet filter rules with arbitrary input.
 .SH SYNOPSIS
@@ -119,9 +119,8 @@ Specify the filename from which to take input.  Default is stdin.
 .TP
 .BR \-r \0<filename>
 Specify the filename from which to read filter rules.
-.SH FILES
 .SH SEE ALSO
-ipf(8), ipf(5), snoop(1m), tcpdump(8), etherfind(8c)
+ipf(5), ipf(8), snoop(1m), tcpdump(8), etherfind(8c)
 .SH BUGS
 Not all of the input formats are sufficiently capable of introducing a
 wide enough variety of packets for them to be all useful in testing.

contrib/ipfilter/man/ipmon.8

@@ -101,6 +101,10 @@ saved and will abort if it fails an assertion which detects an anomoly in the
 recorded data.
 .SH FILES
 /dev/ipl
+.br
+/dev/ipnat
+.br
+/dev/ipstate
 .SH SEE ALSO
-ipf(8), ipfstat(8)
+ipl(4), ipf(8), ipfstat(8), ipnat(8)
 .SH BUGS

contrib/ipfilter/man/ipnat.4

@@ -3,8 +3,11 @@
 ipnat \- Network Address Translation kernel interface
 .SH SYNOPSIS
 #include <netinet/ip_compat.h>
+.br
 #include <netinet/ip_fil.h>
+.br
 #include <netinet/ip_proxy.h>
+.br
 #include <netinet/ip_nat.h>
 .SH IOCTLS
 .PP
@@ -87,5 +90,7 @@ typedef struct  natstat {
 .SH BUGS
 It would be nice if there were more flexibility when adding and deleting
 filter rules.
+.SH FILES
+/dev/ipnat
 .SH SEE ALSO
-ipfstat(8), ipf(8), ipf(4), ipnat(5)
+ipf(4), ipnat(5), ipf(8), ipnat(8), ipfstat(8)