This commit was generated by cvs2svn to compensate for changes in r130887,

which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Darren Reed 2004-06-21 22:47:51 +00:00
commit 0338547942
61 changed files with 1296 additions and 376 deletions

View File

@ -16,6 +16,9 @@ if [ $os = FreeBSD ] ; then
echo "Copying /usr/include/osreldate.h to /sys/sys"
cp /usr/include/osreldate.h /sys/sys
fi
if [ -f /sys/contrib/ipfilter/netinet/mlfk_ipl.c ] ; then
/bin/cp mlfk_ipl.c /sys/contrib/ipfilter/netinet/
fi
fi
archdir="/sys/arch/$karch"
ipfdir=/sys/netinet

View File

@ -22,6 +22,87 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
3.4.35 21/6/2004 - Released
some cases of ICMP checksum alteration were wrong
block packets that fail to create state table entries
correctly handle all return values from ip_natout() when fastrouting
ipmon was not correctly calculating the length of the IPv6 packet (excluded
ipv6 header length)
3.4.34 20/4/2004 - Released
correct the ICMP packet checksum fixing up when processing ICMP errors for NAT
various changes to ipsend for sending packets with ipv4 options
look for ipmon's pidfile in /var/run and /etc/opt/ipf in Solaris' init script
only allow non-fragmented packets to influence whether or not a logged
packet is the same as the one logged before.
make "ipfstat -f" output more informative
compatibility for openbsd byte order changes to ip_off/ip_len
disallow "freebsd" as a make target (encourages people to do the wrong thing)
3.4.33 15/12/2003 - Released
pass on messages moving through ipfilter when it is unloading itself on Solaris
add disabling of auto-detach when the module attaches on Solaris
compatibility patches for 'struct ifnet' changes on FreeBSD
implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX
and ipf_nattable_max)
fix ipfstat -A
frsynclist() wasn't paying attention to all the places where interface
names are, like it should.
fix where packet header pointers are pointing to after doing an ipf_pullup
fix comparing ICMP packets with established TCP state where only 8 bytes
of header are returned in the ICMP error.
3.4.32 18/6/2003 - Released
fix up the behaviour of ipfs
make parsing errors in ipf/ipnat return an error rather than return
indicating success.
window scaling patch
make ipfstat work as a set{g,u}id thing - gave up privs before opening
/dev/ipl
checksum adjustment corrections for ICMP & NAT
attempt to always get an mbuf full of data through pullup if possible
Fix bug with NAT and fragments causing system to crash
Add patches for OpenBSD 3.3
stop LKM locking up the machine on modern NetBSD(?)
allow timeouts in NAT rules to over-ride fr_defnatage if LARGE_NAT is defined
Locking patches for IRIX 6.5 from SGI.
fix bug in synchronising state sessions where all interfaces were invalidated
fix bug in openbsd 3.2 bridge diffs
fix bug parsing port comparisons in proxy rules
3.4.31 7/12/2002 - Released
Solaris 10 compatibility

View File

@ -263,7 +263,19 @@ int linenum;
return 0;
if (!strcasecmp(**seg, "port") && *(*seg + 1) && *(*seg + 2)) {
(*seg)++;
if (isalnum(***seg) && *(*seg + 2)) {
if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq"))
comp = FR_EQUAL;
else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne"))
comp = FR_NEQUAL;
else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt"))
comp = FR_LESST;
else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt"))
comp = FR_GREATERT;
else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le"))
comp = FR_LESSTE;
else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge"))
comp = FR_GREATERTE;
else if (isalnum(***seg) && *(*seg + 2)) {
if (portnum(**seg, pp, linenum) == 0)
return -1;
(*seg)++;
@ -285,19 +297,7 @@ int linenum;
}
if (portnum(**seg, tp, linenum) == 0)
return -1;
} else if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq"))
comp = FR_EQUAL;
else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne"))
comp = FR_NEQUAL;
else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt"))
comp = FR_LESST;
else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt"))
comp = FR_GREATERT;
else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le"))
comp = FR_LESSTE;
else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge"))
comp = FR_GREATERTE;
else {
} else {
fprintf(stderr, "%d: unknown comparator (%s)\n",
linenum, **seg);
return -1;

View File

@ -99,7 +99,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.40 2002/12/06 11:40:20 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.45 2004/04/10 11:45:48 darrenr Exp $";
#endif
extern char *optarg;
@ -117,6 +117,9 @@ static char *filters[4] = { "ipfilter(in)", "ipfilter(out)",
int opts = 0;
int use_inet6 = 0;
int live_kernel = 1;
int state_fd = -1;
int auth_fd = -1;
int ipf_fd = -1;
#ifdef STATETOP
#define STSTRSIZE 80
@ -236,6 +239,21 @@ char *argv[];
}
optind = myoptind;
if (live_kernel == 1) {
if ((state_fd = open(IPL_STATE, O_RDONLY)) == -1) {
perror("open");
exit(-1);
}
if ((auth_fd = open(IPL_AUTH, O_RDONLY)) == -1) {
perror("open");
exit(-1);
}
if ((ipf_fd = open(device, O_RDONLY)) == -1) {
perror("open");
exit(-1);
}
}
if (kern != NULL || memf != NULL)
{
(void)setuid(getuid());
@ -404,32 +422,20 @@ ipfrstat_t **ifrstpp;
fr_authstat_t **frauthstpp;
u_32_t *frfp;
{
int fd;
if ((fd = open(device, O_RDONLY)) < 0) {
perror("open");
exit(-1);
}
if (!(opts & OPT_AUTHSTATS) && ioctl(fd, SIOCGETFS, fiopp) == -1) {
if (!(opts & OPT_AUTHSTATS) && ioctl(ipf_fd, SIOCGETFS, fiopp) == -1) {
perror("ioctl(ipf:SIOCGETFS)");
exit(-1);
}
if ((opts & OPT_IPSTATES)) {
int sfd = open(IPL_STATE, O_RDONLY);
if (sfd == -1) {
perror("open");
exit(-1);
}
if ((ioctl(sfd, SIOCGETFS, ipsstpp) == -1)) {
if ((ioctl(state_fd, SIOCGETFS, ipsstpp) == -1)) {
perror("ioctl(state:SIOCGETFS)");
exit(-1);
}
close(sfd);
}
if ((opts & OPT_FRSTATES) && (ioctl(fd, SIOCGFRST, ifrstpp) == -1)) {
if ((opts & OPT_FRSTATES) &&
(ioctl(ipf_fd, SIOCGFRST, ifrstpp) == -1)) {
perror("ioctl(SIOCGFRST)");
exit(-1);
}
@ -438,15 +444,15 @@ u_32_t *frfp;
PRINTF("opts %#x name %s\n", opts, device);
if ((opts & OPT_AUTHSTATS) &&
(ioctl(fd, SIOCATHST, frauthstpp) == -1)) {
(ioctl(auth_fd, SIOCATHST, frauthstpp) == -1)) {
perror("ioctl(SIOCATHST)");
exit(-1);
}
if (ioctl(fd, SIOCGETFF, frfp) == -1)
if (ioctl(ipf_fd, SIOCGETFF, frfp) == -1)
perror("ioctl(SIOCGETFF)");
return fd;
return ipf_fd;
}
@ -691,10 +697,10 @@ u_32_t frf;
fp->f_st[0].fr_pkl, fp->f_st[1].fr_pkl);
PRINTF(" log failures:\t\tinput %lu output %lu\n",
fp->f_st[0].fr_skip, fp->f_st[1].fr_skip);
PRINTF("fragment state(in):\tkept %lu\tlost %lu\n",
fp->f_st[0].fr_nfr, fp->f_st[0].fr_bnfr);
PRINTF("fragment state(out):\tkept %lu\tlost %lu\n",
fp->f_st[1].fr_nfr, fp->f_st[1].fr_bnfr);
PRINTF("fragment state(in):\tkept %lu\tlost %lu\tnot fragmented %lu\n",
fp->f_st[0].fr_nfr, fp->f_st[0].fr_bnfr, fp->f_st[0].fr_cfr);
PRINTF("fragment state(out):\tkept %lu\tlost %lu\tnot fragmented %lu\n",
fp->f_st[1].fr_nfr, fp->f_st[1].fr_bnfr, fp->f_st[1].fr_cfr);
PRINTF("packet state(in):\tkept %lu\tlost %lu\n",
fp->f_st[0].fr_ads, fp->f_st[0].fr_bads);
PRINTF("packet state(out):\tkept %lu\tlost %lu\n",
@ -849,6 +855,8 @@ ips_stat_t *ipsp;
ipsp->iss_miss);
PRINTF("\t%lu maximum\n\t%lu no memory\n\t%lu bkts in use\n",
ipsp->iss_max, ipsp->iss_nomem, ipsp->iss_inuse);
PRINTF("\t%lu logged\n\t%lu log failures\n",
ipsp->iss_logged, ipsp->iss_logfail);
PRINTF("\t%lu active\n\t%lu expired\n\t%lu closed\n",
ipsp->iss_active, ipsp->iss_expire, ipsp->iss_fin);
return;
@ -875,7 +883,7 @@ void showqiflist(kern)
char *kern;
{
struct nlist qifnlist[2] = {
{ "qif_head" },
{ "_qif_head" },
{ NULL }
};
qif_t qif, *qf;
@ -926,7 +934,7 @@ int topclosed;
{
char str1[STSTRSIZE], str2[STSTRSIZE], str3[STSTRSIZE], str4[STSTRSIZE];
int maxtsentries = 0, reverse = 0, sorting = STSORT_DEFAULT;
int i, j, sfd, winx, tsentry, maxx, maxy, redraw = 0;
int i, j, winx, tsentry, maxx, maxy, redraw = 0;
ipstate_t *istab[IPSTATE_SIZE], ips;
ips_stat_t ipsst, *ipsstp = &ipsst;
statetop_t *tstable = NULL, *tp;
@ -941,12 +949,6 @@ int topclosed;
fd_set readfd;
#endif
/* open state device */
if ((sfd = open(IPL_STATE, O_RDONLY)) == -1) {
perror("open");
exit(-1);
}
/* init ncurses stuff */
initscr();
cbreak();
@ -961,7 +963,7 @@ int topclosed;
/* get state table */
bzero((char *)&ipsst, sizeof(&ipsst));
if ((ioctl(sfd, SIOCGETFS, &ipsstp) == -1)) {
if ((ioctl(state_fd, SIOCGETFS, &ipsstp) == -1)) {
perror("ioctl(SIOCGETFS)");
exit(-1);
}
@ -1246,8 +1248,6 @@ int topclosed;
}
} /* while */
close(sfd);
printw("\n");
nocbreak();
endwin();
@ -1279,6 +1279,7 @@ ipfrstat_t *ifsp;
/*
* Print out the contents (if any) of the fragment cache table.
*/
PRINTF("\n");
for (i = 0; i < IPFT_SIZE; i++)
while (ipfrtab[i]) {
if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i],
@ -1287,11 +1288,11 @@ ipfrstat_t *ifsp;
PRINTF("%s -> ", hostname(4, &ifr.ipfr_src));
if (kmemcpy((char *)&fr, (u_long)ifr.ipfr_rule,
sizeof(fr)) == -1)
break;
PRINTF("%s %d %d %d %#02x = %#x\n",
hostname(4, &ifr.ipfr_dst), ifr.ipfr_id,
ifr.ipfr_ttl, ifr.ipfr_p, ifr.ipfr_tos,
fr.fr_flags);
break;
PRINTF("%s id %d ttl %d pr %d seen0 %d ifp %p tos %#02x = fl %#x\n",
hostname(4, &ifr.ipfr_dst), ntohs(ifr.ipfr_id),
ifr.ipfr_ttl, ifr.ipfr_p, ifr.ipfr_seen0,
ifr.ipfr_ifp, ifr.ipfr_tos, fr.fr_flags);
ipfrtab[i] = ifr.ipfr_next;
}
if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_nattab,sizeof(ipfrtab)))

View File

@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.24 2002/12/06 11:42:22 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.27 2003/06/12 16:03:14 darrenr Exp $";
#endif
#include <sys/types.h>
@ -623,8 +623,8 @@ caddr_t data;
while ((f = *ftail))
ftail = &f->fr_next;
else {
ftail = fprev;
if (fp->fr_hits) {
ftail = fprev;
while (--fp->fr_hits && (f = *ftail))
ftail = &f->fr_next;
}
@ -785,15 +785,14 @@ fr_info_t *fin;
tcp2->th_sport = tcp->th_dport;
if (tcp->th_flags & TH_ACK) {
tcp2->th_seq = tcp->th_ack;
tcp2->th_flags = TH_RST|TH_ACK;
tcp2->th_flags = TH_RST;
} else {
tcp2->th_ack = ntohl(tcp->th_seq);
tcp2->th_ack += tlen;
tcp2->th_ack = htonl(tcp2->th_ack);
tcp2->th_flags = TH_RST;
tcp2->th_flags = TH_RST|TH_ACK;
}
tcp2->th_off = sizeof(struct tcphdr) >> 2;
tcp2->th_flags = TH_RST|TH_ACK;
/*
* This is to get around a bug in the Solaris 2.4/2.5 TCP checksum

View File

@ -50,7 +50,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.19 2002/12/06 11:41:13 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.23 2003/06/27 14:39:13 darrenr Exp $";
#endif
#if SOLARIS
@ -61,6 +61,7 @@ extern char *index __P((const char *, int));
#endif
extern char *optarg;
extern int optind;
void frsync __P((void));
void zerostats __P((void));
@ -72,15 +73,16 @@ int use_inet6 = 0;
static int fd = -1;
static void procfile __P((char *, char *)), flushfilter __P((char *));
static void set_state __P((u_int)), showstats __P((friostat_t *));
static int set_state __P((u_int));
static void showstats __P((friostat_t *));
static void packetlogon __P((char *)), swapactive __P((void));
static int opendevice __P((char *));
static void closedevice __P((void));
static char *getline __P((char *, size_t, FILE *, int *));
static char *ipfname = IPL_NAME;
static void usage __P((void));
static void usage __P((char *));
static int showversion __P((void));
static int get_flags __P((void));
static int get_flags __P((int *));
#if SOLARIS
@ -89,9 +91,10 @@ static int get_flags __P((void));
# define OPTS "6AdDEf:F:Il:noPrsvVyzZ"
#endif
static void usage()
static void usage(name)
char *name;
{
fprintf(stderr, "usage: ipf [-%s] %s %s %s\n", OPTS,
fprintf(stderr, "usage: %s [-%s] %s %s %s\n", name, OPTS,
"[-l block|pass|nomatch]", "[-F i|o|a|s|S]", "[-f filename]");
exit(1);
}
@ -103,6 +106,9 @@ char *argv[];
{
int c;
if (argc < 2)
usage(argv[0]);
while ((c = getopt(argc, argv, OPTS)) != -1) {
switch (c)
{
@ -113,10 +119,12 @@ char *argv[];
opts &= ~OPT_INACTIVE;
break;
case 'E' :
set_state((u_int)1);
if (set_state((u_int)1))
exit(1);
break;
case 'D' :
set_state((u_int)0);
if (set_state((u_int)0))
exit(1);
break;
case 'd' :
opts |= OPT_DEBUG;
@ -168,12 +176,16 @@ char *argv[];
case 'Z' :
zerostats();
break;
case '?' :
default :
usage();
usage(argv[0]);
break;
}
}
if (optind < 2)
usage(argv[0]);
if (fd != -1)
(void) close(fd);
@ -186,53 +198,82 @@ static int opendevice(ipfdev)
char *ipfdev;
{
if (opts & OPT_DONOTHING)
return -2;
return 0;
if (!ipfdev)
ipfdev = ipfname;
if (!(opts & OPT_DONOTHING) && fd == -1)
if ((fd = open(ipfdev, O_RDWR)) == -1)
if ((fd = open(ipfdev, O_RDONLY)) == -1) {
perror("open device");
if (errno == ENODEV)
fprintf(stderr, "IPFilter enabled?\n");
}
return fd;
/*
* shouldn't we really be testing for fd < 0 here and below?
*/
if (fd != -1)
return 0;
if ((fd = open(ipfdev, O_RDWR)) == -1) {
if ((fd = open(ipfdev, O_RDONLY)) == -1) {
perror("open device");
if (errno == ENODEV)
fprintf(stderr, "IPFilter enabled?\n");
return -1;
}
}
return 0;
}
static void closedevice()
{
close(fd);
if (fd != -1)
close(fd);
fd = -1;
}
static int get_flags()
/*
* Return codes:
* 0 Success
* !0 Failure (and an error message has already been printed)
*/
static int get_flags(i)
int *i;
{
int i;
if ((opendevice(ipfname) != -2) && (ioctl(fd, SIOCGETFF, &i) == -1)) {
perror("SIOCGETFF");
if (opts & OPT_DONOTHING)
return 0;
if (opendevice(ipfname) < 0)
return -1;
if (ioctl(fd, SIOCGETFF, i) == -1) {
perror("SIOCGETFF");
return -1;
}
return i;
return 0;
}
static void set_state(enable)
static int set_state(enable)
u_int enable;
{
if (opendevice(ipfname) != -2)
if (ioctl(fd, SIOCFRENB, &enable) == -1) {
if (errno == EBUSY)
fprintf(stderr,
"IP Filter: already initialized\n");
else
perror("SIOCFRENB");
if (opts & OPT_DONOTHING)
return 0;
if (opendevice(ipfname))
return -1;
if (ioctl(fd, SIOCFRENB, &enable) == -1) {
if (errno == EBUSY)
/* Not really an error */
fprintf(stderr,
"IP Filter: already initialized\n");
else {
perror("SIOCFRENB");
return -1;
}
return;
}
return 0;
}
static void procfile(name, file)
@ -243,8 +284,10 @@ char *name, *file;
struct frentry *fr;
u_int add, del;
int linenum = 0;
int parsestatus;
(void) opendevice(ipfname);
if (opendevice(ipfname) == -1)
exit(1);
if (opts & OPT_INACTIVE) {
add = SIOCADIFR;
@ -284,9 +327,18 @@ char *name, *file;
if (opts & OPT_VERBOSE)
(void)fprintf(stderr, "[%s]\n", line);
fr = parse(line, linenum);
parsestatus = 1;
fr = parse(line, linenum, &parsestatus);
(void)fflush(stdout);
if (parsestatus != 0) {
fprintf(stderr, "%s: %s: %s error (%d), quitting\n",
name, file,
((parsestatus < 0)? "parse": "internal"),
parsestatus);
exit(1);
}
if (fr) {
if (opts & OPT_ZERORULEST)
add = SIOCZRLST;
@ -311,6 +363,7 @@ char *name, *file;
if (ioctl(fd, add, &fr) == -1) {
fprintf(stderr, "%d:", linenum);
perror("ioctl(SIOCZRLST)");
exit(1);
} else {
#ifdef USE_QUAD_T
printf("hits %qd bytes %qd ",
@ -327,11 +380,13 @@ char *name, *file;
if (ioctl(fd, del, &fr) == -1) {
fprintf(stderr, "%d:", linenum);
perror("ioctl(delete rule)");
exit(1);
}
} else if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, add, &fr) == -1) {
fprintf(stderr, "%d:", linenum);
perror("ioctl(add/insert rule)");
exit(1);
}
}
}
@ -346,7 +401,7 @@ char *name, *file;
/*
* Similar to fgets(3) but can handle '\\' and NL is converted to NUL.
* Returns NULL if error occured, EOF encounterd or input line is too long.
* Returns NULL if error occurred, EOF encounterd or input line is too long.
*/
static char *getline(str, size, file, linenum)
register char *str;
@ -360,7 +415,7 @@ int *linenum;
do {
for (p = str, s = size;; p += (len - 1), s -= (len - 1)) {
/*
* if an error occured, EOF was encounterd, or there
* if an error occurred, EOF was encounterd, or there
* was no room to put NUL, return NULL.
*/
if (fgets(p, s, file) == NULL)
@ -391,7 +446,9 @@ char *opt;
{
int flag;
flag = get_flags();
if (get_flags(&flag))
exit(1);
if (flag != 0) {
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE)
printf("log flag is currently %#x\n", flag);
@ -415,11 +472,27 @@ char *opt;
printf("set log flag: block\n");
}
if (opendevice(ipfname) != -2 && (ioctl(fd, SIOCSETFF, &flag) != 0))
perror("ioctl(SIOCSETFF)");
if (opendevice(ipfname) == -1) {
exit(1);
}
if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, SIOCSETFF, &flag) != 0) {
perror("ioctl(SIOCSETFF)");
exit(1);
}
}
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
flag = get_flags();
/*
* Even though the ioctls above succeeded, it
* is possible that a calling script/program
* relies on the following verbose mode string.
* Thus, we still take an error exit if get_flags
* fails here.
*/
if (get_flags(&flag))
exit(1);
printf("log flag is now %#x\n", flag);
}
}
@ -430,8 +503,11 @@ char *arg;
{
int fl = 0, rem;
if (!arg || !*arg)
return;
if (!arg || !*arg) {
fprintf(stderr, "-F: no filter specified\n");
exit(1);
}
if (!strcmp(arg, "s") || !strcmp(arg, "S")) {
if (*arg == 'S')
fl = 0;
@ -440,13 +516,22 @@ char *arg;
rem = fl;
closedevice();
if (opendevice(IPL_STATE) != -2) {
if (opendevice(IPL_STATE) == -1) {
exit(1);
}
if (!(opts & OPT_DONOTHING)) {
if (use_inet6) {
if (ioctl(fd, SIOCIPFL6, &fl) == -1)
if (ioctl(fd, SIOCIPFL6, &fl) == -1) {
perror("ioctl(SIOCIPFL6)");
exit(1);
}
} else {
if (ioctl(fd, SIOCIPFFL, &fl) == -1)
if (ioctl(fd, SIOCIPFFL, &fl) == -1) {
perror("ioctl(SIOCIPFFL)");
exit(1);
}
}
}
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
@ -465,13 +550,21 @@ char *arg;
fl |= (opts & FR_INACTIVE);
rem = fl;
if (opendevice(ipfname) != -2) {
if (opendevice(ipfname) == -1) {
exit(1);
}
if (!(opts & OPT_DONOTHING)) {
if (use_inet6) {
if (ioctl(fd, SIOCIPFL6, &fl) == -1)
if (ioctl(fd, SIOCIPFL6, &fl) == -1) {
perror("ioctl(SIOCIPFL6)");
exit(1);
}
} else {
if (ioctl(fd, SIOCIPFFL, &fl) == -1)
if (ioctl(fd, SIOCIPFFL, &fl) == -1) {
perror("ioctl(SIOCIPFFL)");
exit(1);
}
}
}
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
@ -487,10 +580,18 @@ static void swapactive()
{
int in = 2;
if (opendevice(ipfname) != -2 && ioctl(fd, SIOCSWAPA, &in) == -1)
perror("ioctl(SIOCSWAPA)");
else
printf("Set %d now inactive\n", in);
if (opendevice(ipfname) == -1) {
exit(1);
}
if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, SIOCSWAPA, &in) == -1) {
perror("ioctl(SIOCSWAPA)");
exit(1);
}
}
printf("Set %d now inactive\n", in);
}
@ -498,10 +599,16 @@ void frsync()
{
int frsyn = 0;
if (opendevice(ipfname) != -2 && ioctl(fd, SIOCFRSYN, &frsyn) == -1)
perror("SIOCFRSYN");
else
printf("filter sync'd\n");
if (opendevice(ipfname) == -1)
exit(1);
if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, SIOCFRSYN, &frsyn) == -1) {
perror("SIOCFRSYN");
exit(1);
}
}
printf("filter sync'd\n");
}
@ -510,7 +617,10 @@ void zerostats()
friostat_t fio;
friostat_t *fiop = &fio;
if (opendevice(ipfname) != -2) {
if (opendevice(ipfname) == -1)
exit(1);
if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, SIOCFRZST, &fiop) == -1) {
perror("ioctl(SIOCFRZST)");
exit(-1);
@ -522,7 +632,7 @@ void zerostats()
/*
* read the kernel stats for packets blocked and passed
* Read the kernel stats for packets blocked and passed
*/
static void showstats(fp)
friostat_t *fp;
@ -556,19 +666,26 @@ friostat_t *fp;
#if SOLARIS
static void blockunknown()
{
u_32_t flag;
int flag;
if (opendevice(ipfname) == -1)
return;
exit(1);
if (get_flags(&flag))
exit(1);
flag = get_flags();
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE)
printf("log flag is currently %#x\n", flag);
flag ^= FF_BLOCKNONIP;
if (opendevice(ipfname) != -2 && ioctl(fd, SIOCSETFF, &flag))
perror("ioctl(SIOCSETFF)");
if (opendevice(ipfname) == -1)
exit(1);
if (!(opts & OPT_DONOTHING)) {
if (ioctl(fd, SIOCSETFF, &flag))
perror("ioctl(SIOCSETFF)");
}
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
if (ioctl(fd, SIOCGETFF, &flag))
@ -580,13 +697,15 @@ static void blockunknown()
#endif
/*
* nonzero return value means caller should exit with error
*/
static int showversion()
{
struct friostat fio;
struct friostat *fiop=&fio;
u_32_t flags;
int flags, vfd;
char *s;
int vfd;
printf("ipf: %s (%d)\n", IPL_VERSION, (int)sizeof(frentry_t));
@ -601,11 +720,14 @@ static int showversion()
return 1;
}
close(vfd);
flags = get_flags();
printf("Kernel: %-*.*s\n", (int)sizeof(fio.f_version),
(int)sizeof(fio.f_version), fio.f_version);
printf("Running: %s\n", fio.f_running ? "yes" : "no");
if (get_flags(&flags)) {
return 1;
}
printf("Log Flags: %#x = ", flags);
s = "";
if (flags & FF_LOGPASS) {

View File

@ -4,7 +4,7 @@
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipf.h 1.12 6/5/96
* $Id: ipf.h,v 2.9.2.6 2002/01/03 08:00:12 darrenr Exp $
* $Id: ipf.h,v 2.9.2.7 2003/05/15 17:45:33 darrenr Exp $
*/
#ifndef __IPF_H__
@ -62,7 +62,7 @@ struct nat;
extern char *strdup __P((char *));
#endif
extern struct frentry *parse __P((char *, int));
extern struct frentry *parse __P((char *, int, int *));
extern void printfr __P((struct frentry *));
extern void binprint __P((struct frentry *)), initparse __P((void));

View File

@ -45,7 +45,7 @@
#include "ipf.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.12 2002/09/26 12:25:19 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.15 2003/05/31 02:12:21 darrenr Exp $";
#endif
#ifndef IPF_SAVEDIR
@ -63,6 +63,7 @@ extern char *index __P((const char *, int));
#endif
extern char *optarg;
extern int optind;
int main __P((int, char *[]));
void usage __P((void));
@ -80,22 +81,24 @@ int writenat __P((int, char *));
char *concat __P((char *, char *));
int opts = 0;
char *progname;
void usage()
{
fprintf(stderr, "\
usage: ipfs [-nv] -l\n\
usage: ipfs [-nv] -u\n\
usage: ipfs [-nv] [-d <dir>] -R\n\
usage: ipfs [-nv] [-d <dir>] -W\n\
usage: ipfs [-nv] -N [-f <file> | -d <dir>] -r\n\
usage: ipfs [-nv] -S [-f <file> | -d <dir>] -r\n\
usage: ipfs [-nv] -N [-f <file> | -d <dir>] -w\n\
usage: ipfs [-nv] -S [-f <file> | -d <dir>] -w\n\
usage: ipfs [-nv] -N [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
usage: ipfs [-nv] -S [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
");
usage: %s [-nv] -l\n\
usage: %s [-nv] -u\n\
usage: %s [-nv] [-d <dir>] -R\n\
usage: %s [-nv] [-d <dir>] -W\n\
usage: %s [-nv] -N [-f <file> | -d <dir>] -r\n\
usage: %s [-nv] -S [-f <file> | -d <dir>] -r\n\
usage: %s [-nv] -N [-f <file> | -d <dir>] -w\n\
usage: %s [-nv] -S [-f <file> | -d <dir>] -w\n\
usage: %s [-nv] -N [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
usage: %s [-nv] -S [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
", progname, progname, progname, progname, progname, progname,
progname, progname, progname, progname);
exit(1);
}
@ -214,6 +217,8 @@ char *argv[];
int c, lock = -1, devfd = -1, err = 0, rw = -1, ns = -1, set = 0;
char *dirname = NULL, *filename = NULL, *ifs = NULL;
progname = argv[0];
while ((c = getopt(argc, argv, "d:f:i:lNnSRruvWw")) != -1)
switch (c)
{
@ -287,10 +292,14 @@ char *argv[];
rw = 3;
set = 1;
break;
case '?' :
default :
usage();
}
if (optind < 2)
usage();
if (filename == NULL) {
if (ns == 0) {
if (dirname == NULL)
@ -560,9 +569,11 @@ int readnat(fd, file)
int fd;
char *file;
{
nat_save_t ipn, *in, *ipnhead = NULL, *in1, *ipntail = NULL, *ipnp;
nat_save_t ipn, *in, *ipnhead = NULL, *in1, *ipntail = NULL;
int nfd = -1, i;
nat_t *nat;
char *s;
int n;
if (!file)
file = IPF_NATFILE;
@ -575,7 +586,6 @@ char *file;
}
bzero((char *)&ipn, sizeof(ipn));
ipnp = &ipn;
/*
* 1. Read all state information in.
@ -597,30 +607,35 @@ char *file;
}
if (ipn.ipn_dsize > 0) {
char *s = ipnp->ipn_data;
int n = ipnp->ipn_dsize;
n = ipn.ipn_dsize;
n -= sizeof(ipnp->ipn_data);
if (n > sizeof(ipn.ipn_data))
n -= sizeof(ipn.ipn_data);
else
n = 0;
in = malloc(sizeof(*in) + n);
if (!in)
break;
s += sizeof(ipnp->ipn_data);
i = read(nfd, s, n);
if (i == 0)
break;
if (i != n) {
fprintf(stderr, "incomplete read: %d != %d\n",
i, n);
close(nfd);
return 1;
if (n > 0) {
s = in->ipn_data + sizeof(in->ipn_data);
i = read(nfd, s, n);
if (i == 0)
break;
if (i != n) {
fprintf(stderr,
"incomplete read: %d != %d\n",
i, n);
close(nfd);
return 1;
}
}
} else
in = (nat_save_t *)malloc(sizeof(*in));
bcopy((char *)ipnp, (char *)in, sizeof(ipn));
bcopy((char *)&ipn, (char *)in, sizeof(ipn));
/*
* Check to see if this is the first state entry that will
* Check to see if this is the first NAT entry that will
* reference a particular rule and if so, flag it as such
* else just adjust the rule pointer to become a pointer to
* the other. We do this so we have a means later for tracking
@ -650,6 +665,7 @@ char *file;
} while (1);
close(nfd);
nfd = -1;
for (in = ipnhead; in; in = in->ipn_next) {
if (opts & OPT_VERBOSE)
@ -758,6 +774,7 @@ char *dirname;
dirname = IPF_SAVEDIR;
if (chdir(dirname)) {
fprintf(stderr, "IPF_SAVEDIR=%s: ", dirname);
perror("chdir(IPF_SAVEDIR)");
return 1;
}

View File

@ -52,7 +52,7 @@ etherfind -n -t
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2.2.4 2002/12/06 11:40:25 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2.2.5 2003/05/19 12:02:35 darrenr Exp $";
#endif
static int etherf_open __P((char *));
@ -108,9 +108,9 @@ int cnt, *dir;
bzero(&pkt, sizeof(pkt));
if (sscanf(lbuf, "%s %s %s %s %s %s", len, prot, src, dst,
if (sscanf(lbuf, "%7s %7s %15s %15s %15s %15s", len, prot, src, dst,
sprt, dprt) != 6)
if (sscanf(lbuf, "%s %s %s %s %s %s %s", time,
if (sscanf(lbuf, "%7s %7s %7s %15s %15s %15s %15s", time,
len, prot, src, dst, sprt, dprt) != 7)
return -1;

View File

@ -61,7 +61,7 @@ tcpdump -nqte
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2.2.4 2002/12/06 11:40:26 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2.2.6 2003/05/31 02:13:04 darrenr Exp $";
#endif
static int tcpd_open __P((char *));
@ -131,12 +131,13 @@ int cnt, *dir;
bzero(&pkt, sizeof(pkt));
if ((n = sscanf(lbuf, "%s > %s: %s", src, dst, misc)) != 3)
if ((n = sscanf(lbuf, "%s %s > %s: %s",
if ((n = sscanf(lbuf, "%31s > %31s: %255s", src, dst, misc)) != 3)
if ((n = sscanf(lbuf, "%31s %31s > %31s: %255s",
time, src, dst, misc)) != 4)
if ((n = sscanf(lbuf, "%s %s: %s > %s: %s",
if ((n = sscanf(lbuf, "%31s %31s: %31s > %31s: %255s",
link1, link2, src, dst, misc)) != 5) {
n = sscanf(lbuf, "%s %s %s: %s > %s: %s",
n = sscanf(lbuf,
"%31s %31s %31s: %31s > %31s: %255s",
time, link1, link2, src, dst, misc);
if (n != 6)
return -1;

View File

@ -6,7 +6,7 @@
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*
* $Id: iplang_l.l,v 2.2 2000/02/18 00:18:05 darrenr Exp $
* $Id: iplang_l.l,v 2.2.2.1 2003/07/28 01:15:59 darrenr Exp $
*/
#include <stdio.h>
#include <string.h>
@ -318,5 +318,6 @@ void swallow()
while ((c != '\n') && (c != EOF))
c = input();
}
unput(c);
if (c != EOF)
unput(c);
}

View File

@ -60,7 +60,7 @@ extern char *sys_errlist[];
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.22 2002/12/06 11:40:26 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.25 2003/06/05 14:00:28 darrenr Exp $";
#endif
@ -71,27 +71,31 @@ int use_inet6 = 0;
char thishost[MAXHOSTNAMELEN];
extern char *optarg;
extern int optind;
#if 0
extern ipnat_t *natparse __P((char *, int));
#endif
extern void natparsefile __P((int, char *, int));
extern void printnat __P((ipnat_t *, int));
extern void printactivenat __P((nat_t *, int));
extern void printhostmap __P((hostmap_t *, u_int));
extern char *getsumd __P((u_32_t));
void dostats __P((natstat_t *, int)), flushtable __P((int, int));
static int dostats __P((natstat_t *, int));
static int flushtable __P((int, int));
void usage __P((char *));
int countbits __P((u_32_t));
char *getnattype __P((ipnat_t *));
int main __P((int, char*[]));
void printaps __P((ap_session_t *, int));
void showhostmap __P((natstat_t *nsp));
void natstat_dead __P((natstat_t *, char *));
static int showhostmap __P((natstat_t *nsp));
static int natstat_dead __P((natstat_t *, char *));
void usage(name)
char *name;
{
fprintf(stderr, "%s: [-CFhlnrsv] [-f filename]\n", name);
fprintf(stderr, "Usage: %s [-CFhlnrsv] [-f filename]\n", name);
exit(1);
}
@ -153,10 +157,14 @@ char *argv[];
case 'v' :
opts |= OPT_VERBOSE;
break;
case '?' :
default :
usage(argv[0]);
}
if (optind < 2)
usage(argv[0]);
if ((kernel != NULL) || (core != NULL)) {
(void) setgid(getgid());
(void) setuid(getuid());
@ -189,27 +197,36 @@ char *argv[];
if (openkmem(kernel, core) == -1)
exit(1);
natstat_dead(nsp, kernel);
if (opts & (OPT_LIST|OPT_STAT))
dostats(nsp, opts);
if (natstat_dead(nsp, kernel))
exit(1);
if (opts & (OPT_LIST|OPT_STAT)) {
if (dostats(nsp, opts))
exit(1);
}
exit(0);
}
if (opts & (OPT_FLUSH|OPT_CLEAR))
flushtable(fd, opts);
if (file)
if (flushtable(fd, opts))
exit(1);
if (file) {
/* NB natparsefile exits with nonzero in case of error */
natparsefile(fd, file, opts);
}
if (opts & (OPT_LIST|OPT_STAT))
dostats(nsp, opts);
if (dostats(nsp, opts))
exit(1);
/* TBD why not exit(0)? */
return 0;
}
/*
* Read nat statistic information in using a symbol table and memory file
* Read NAT statistic information in using a symbol table and memory file
* rather than doing ioctl's.
*/
void natstat_dead(nsp, kernel)
static int natstat_dead(nsp, kernel)
natstat_t *nsp;
char *kernel;
{
@ -229,12 +246,12 @@ char *kernel;
if (nlist(kernel, nat_nlist) == -1) {
fprintf(stderr, "nlist error\n");
return;
return -1;
}
/*
* Normally the ioctl copies all of these values into the structure
* for us, before returning it to useland, so here we must copy each
* for us, before returning it to userland, so here we must copy each
* one in individually.
*/
kmemcpy((char *)&tables, nat_nlist[0].n_value, sizeof(tables));
@ -257,18 +274,21 @@ char *kernel;
sizeof(nsp->ns_instances));
kmemcpy((char *)&nsp->ns_apslist, nat_nlist[8].n_value,
sizeof(nsp->ns_apslist));
return 0;
}
/*
* Display NAT statistics.
*/
void dostats(nsp, opts)
static int dostats(nsp, opts)
natstat_t *nsp;
int opts;
{
nat_t **nt[2], *np, nat;
ipnat_t ipn;
int rc = 0;
/*
* Show statistics ?
@ -297,6 +317,7 @@ int opts;
if (kmemcpy((char *)&ipn, (long)nsp->ns_list,
sizeof(ipn))) {
perror("kmemcpy");
rc = -1;
break;
}
if (opts & OPT_HITS)
@ -309,28 +330,40 @@ int opts;
if (kmemcpy((char *)nt[0], (long)nsp->ns_table[0],
sizeof(**nt) * NAT_SIZE)) {
perror("kmemcpy");
return;
rc = -1;
}
if (rc) {
free(nt[0]);
return rc;
}
printf("\nList of active sessions:\n");
for (np = nsp->ns_instances; np; np = nat.nat_next) {
if (kmemcpy((char *)&nat, (long)np, sizeof(nat)))
if (kmemcpy((char *)&nat, (long)np, sizeof(nat))) {
/* TBD Is this an error? If so, return -1 */
break;
}
printactivenat(&nat, opts);
}
if (opts & OPT_VERBOSE)
showhostmap(nsp);
if (opts & OPT_VERBOSE) {
if (showhostmap(nsp)) {
free(nt[0]);
return -1;
}
}
free(nt[0]);
}
return 0;
}
/*
* display the active host mapping table.
* Display the active host mapping table.
*/
void showhostmap(nsp)
static int showhostmap(nsp)
natstat_t *nsp;
{
hostmap_t hm, *hmp, **maptable;
@ -343,7 +376,8 @@ natstat_t *nsp;
if (kmemcpy((char *)maptable, (u_long)nsp->ns_maptable,
sizeof(hostmap_t *) * nsp->ns_hostmap_sz)) {
perror("kmemcpy (maptable)");
return;
free(maptable);
return -1;
}
for (hv = 0; hv < nsp->ns_hostmap_sz; hv++) {
@ -352,7 +386,8 @@ natstat_t *nsp;
while (hmp) {
if (kmemcpy((char *)&hm, (u_long)hmp, sizeof(hm))) {
perror("kmemcpy (hostmap)");
return;
free(maptable);
return -1;
}
printhostmap(&hm, hv);
@ -360,6 +395,7 @@ natstat_t *nsp;
}
}
free(maptable);
return 0;
}
@ -367,24 +403,31 @@ natstat_t *nsp;
* Issue an ioctl to flush either the NAT rules table or the active mapping
* table or both.
*/
void flushtable(fd, opts)
static int flushtable(fd, opts)
int fd, opts;
{
int n = 0;
int rc = 0;
if (opts & OPT_FLUSH) {
n = 0;
if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1)
if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1) {
perror("ioctl(SIOCFLNAT)");
else
rc = -1;
} else {
printf("%d entries flushed from NAT table\n", n);
}
}
if (opts & OPT_CLEAR) {
n = 1;
if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1)
if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1) {
perror("ioctl(SIOCCNATL)");
else
rc = -1;
} else {
printf("%d entries flushed from NAT list\n", n);
}
}
return rc;
}

View File

@ -76,7 +76,7 @@ struct ifqueue ipintrq; /* ip packet input queue */
(ia) != NULL && (ia)->ia_ifp != (ifp); \
(ia) = (ia)->ia_next); \
}
#endif KERNEL
#endif /* KERNEL */
/*
* Per-interface router version information is kept in this list.

View File

@ -51,7 +51,7 @@ enable debugging mode.
.TP
.BR \-f \0<offset>
The \fI-f\fP allows the IP offset field in the IP header to be set to an
arbitrary value, which can be specified in decimal or hexidecimal.
arbitrary value, which can be specified in decimal or hexadecimal.
.TP
.BR \-g \0<gateway>
Specify the hostname of the gateway through which to route packets. This

View File

@ -25,7 +25,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.4 2002/12/06 11:40:35 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.5 2004/04/10 11:50:52 darrenr Exp $";
#endif
@ -98,7 +98,10 @@ char *class;
len += val;
} else
*op++ = io->on_siz;
*op++ = IPOPT_MINOFF;
if (io->on_value == IPOPT_TS)
*op++ = IPOPT_MINOFF + 1;
else
*op++ = IPOPT_MINOFF;
while (class && *class) {
t = NULL;

View File

@ -64,7 +64,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.24 2002/12/06 11:40:26 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.26 2003/11/09 17:22:21 darrenr Exp $";
#endif
extern char *optarg;
@ -72,7 +72,7 @@ extern struct frentry *ipfilter[2][2];
extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex;
extern struct ifnet *get_unit __P((char *, int));
extern void init_ifp __P((void));
extern ipnat_t *natparse __P((char *, int));
extern ipnat_t *natparse __P((char *, int, int *));
extern int fr_running;
int opts = 0;
@ -310,6 +310,7 @@ char *file;
int linenum, i;
void *fr;
FILE *fp;
int parsestatus;
if (!strcmp(file, "-"))
fp = stdin;
@ -346,7 +347,21 @@ char *file;
/* fake an `ioctl' call :) */
if ((opts & OPT_NAT) != 0) {
if (!(fr = natparse(line, linenum)))
parsestatus = 1;
fr = natparse(line, linenum, &parsestatus);
if (parsestatus != 0) {
if (*line) {
fprintf(stderr,
"%d: syntax error in \"%s\"\n",
linenum, line);
}
fprintf(stderr, "%s: %s error (%d), quitting\n",
file,
((parsestatus < 0)? "parse": "internal"),
parsestatus);
exit(1);
}
if (!fr)
continue;
if (rremove == 0) {
@ -367,8 +382,19 @@ char *file;
fr, i);
}
} else {
if (!(fr = parse(line, linenum)))
fr = parse(line, linenum, &parsestatus);
if (parsestatus != 0) {
fprintf(stderr, "%s: %s error (%d), quitting\n",
file,
((parsestatus < 0)? "parse": "internal"),
parsestatus);
exit(1);
}
if (!fr) {
continue;
}
if (rremove == 0) {
i = IPL_EXTERN(ioctl)(0, SIOCADAFR,

View File

@ -46,14 +46,14 @@
#if !defined(lint)
static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.16 2002/12/06 11:40:27 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.18 2003/11/09 17:22:22 darrenr Exp $";
#endif
#ifdef __sgi
typedef int kvm_t;
static int kvm_fd = -1;
static char *kvm_errstr;
static char *kvm_errstr = NULL;
kvm_t *kvm_open(kernel, core, swap, mode, errstr)
char *kernel, *core, *swap;
@ -79,8 +79,10 @@ size_t size;
int r;
if (lseek(*kvm, pos, 0) == -1) {
fprintf(stderr, "%s", kvm_errstr);
perror("lseek");
if (kvm_errstr != NULL) {
fprintf(stderr, "%s:", kvm_errstr);
perror("lseek");
}
return -1;
}
@ -103,7 +105,7 @@ char *kern, *core;
kvm_t *uk;
} k;
kvm_f = kvm_open(kern, core, NULL, O_RDONLY, "");
kvm_f = kvm_open(kern, core, NULL, O_RDONLY, NULL);
if (kvm_f == NULL)
{
perror("openkmem:open");

View File

@ -7,7 +7,7 @@ packet headers of packets you wish to log. If a packet header is to be
logged, the entire header is logged (including any IP options \- TCP/UDP
options are not included when it calculates header size) or not at all.
The packet contents are also logged after the header. If the log reader
is busy or otherwise unable to read log records, upto IPLLOGSIZE (8192 is the
is busy or otherwise unable to read log records, up to IPLLOGSIZE (8192 is the
default) bytes of data are stored.
.PP
Prepending every packet header logged is a structure containing information

View File

@ -12,16 +12,16 @@ map ::= mapit ifname fromto "->" dstipmask [ mapport ] mapoptions.
mapblock ::= "map-block" ifname ipmask "->" ipmask [ ports ] mapoptions.
redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport rdroptions .
dport ::= "port" portnum [ "-" portnum ] .
ports ::= "ports" numports | "auto" .
rdrport ::= "port" portnum .
dport ::= "port" number [ "-" number ] .
ports ::= "ports" number | "auto" .
rdrport ::= "port" number .
mapit ::= "map" | "bimap" .
fromto ::= "from" object "to" object .
ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask .
dstipmask ::= ipmask | "range" ip "-" ip .
mapport ::= "portmap" tcpudp portspec .
mapoptions ::= [ tcpudp ] [ "frag" ] [ age ] [ clamp ] .
rdroptions ::= [ tcpudp ] [ rr ] [ "frag" ] [ age ] [ clamp ] .
rdroptions ::= [ tcpudp | protocol ] [ rr ] [ "frag" ] [ age ] [ clamp ] .
object :: = addr [ port-comp | port-range ] .
addr :: = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
@ -31,14 +31,14 @@ port-range :: = "port" port-num range port-num .
rr ::= "round-robin" .
age ::= "age" decnumber [ "/" decnumber ] .
clamp ::= "mssclamp" decnumber .
tcpudp ::= "tcp/udp" | protocol .
tcpudp ::= "tcp/udp" | "tcp" | "udp" .
protocol ::= protocol-name | decnumber .
nummask ::= host-name [ "/" decnumber ] .
portspec ::= "auto" | portnumber ":" portnumber .
portnumber ::= number { numbers } .
nummask ::= host-name [ "/" number ] .
portspec ::= "auto" | number ":" number .
ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers .
number ::= numbers [ number ] .
numbers ::= '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' .
.fi
.PP
@ -134,9 +134,9 @@ If more refined timeouts are required than those available globally for
NAT settings, this allows you to set them for \fBnon-TCP\fP use.
.SH TRANSLATION
.PP
To the right of the "->" is the address and port specificaton which will be
To the right of the "->" is the address and port specification which will be
written into the packet providing it has already successful matched the
prior constraints. The case of redirections (\fBrdr\fP) is the simpliest:
prior constraints. The case of redirections (\fBrdr\fP) is the simplest:
the new destination address is that specified in the rule. For \fBmap\fP
rules, the destination address will be one for which the tuple combining
the new source and destination is known to be unique. If the packet is
@ -187,7 +187,7 @@ automatically, as required. This will not effect the display of rules
using "ipnat -l", only the internal application order.
.SH EXAMPLES
.PP
This section deals with the \fBmap\fP command and it's variations.
This section deals with the \fBmap\fP command and its variations.
.PP
To change IP#'s used internally from network 10 into an ISP provided 8 bit
subnet at 209.1.2.0 through the ppp0 interface, the following would be used:
@ -214,7 +214,7 @@ map ppp0 10.0.0.0/8 -> 209.1.2.0/24
.fi
.PP
so that all TCP/UDP packets were port mapped and only other protocols, such as
ICMP, only have their IP# changed. In some instaces, it is more appropriate
ICMP, only have their IP# changed. In some instances, it is more appropriate
to use the keyword \fBauto\fP in place of an actual range of port numbers if
you want to guarantee simultaneous access to all within the given range.
However, in the above case, it would default to 1 port per IP address, since
@ -228,7 +228,7 @@ map ppp0 172.192.0.0/16 -> 209.1.2.0/24 portmap tcp/udp auto
which would result in each IP address being given a small range of ports to
use (252). The problem here is that the \fBmap\fP directive tells the NAT
code to use the next address/port pair available for an outgoing connection,
resulting in no easily discernable relation between external addresses/ports
resulting in no easily discernible relation between external addresses/ports
and internal ones. This is overcome by using \fBmap-block\fP as follows:
.LP
.nf

View File

@ -220,7 +220,9 @@ static int ipl_remove()
#ifdef OpenBSD
VOP_LOCK(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY, curproc);
#else
# if !defined(__NetBSD_Version__) || (__NetBSD_Version__ < 106000000)
vn_lock(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY);
# endif
#endif
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);

View File

@ -56,7 +56,7 @@ extern char *sys_errlist[];
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.27 2002/12/06 11:40:27 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.29 2003/05/15 17:45:34 darrenr Exp $";
#endif
@ -68,7 +68,7 @@ extern void printnat __P((ipnat_t *, int));
extern int countbits __P((u_32_t));
extern char *proto;
ipnat_t *natparse __P((char *, int));
ipnat_t *natparse __P((char *, int, int *));
void natparsefile __P((int, char *, int));
void nat_setgroupmap __P((struct ipnat *));
@ -98,10 +98,16 @@ ipnat_t *n;
/*
* Parse a line of input from the ipnat configuration file
*
* status:
* < 0 error
* = 0 OK
* > 0 programmer error
*/
ipnat_t *natparse(line, linenum)
ipnat_t *natparse(line, linenum, status)
char *line;
int linenum;
int *status;
{
static ipnat_t ipn;
struct protoent *pr;
@ -110,6 +116,7 @@ int linenum;
int i, cnt;
char *port1a = NULL, *port1b = NULL, *port2a = NULL;
*status = 100; /* default to error */
proto = NULL;
/*
@ -121,8 +128,10 @@ int linenum;
*s = '\0';
while (*line && isspace(*line))
line++;
if (!*line)
if (!*line) {
*status = 0;
return NULL;
}
bzero((char *)&ipn, sizeof(ipn));
cnt = 0;
@ -137,6 +146,7 @@ int linenum;
if (cnt < 3) {
fprintf(stderr, "%d: not enough segments in line\n", linenum);
*status = -1;
return NULL;
}
@ -156,6 +166,7 @@ int linenum;
else {
fprintf(stderr, "%d: unknown mapping: \"%s\"\n",
linenum, *cpp);
*status = -1;
return NULL;
}
@ -174,12 +185,14 @@ int linenum;
cpp++;
if (strcasecmp(*cpp, "from")) {
fprintf(stderr, "Missing from after !\n");
*status = -1;
return NULL;
}
ipn.in_flags |= IPN_NOTSRC;
} else if (**cpp == '!') {
if (strcasecmp(*cpp + 1, "from")) {
fprintf(stderr, "Missing from after !\n");
*status = -1;
return NULL;
}
ipn.in_flags |= IPN_NOTSRC;
@ -187,6 +200,7 @@ int linenum;
if ((ipn.in_flags & IPN_NOTSRC) &&
(ipn.in_redir & (NAT_MAP|NAT_MAPBLK))) {
fprintf(stderr, "Cannot use '! from' with map\n");
*status = -1;
return NULL;
}
@ -196,12 +210,14 @@ int linenum;
if (hostmask(&cpp, (u_32_t *)&ipn.in_srcip,
(u_32_t *)&ipn.in_srcmsk, &ipn.in_sport,
&ipn.in_scmp, &ipn.in_stop, linenum)) {
*status = -1;
return NULL;
}
} else {
if (hostmask(&cpp, (u_32_t *)&ipn.in_inip,
(u_32_t *)&ipn.in_inmsk, &ipn.in_sport,
&ipn.in_scmp, &ipn.in_stop, linenum)) {
*status = -1;
return NULL;
}
}
@ -217,22 +233,26 @@ int linenum;
if (strcasecmp(*cpp, "to")) {
fprintf(stderr, "%d: unexpected keyword (%s) - to\n",
linenum, *cpp);
*status = -1;
return NULL;
}
if ((ipn.in_flags & IPN_NOTDST) &&
(ipn.in_redir & (NAT_REDIRECT))) {
fprintf(stderr, "Cannot use '! to' with rdr\n");
*status = -1;
return NULL;
}
if (!*++cpp) {
fprintf(stderr, "%d: missing host after to\n", linenum);
*status = -1;
return NULL;
}
if (ipn.in_redir == NAT_REDIRECT) {
if (hostmask(&cpp, (u_32_t *)&ipn.in_outip,
(u_32_t *)&ipn.in_outmsk, &ipn.in_dport,
&ipn.in_dcmp, &ipn.in_dtop, linenum)) {
*status = -1;
return NULL;
}
ipn.in_pmin = htons(ipn.in_dport);
@ -240,6 +260,7 @@ int linenum;
if (hostmask(&cpp, (u_32_t *)&ipn.in_srcip,
(u_32_t *)&ipn.in_srcmsk, &ipn.in_dport,
&ipn.in_dcmp, &ipn.in_dtop, linenum)) {
*status = -1;
return NULL;
}
}
@ -247,30 +268,39 @@ int linenum;
s = *cpp;
if (!s) {
fprintf(stderr, "%d: short line\n", linenum);
*status = -1;
return NULL;
}
t = strchr(s, '/');
if (!t) {
fprintf(stderr, "%d: no netmask on LHS\n", linenum);
*status = -1;
return NULL;
}
*t++ = '\0';
if (ipn.in_redir == NAT_REDIRECT) {
if (hostnum((u_32_t *)&ipn.in_outip, s, linenum) == -1)
if (hostnum((u_32_t *)&ipn.in_outip, s, linenum) == -1){
*status = -1;
return NULL;
}
if (genmask(t, (u_32_t *)&ipn.in_outmsk) == -1) {
*status = -1;
return NULL;
}
} else {
if (hostnum((u_32_t *)&ipn.in_inip, s, linenum) == -1)
if (hostnum((u_32_t *)&ipn.in_inip, s, linenum) == -1) {
*status = -1;
return NULL;
}
if (genmask(t, (u_32_t *)&ipn.in_inmsk) == -1) {
*status = -1;
return NULL;
}
}
cpp++;
if (!*cpp) {
fprintf(stderr, "%d: short line\n", linenum);
*status = -1;
return NULL;
}
}
@ -283,6 +313,7 @@ int linenum;
if (strcasecmp(*cpp, "port")) {
fprintf(stderr, "%d: missing fields - 1st port\n",
linenum);
*status = -1;
return NULL;
}
@ -292,6 +323,7 @@ int linenum;
fprintf(stderr,
"%d: missing fields (destination port)\n",
linenum);
*status = -1;
return NULL;
}
@ -319,10 +351,12 @@ int linenum;
*/
if (!*cpp) {
fprintf(stderr, "%d: missing fields (->)\n", linenum);
*status = -1;
return NULL;
}
if (strcmp(*cpp, "->")) {
fprintf(stderr, "%d: missing ->\n", linenum);
*status = -1;
return NULL;
}
cpp++;
@ -330,6 +364,7 @@ int linenum;
if (!*cpp) {
fprintf(stderr, "%d: missing fields (%s)\n",
linenum, ipn.in_redir ? "destination" : "target");
*status = -1;
return NULL;
}
@ -341,6 +376,7 @@ int linenum;
fprintf(stderr, "%d: missing fields (%s)\n",
linenum,
ipn.in_redir ? "destination":"target");
*status = -1;
return NULL;
}
}
@ -358,6 +394,7 @@ int linenum;
fprintf(stderr,
"%d: desination range not specified\n",
linenum);
*status = -1;
return NULL;
}
} else if (ipn.in_redir != NAT_REDIRECT) {
@ -371,6 +408,7 @@ int linenum;
fprintf(stderr,
"%d: missing fields (dest netmask)\n",
linenum);
*status = -1;
return NULL;
}
if (*dnetm == '/')
@ -383,20 +421,25 @@ int linenum;
ipn.in_flags |= IPN_SPLIT;
*dnetm++ = '\0';
}
if (hostnum((u_32_t *)&ipn.in_inip, *cpp, linenum) == -1)
if (hostnum((u_32_t *)&ipn.in_inip, *cpp, linenum) == -1) {
*status = -1;
return NULL;
}
#if SOLARIS
if (ntohl(ipn.in_inip) == INADDR_LOOPBACK) {
fprintf(stderr,
"localhost as destination not supported\n");
*status = -1;
return NULL;
}
#endif
} else {
if (!strcmp(*cpp, ipn.in_ifname))
*cpp = "0";
if (hostnum((u_32_t *)&ipn.in_outip, *cpp, linenum) == -1)
if (hostnum((u_32_t *)&ipn.in_outip, *cpp, linenum) == -1) {
*status = -1;
return NULL;
}
}
cpp++;
@ -406,6 +449,7 @@ int linenum;
fprintf(stderr,
"%d: expected \"ports\" - got \"%s\"\n",
linenum, *cpp);
*status = -1;
return NULL;
}
cpp++;
@ -413,6 +457,7 @@ int linenum;
fprintf(stderr,
"%d: missing argument to \"ports\"\n",
linenum);
*status = -1;
return NULL;
}
if (!strcasecmp(*cpp, "auto"))
@ -426,12 +471,14 @@ int linenum;
if (*cpp && (strrchr(*cpp, '/') != NULL)) {
fprintf(stderr, "%d: No netmask supported in %s\n",
linenum, "destination host for redirect");
*status = -1;
return NULL;
}
if (!*cpp) {
fprintf(stderr, "%d: Missing destination port %s\n",
linenum, "in redirect");
*status = -1;
return NULL;
}
@ -440,6 +487,7 @@ int linenum;
if (strcasecmp(*cpp, "port")) {
fprintf(stderr, "%d: missing fields - 2nd port (%s)\n",
linenum, *cpp);
*status = -1;
return NULL;
}
cpp++;
@ -447,6 +495,7 @@ int linenum;
fprintf(stderr,
"%d: missing fields (destination port)\n",
linenum);
*status = -1;
return NULL;
}
@ -458,17 +507,25 @@ int linenum;
if (ipn.in_redir & (NAT_MAP|NAT_MAPBLK)) {
if (ipn.in_flags & IPN_IPRANGE) {
if (hostnum((u_32_t *)&ipn.in_outmsk, dnetm,
linenum) == -1)
linenum) == -1) {
*status = -1;
return NULL;
} else if (genmask(dnetm, (u_32_t *)&ipn.in_outmsk))
}
} else if (genmask(dnetm, (u_32_t *)&ipn.in_outmsk)) {
*status = -1;
return NULL;
}
} else {
if (ipn.in_flags & IPN_SPLIT) {
if (hostnum((u_32_t *)&ipn.in_inmsk, dnetm,
linenum) == -1)
linenum) == -1) {
*status = -1;
return NULL;
} else if (genmask("255.255.255.255", (u_32_t *)&ipn.in_inmsk))
}
} else if (genmask("255.255.255.255", (u_32_t *)&ipn.in_inmsk)){
*status = -1;
return NULL;
}
if (!*cpp) {
ipn.in_flags |= IPN_TCP; /* XXX- TCP only by default */
proto = "tcp";
@ -494,6 +551,7 @@ int linenum;
fprintf(stderr,
"%d: Unknown protocol %s\n",
linenum, proto);
*status = -1;
return NULL;
} else
ipn.in_p = atoi(proto);
@ -520,6 +578,7 @@ int linenum;
fprintf(stderr,
"%d: age with no parameters\n",
linenum);
*status = -1;
return NULL;
}
@ -541,6 +600,7 @@ int linenum;
fprintf(stderr,
"%d: mssclamp with no parameters\n",
linenum);
*status = -1;
return NULL;
}
}
@ -549,26 +609,33 @@ int linenum;
fprintf(stderr,
"%d: extra junk at the end of the line: %s\n",
linenum, *cpp);
*status = -1;
return NULL;
}
}
}
if ((ipn.in_redir == NAT_REDIRECT) && !(ipn.in_flags & IPN_FILTER)) {
if (!portnum(port1a, &ipn.in_pmin, linenum))
if (!portnum(port1a, &ipn.in_pmin, linenum)) {
*status = -1;
return NULL;
}
ipn.in_pmin = htons(ipn.in_pmin);
if (port1b != NULL) {
if (!portnum(port1b, &ipn.in_pmax, linenum))
if (!portnum(port1b, &ipn.in_pmax, linenum)) {
*status = -1;
return NULL;
}
ipn.in_pmax = htons(ipn.in_pmax);
} else
ipn.in_pmax = ipn.in_pmin;
}
if ((ipn.in_redir & NAT_BIMAP) == NAT_REDIRECT) {
if (!portnum(port2a, &ipn.in_pnext, linenum))
if (!portnum(port2a, &ipn.in_pnext, linenum)) {
*status = -1;
return NULL;
}
ipn.in_pnext = htons(ipn.in_pnext);
}
@ -586,13 +653,18 @@ int linenum;
ipn.in_flags |= IPN_FRAG;
}
if (!*cpp)
if (!*cpp) {
*status = 0;
return &ipn;
}
if (ipn.in_redir != NAT_BIMAP && !strcasecmp(*cpp, "proxy")) {
u_short pport;
if (ipn.in_redir == NAT_BIMAP) {
fprintf(stderr, "%d: cannot use proxy with bimap\n",
linenum);
*status = -1;
return NULL;
}
cpp++;
@ -600,6 +672,7 @@ int linenum;
fprintf(stderr,
"%d: missing parameter for \"proxy\"\n",
linenum);
*status = -1;
return NULL;
}
dport = NULL;
@ -610,6 +683,7 @@ int linenum;
fprintf(stderr,
"%d: missing parameter for \"port\"\n",
linenum);
*status = -1;
return NULL;
}
@ -620,11 +694,13 @@ int linenum;
fprintf(stderr,
"%d: missing parameter for \"proxy\"\n",
linenum);
*status = -1;
return NULL;
}
} else {
fprintf(stderr,
"%d: missing keyword \"port\"\n", linenum);
*status = -1;
return NULL;
}
@ -637,9 +713,17 @@ int linenum;
} else
ipn.in_p = 0;
if (dport && !portnum(dport, &ipn.in_dport, linenum))
if (dport && !portnum(dport, &pport, linenum))
return NULL;
ipn.in_dport = htons(ipn.in_dport);
if (ipn.in_dcmp != 0) {
if (pport != ipn.in_dport) {
fprintf(stderr,
"%d: mismatch in port numbers\n",
linenum);
return NULL;
}
} else
ipn.in_dport = htons(pport);
(void) strncpy(ipn.in_plabel, *cpp, sizeof(ipn.in_plabel));
cpp++;
@ -648,6 +732,7 @@ int linenum;
if (ipn.in_redir == NAT_BIMAP) {
fprintf(stderr, "%d: cannot use portmap with bimap\n",
linenum);
*status = -1;
return NULL;
}
cpp++;
@ -655,6 +740,7 @@ int linenum;
fprintf(stderr,
"%d: missing expression following portmap\n",
linenum);
*status = -1;
return NULL;
}
@ -670,6 +756,7 @@ int linenum;
fprintf(stderr,
"%d: expected protocol name - got \"%s\"\n",
linenum, *cpp);
*status = -1;
return NULL;
}
proto = *cpp;
@ -677,6 +764,7 @@ int linenum;
if (!*cpp) {
fprintf(stderr, "%d: no port range found\n", linenum);
*status = -1;
return NULL;
}
@ -691,12 +779,15 @@ int linenum;
fprintf(stderr,
"%d: no port range in \"%s\"\n",
linenum, *cpp);
*status = -1;
return NULL;
}
*t++ = '\0';
if (!portnum(*cpp, &ipn.in_pmin, linenum) ||
!portnum(t, &ipn.in_pmax, linenum))
!portnum(t, &ipn.in_pmax, linenum)) {
*status = -1;
return NULL;
}
ipn.in_pmin = htons(ipn.in_pmin);
ipn.in_pmax = htons(ipn.in_pmax);
cpp++;
@ -713,6 +804,7 @@ int linenum;
if (!*cpp) {
fprintf(stderr, "%d: age with no parameters\n",
linenum);
*status = -1;
return NULL;
}
ipn.in_age[0] = atoi(*cpp);
@ -732,6 +824,7 @@ int linenum;
} else {
fprintf(stderr, "%d: mssclamp with no parameters\n",
linenum);
*status = -1;
return NULL;
}
}
@ -739,8 +832,11 @@ int linenum;
if (*cpp) {
fprintf(stderr, "%d: extra junk at the end of the line: %s\n",
linenum, *cpp);
*status = -1;
return NULL;
}
*status = 0;
return &ipn;
}
@ -754,6 +850,7 @@ int opts;
ipnat_t *np;
FILE *fp;
int linenum = 0;
int parsestatus;
if (strcmp(file, "-")) {
if (!(fp = fopen(file, "r"))) {
@ -770,11 +867,20 @@ int opts;
if ((s = strchr(line, '\n')))
*s = '\0';
if (!(np = natparse(line, linenum))) {
if (*line)
parsestatus = 1;
np = natparse(line, linenum, &parsestatus);
if (parsestatus != 0) {
if (*line) {
fprintf(stderr, "%d: syntax error in \"%s\"\n",
linenum, line);
} else {
}
fprintf(stderr, "%s: %s error (%d), quitting\n",
file,
((parsestatus < 0)? "parse": "internal"),
parsestatus);
exit(1);
}
if (np) {
if ((opts & OPT_VERBOSE) && np)
printnat(np, opts);
if (!(opts & OPT_NODO)) {

View File

@ -68,10 +68,16 @@ extern u_char flags[];
/* parse()
*
* parse a line read from the input filter rule file
*
* status:
* < 0 error
* = 0 OK
* > 0 programmer error
*/
struct frentry *parse(line, linenum)
struct frentry *parse(line, linenum, status)
char *line;
int linenum;
int *status; /* good, bad, or indifferent */
{
static struct frentry fil;
char *cps[31], **cpp, *endptr, *s;
@ -79,10 +85,14 @@ int linenum;
int i, cnt = 1, j, ch;
u_int k;
*status = 100; /* default to error */
while (*line && isspace(*line))
line++;
if (!*line)
if (!*line) {
*status = 0;
return NULL;
}
bzero((char *)&fil, sizeof(fil));
fil.fr_mip.fi_v = 0xf;
@ -100,6 +110,7 @@ int linenum;
if (cnt < 3) {
fprintf(stderr, "%d: not enough segments in line\n", linenum);
*status = -1;
return NULL;
}
@ -143,6 +154,7 @@ int linenum;
fprintf(stderr,
"%d: unrecognised icmp code %s\n",
linenum, *cpp + 20);
*status = -1;
return NULL;
}
fil.fr_icode = j;
@ -172,6 +184,7 @@ int linenum;
else {
fprintf(stderr, "%d: integer must follow skip\n",
linenum);
*status = -1;
return NULL;
}
} else if (!strcasecmp("log", *cpp)) {
@ -190,8 +203,11 @@ int linenum;
}
if (!strcasecmp(*(cpp+1), "level")) {
cpp++;
if (loglevel(cpp, &fil.fr_loglevel, linenum) == -1)
if (loglevel(cpp, &fil.fr_loglevel, linenum) == -1) {
/* NB loglevel prints its own error message */
*status = -1;
return NULL;
}
cpp++;
}
} else {
@ -199,10 +215,12 @@ int linenum;
* Doesn't start with one of the action words
*/
fprintf(stderr, "%d: unknown keyword (%s)\n", linenum, *cpp);
*status = -1;
return NULL;
}
if (!*++cpp) {
fprintf(stderr, "%d: missing 'in'/'out' keyword\n", linenum);
*status = -1;
return NULL;
}
@ -218,16 +236,19 @@ int linenum;
fprintf(stderr,
"%d: Can only use return-icmp with 'in'\n",
linenum);
*status = -1;
return NULL;
} else if (fil.fr_flags & FR_RETRST) {
fprintf(stderr,
"%d: Can only use return-rst with 'in'\n",
linenum);
*status = -1;
return NULL;
}
}
if (!*++cpp) {
fprintf(stderr, "%d: missing source specification\n", linenum);
*status = -1;
return NULL;
}
@ -235,6 +256,7 @@ int linenum;
if (!*++cpp) {
fprintf(stderr, "%d: missing source specification\n",
linenum);
*status = -1;
return NULL;
}
if (fil.fr_flags & FR_PASS)
@ -254,14 +276,17 @@ int linenum;
fprintf(stderr,
"%d: or-block must be used with pass\n",
linenum);
*status = -1;
return NULL;
}
fil.fr_flags |= FR_LOGORBLOCK;
cpp++;
}
if (*cpp && !strcasecmp(*cpp, "level")) {
if (loglevel(cpp, &fil.fr_loglevel, linenum) == -1)
if (loglevel(cpp, &fil.fr_loglevel, linenum) == -1) {
*status = -1;
return NULL;
}
cpp++;
cpp++;
}
@ -271,6 +296,7 @@ int linenum;
if (fil.fr_skip != 0) {
fprintf(stderr, "%d: cannot use skip with quick\n",
linenum);
*status = -1;
return NULL;
}
cpp++;
@ -287,6 +313,7 @@ int linenum;
if (!*++cpp) {
fprintf(stderr, "%d: interface name missing\n",
linenum);
*status = -1;
return NULL;
}
@ -307,28 +334,35 @@ int linenum;
fprintf(stderr,
"%d: %s can only be used with TCP\n",
linenum, "return-rst");
*status = -1;
return NULL;
}
*status = 0;
return &fil;
}
if (*cpp) {
if (!strcasecmp(*cpp, "dup-to") && *(cpp + 1)) {
cpp++;
if (to_interface(&fil.fr_dif, *cpp, linenum))
if (to_interface(&fil.fr_dif, *cpp, linenum)) {
*status = -1;
return NULL;
}
cpp++;
}
if (*cpp && !strcasecmp(*cpp, "to") && *(cpp + 1)) {
cpp++;
if (to_interface(&fil.fr_tif, *cpp, linenum))
if (to_interface(&fil.fr_tif, *cpp, linenum)) {
*status = -1;
return NULL;
}
cpp++;
} else if (*cpp && !strcasecmp(*cpp, "fastroute")) {
if (!(fil.fr_flags & FR_INQUE)) {
fprintf(stderr,
"can only use %s with 'in'\n",
"fastroute");
*status = -1;
return NULL;
}
fil.fr_flags |= FR_FASTROUTE;
@ -366,6 +400,7 @@ int linenum;
if (*cpp && !strcasecmp(*cpp, "tos")) {
if (!*++cpp) {
fprintf(stderr, "%d: tos missing value\n", linenum);
*status = -1;
return NULL;
}
fil.fr_tos = strtol(*cpp, NULL, 0);
@ -377,6 +412,7 @@ int linenum;
if (!*++cpp) {
fprintf(stderr, "%d: ttl missing hopcount value\n",
linenum);
*status = -1;
return NULL;
}
if (ratoi(*cpp, &i, 0, 255))
@ -384,6 +420,7 @@ int linenum;
else {
fprintf(stderr, "%d: invalid ttl (%s)\n",
linenum, *cpp);
*status = -1;
return NULL;
}
fil.fr_mip.fi_ttl = 0xff;
@ -397,6 +434,7 @@ int linenum;
if (*cpp && !strcasecmp(*cpp, "proto")) {
if (!*++cpp) {
fprintf(stderr, "%d: protocol name missing\n", linenum);
*status = -1;
return NULL;
}
proto = *cpp++;
@ -412,6 +450,7 @@ int linenum;
fprintf(stderr,
"%d: unknown protocol (%s)\n",
linenum, proto);
*status = -1;
return NULL;
}
if (p)
@ -422,6 +461,7 @@ int linenum;
fprintf(stderr,
"%d: unknown protocol (%s)\n",
linenum, proto);
*status = -1;
return NULL;
}
fil.fr_proto = i;
@ -433,6 +473,7 @@ int linenum;
((fil.fr_flags & FR_RETMASK) == FR_RETRST)) {
fprintf(stderr, "%d: %s can only be used with TCP\n",
linenum, "return-rst");
*status = -1;
return NULL;
}
@ -442,21 +483,26 @@ int linenum;
if (!*cpp) {
fprintf(stderr, "%d: missing source specification\n", linenum);
*status = -1;
return NULL;
}
if (!strcasecmp(*cpp, "all")) {
cpp++;
if (!*cpp)
if (!*cpp) {
*status = 0;
return &fil;
}
} else {
if (strcasecmp(*cpp, "from")) {
fprintf(stderr, "%d: unexpected keyword (%s) - from\n",
linenum, *cpp);
*status = -1;
return NULL;
}
if (!*++cpp) {
fprintf(stderr, "%d: missing host after from\n",
linenum);
*status = -1;
return NULL;
}
if (!strcmp(*cpp, "!")) {
@ -465,6 +511,7 @@ int linenum;
fprintf(stderr,
"%d: missing host after from\n",
linenum);
*status = -1;
return NULL;
}
} else if (**cpp == '!') {
@ -475,6 +522,7 @@ int linenum;
if (hostmask(&cpp, (u_32_t *)&fil.fr_src,
(u_32_t *)&fil.fr_smsk, &fil.fr_sport, &ch,
&fil.fr_stop, linenum)) {
*status = -1;
return NULL;
}
@ -484,12 +532,14 @@ int linenum;
fprintf(stderr,
"%d: cannot use port and neither tcp or udp\n",
linenum);
*status = -1;
return NULL;
}
fil.fr_scmp = ch;
if (!*cpp) {
fprintf(stderr, "%d: missing to fields\n", linenum);
*status = -1;
return NULL;
}
@ -499,10 +549,12 @@ int linenum;
if (strcasecmp(*cpp, "to")) {
fprintf(stderr, "%d: unexpected keyword (%s) - to\n",
linenum, *cpp);
*status = -1;
return NULL;
}
if (!*++cpp) {
fprintf(stderr, "%d: missing host after to\n", linenum);
*status = -1;
return NULL;
}
ch = 0;
@ -512,6 +564,7 @@ int linenum;
fprintf(stderr,
"%d: missing host after from\n",
linenum);
*status = -1;
return NULL;
}
} else if (**cpp == '!') {
@ -521,6 +574,7 @@ int linenum;
if (hostmask(&cpp, (u_32_t *)&fil.fr_dst,
(u_32_t *)&fil.fr_dmsk, &fil.fr_dport, &ch,
&fil.fr_dtop, linenum)) {
*status = -1;
return NULL;
}
if ((ch != 0) && (fil.fr_proto != IPPROTO_TCP) &&
@ -529,6 +583,7 @@ int linenum;
fprintf(stderr,
"%d: cannot use port and neither tcp or udp\n",
linenum);
*status = -1;
return NULL;
}
@ -542,20 +597,25 @@ int linenum;
if (fil.fr_proto && (fil.fr_dcmp || fil.fr_scmp) &&
fil.fr_proto != IPPROTO_TCP && fil.fr_proto != IPPROTO_UDP) {
fprintf(stderr, "%d: port operation on non tcp/udp\n", linenum);
*status = -1;
return NULL;
}
if (fil.fr_icmp && fil.fr_proto != IPPROTO_ICMP) {
fprintf(stderr, "%d: icmp comparisons on wrong protocol\n",
linenum);
*status = -1;
return NULL;
}
if (!*cpp)
if (!*cpp) {
*status = 0;
return &fil;
}
if (*cpp && !strcasecmp(*cpp, "flags")) {
if (!*++cpp) {
fprintf(stderr, "%d: no flags present\n", linenum);
*status = -1;
return NULL;
}
fil.fr_tcpf = tcp_flags(*cpp, &fil.fr_tcpfm, linenum);
@ -567,8 +627,10 @@ int linenum;
*/
if ((fil.fr_v == 4) && *cpp && (!strcasecmp(*cpp, "with") ||
!strcasecmp(*cpp, "and")))
if (extras(&cpp, &fil, linenum))
if (extras(&cpp, &fil, linenum)) {
*status = -1;
return NULL;
}
/*
* icmp types for use with the icmp protocol
@ -579,10 +641,13 @@ int linenum;
fprintf(stderr,
"%d: icmp with wrong protocol (%d)\n",
linenum, fil.fr_proto);
*status = -1;
return NULL;
}
if (addicmp(&cpp, &fil, linenum))
if (addicmp(&cpp, &fil, linenum)) {
*status = -1;
return NULL;
}
fil.fr_icmp = htons(fil.fr_icmp);
fil.fr_icmpm = htons(fil.fr_icmpm);
}
@ -591,8 +656,10 @@ int linenum;
* Keep something...
*/
while (*cpp && !strcasecmp(*cpp, "keep"))
if (addkeep(&cpp, &fil, linenum))
if (addkeep(&cpp, &fil, linenum)) {
*status = -1;
return NULL;
}
/*
* This is here to enforce the old interface binding behaviour.
@ -614,10 +681,12 @@ int linenum;
if (fil.fr_skip != 0) {
fprintf(stderr, "%d: cannot use skip with head\n",
linenum);
*status = -1;
return NULL;
}
if (!*++cpp) {
fprintf(stderr, "%d: head without group #\n", linenum);
*status = -1;
return NULL;
}
if (ratoui(*cpp, &k, 0, UINT_MAX))
@ -625,6 +694,7 @@ int linenum;
else {
fprintf(stderr, "%d: invalid group (%s)\n",
linenum, *cpp);
*status = -1;
return NULL;
}
cpp++;
@ -637,6 +707,7 @@ int linenum;
if (!*++cpp) {
fprintf(stderr, "%d: group without group #\n",
linenum);
*status = -1;
return NULL;
}
if (ratoui(*cpp, &k, 0, UINT_MAX))
@ -644,6 +715,7 @@ int linenum;
else {
fprintf(stderr, "%d: invalid group (%s)\n",
linenum, *cpp);
*status = -1;
return NULL;
}
cpp++;
@ -657,6 +729,7 @@ int linenum;
for (; *cpp; cpp++)
fprintf(stderr, "%s ", *cpp);
fprintf(stderr, "]\n");
*status = -1;
return NULL;
}
@ -665,6 +738,7 @@ int linenum;
*/
if ((fil.fr_tcpf || fil.fr_tcpfm) && fil.fr_proto != IPPROTO_TCP) {
fprintf(stderr, "%d: TCP protocol not specified\n", linenum);
*status = -1;
return NULL;
}
if (!(fil.fr_ip.fi_fl & FI_TCPUDP) && (fil.fr_proto != IPPROTO_TCP) &&
@ -676,6 +750,7 @@ int linenum;
fprintf(stderr,
"%d: port comparisons for non-TCP/UDP\n",
linenum);
*status = -1;
return NULL;
}
}
@ -685,9 +760,11 @@ int linenum;
fprintf(stderr,
"%d: must use 'with frags' with 'keep frags'\n",
linenum);
*status = -1;
return NULL;
}
*/
*status = 0;
return &fil;
}

View File

@ -1993,7 +1993,7 @@
7002 afs3-prserver users&groupsdatabase
7003 afs3-vlserver volumelocationdatabase
7004 afs3-kaserver AFS/Kerberosauthenticationservice
7005 afs3-volser volumemanagmentserver
7005 afs3-volser volumemanagementserver
7006 afs3-errors errorinterpretationservice
7007 afs3-bos basicoverseerprocess
7008 afs3-update server-to-serverupdater

View File

@ -58,7 +58,7 @@ extern char *sys_errlist[];
#endif
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.13 2002/12/06 11:40:27 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.15 2003/03/22 15:31:49 darrenr Exp $";
#endif
@ -399,7 +399,6 @@ int opts;
np->in_space, np->in_flags,
np->in_pmax, np->in_use);
} else {
np->in_nextip.s_addr = htonl(np->in_nextip.s_addr);
if (!(np->in_flags & IPN_FILTER)) {
printf("%s/", inet_ntoa(np->in_in[0]));
bits = countbits(np->in_in[1].s_addr);
@ -422,6 +421,8 @@ int opts;
}
if (*np->in_plabel) {
printf(" proxy port");
if (np->in_dcmp != 0)
np->in_dport = htons(np->in_dport);
if (np->in_dport != 0) {
if (pr != NULL)
sv = getservbyport(np->in_dport,
@ -473,8 +474,12 @@ int opts;
printf(" age %d/%d", np->in_age[0], np->in_age[1]);
printf("\n");
if (opts & OPT_DEBUG) {
struct in_addr nip;
nip.s_addr = htonl(np->in_nextip.s_addr);
printf("\tspace %lu nextip %s pnext %d", np->in_space,
inet_ntoa(np->in_nextip), np->in_pnext);
inet_ntoa(nip), np->in_pnext);
printf(" flags %x use %u\n",
np->in_flags, np->in_use);
}

View File

@ -47,22 +47,26 @@ int opts;
#else
PRINTF("\tpkts %ld bytes %ld", ips.is_pkts, ips.is_bytes);
#endif
if (ips.is_p == IPPROTO_TCP)
if (ips.is_p == IPPROTO_TCP) {
#if defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011) || \
(__FreeBSD_version >= 220000) || defined(__OpenBSD__)
PRINTF("\t%hu -> %hu %x:%x %u<<%d:%u<<%d",
PRINTF("\t%hu -> %hu %x:%x (max %x:%x)\n",
ntohs(ips.is_sport), ntohs(ips.is_dport),
ips.is_send, ips.is_dend,
ips.is_maxsend, ips.is_maxdend);
PRINTF("\t%u<<%d:%u<<%d",
ips.is_maxswin>>ips.is_swscale, ips.is_swscale,
ips.is_maxdwin>>ips.is_dwscale, ips.is_dwscale);
#else
PRINTF("\t%hu -> %hu %x:%x %u<<%d:%u<<%d",
PRINTF("\t%hu -> %hu %x:%x (max %x:%x)\n",
ntohs(ips.is_sport), ntohs(ips.is_dport),
ips.is_send, ips.is_dend,
ips.is_maxsend, ips.is_maxdend);
PRINTF("\t%u<<%d:%u<<%d",
ips.is_maxswin>>ips.is_swscale, ips.is_swscale,
ips.is_maxdwin>>ips.is_dwscale, ips.is_dwscale);
#endif
else if (ips.is_p == IPPROTO_UDP)
} else if (ips.is_p == IPPROTO_UDP)
PRINTF(" %hu -> %hu", ntohs(ips.is_sport),
ntohs(ips.is_dport));
else if (ips.is_p == IPPROTO_ICMP

View File

@ -51,7 +51,7 @@ i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12:
n1 n2 n3 n4 n5 n6 n7:
@/bin/sh ./nattest $@
ni1 ni2 ni3 ni4 ni5:
ni1 ni2 ni3 ni4 ni5 ni7 ni8 ni10 ni11:
@/bin/sh ./natipftest $@
in1 in2 in3 in4:

View File

@ -0,0 +1,30 @@
The contents of this directory sub tree is dedicated to regression testing
of IPFilter.
The tests are broken down into these groups:
f - filter rule tests
i - parsing & printing test of ipf rules
in - parsing & printing test of ipnat rules
ipv6 - ipv6 filter rule tests
l - logging test
n - NAT testing
ni - combined NAT & IPF tests
TEST
f1 - block/pass, in/out.
f2 - proto
f3 - from IP#
f4 - to #IP
f5 - source port
f6 - destination port
f7 - icmp-type, code
f8 - flags
f9 - ipoptions
f10 - ipoptions
f11 - keep frag/state
f12 - short/frag
f13 - keep frag/state (fragmented packets)
f14 - from !host, to !host
f15 - groups
f16 - skip
f17 - TCP state transition on flags

View File

@ -2,3 +2,4 @@ pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 keep sta
block in log first on lo0(!) proto tcp/udp from any to any keep state
pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 2049 keep frags
pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 53 keep state keep frags
pass in proto tcp from any port > 1024 to 127.0.0.1/32 port = 25 keep state

View File

@ -22,3 +22,4 @@ map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 age 30/30
map le0 0.0.0.0/0 -> 0.0.0.0/32 frag age 10/10
map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 frag age 10/20
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 frag age 30/30
map fxp0 from 192.168.0.0/18 to any port = ftp -> 1.2.3.4/32 proxy port ftp ftp/tcp

View File

@ -1,3 +1,4 @@
4500 0028 4706 4000 0111 ced8 0606 0606 0404 0404 afc9 829e 0014 0b2d 0402 0000 3be5 468d 000a cfc3
4500 0038 809a 0000 ff01 8f31 0303 0303 0202 0202 0b00 a537 0000 0000 4500 0028 4703 4000 0111 ef89 0202 0202 0404 0404 afc9 829e 0014 1d4f
4500 0028 4706 4000 0111 1eac 0606 0606 0404 0404 afc9 829e 0014 6308 0402 0000 3be5 468d 000a cfc3
4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0b00 5773 0000 0000 4500 0028 4706 4000 0111 26b4 0202 0202 0404 0404 afc9 829e 0014 6b10
4500 0044 809a 0000 ff01 3115 0303 0303 0202 0202 0b00 0131 0000 0000 4500 0028 4706 4000 0111 26b4 0202 0202 0404 0404 afc9 829e 0014 6b10 0402 0000 3be5 468d 000a cfc3
-------------------------------

View File

@ -0,0 +1,5 @@
4500 003c 4706 4000 ff06 20a2 0404 0404 0606 0606 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 0038 809a 0000 ff01 2f1f 0202 0202 0404 0404 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0404 0404 0202 0202 5000 0050 0000 0001
4500 0058 809a 0000 ff01 2cfd 0303 0303 0404 0404 0303 113f 0000 0000 4500 003c 4706 4000 ff06 20a2 0404 0404 0606 0606 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28ab 0404 0404 0202 0201 5000 0050 0000 0001
-------------------------------

View File

@ -0,0 +1,5 @@
4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 0038 809a 0000 ff01 271f 0a02 0202 0404 0404 0303 a7fb 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001
4500 0058 809a 0000 ff01 2cfd 0303 0303 0404 0404 0303 0735 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001
-------------------------------

View File

@ -1,10 +1,10 @@
4510 002c bd0d 4000 3e06 ea1d 0101 0101 c0a8 0133 9c40 0077 a664 2485 0000 0000 6002 4000 2ca8 0000 0204 05b4
4500 002c ce83 4000 7e06 98b7 c0a8 0133 0a01 0201 0077 05f6 fbdf 1a21 a664 2486 6012 2238 c0a8 0000 0204 05b4
4510 0028 bd0e 4000 3e06 ea20 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a22 5010 4470 29e3 0000
4500 005b cf83 4000 7e06 9788 c0a8 0133 0a01 0201 0077 05f6 fbdf 1a22 a664 2486 5018 2238 ce2a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0a
4510 0028 bd18 4000 3e06 ea16 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5010 4470 29b0 0000
4510 002e bd1e 4000 3e06 ea0a 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5018 4470 1c98 0000 0000 0000 0d0a
4500 0048 e383 4000 7e06 839b c0a8 0133 0a01 0201 0077 05f6 fbdf 1a55 a664 248c 5018 2232 d80a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
4500 05dc e483 4000 7e06 7d07 c0a8 0133 0a01 0201 0077 05f6 fbdf 1a75 a664 248c 5010 2232 9f2d 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3331 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
4500 0038 d71d 4000 4001 f0be 0101 0101 c0a8 0133 0304 348b 0000 05a0 4500 05dc e483 4000 7e06 8707 c0a8 0133 0101 0101 0077 9c40 fbdf 1a75
4510 002c bd0d 4000 3e06 bbd1 0101 0101 c0a8 0133 9c40 0077 a664 2485 0000 0000 6002 4000 2ca8 0000 0204 05b4
4500 002c ce83 4000 7e06 606b c0a8 0133 0a01 0201 0077 05f6 fbdf 1a21 a664 2486 6012 2238 c0a8 0000 0204 05b4
4510 0028 bd0e 4000 3e06 bbd4 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a22 5010 4470 29e3 0000
4500 005b cf83 4000 7e06 5f3c c0a8 0133 0a01 0201 0077 05f6 fbdf 1a22 a664 2486 5018 2238 ce2a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0a
4510 0028 bd18 4000 3e06 bbca 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5010 4470 29b0 0000
4510 002e bd1e 4000 3e06 bbbe 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5018 4470 1c98 0000 0000 0000 0d0a
4500 0048 e383 4000 7e06 4b4f c0a8 0133 0a01 0201 0077 05f6 fbdf 1a55 a664 248c 5018 2232 d80a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
4500 05dc e483 4000 7e06 44bb c0a8 0133 0a01 0201 0077 05f6 fbdf 1a75 a664 248c 5010 2232 9f2d 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3331 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
4500 0038 d71d 4000 4001 9fca 0101 0101 c0a8 0133 0304 444f 0000 05a0 4500 05dc e483 4000 7e06 4ebb c0a8 0133 0101 0101 0077 9c40 fbdf 1a75
-------------------------------

View File

@ -1,4 +1,4 @@
4500 003c 4706 4000 ff06 28aa 0606 0606 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 0038 809a 0000 ff01 3323 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001
4500 0058 809a 0000 ff01 3303 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 003c 4706 4000 ff06 20a2 0606 0606 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001
4500 0058 809a 0000 ff01 3101 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
-------------------------------

View File

@ -1,4 +1,4 @@
4500 003c 4706 4000 ff06 28aa 0606 0606 0404 0404 9c40 0050 0000 0001 0000 0000 a002 16d0 849a 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 0038 809a 0000 ff01 3323 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001
4500 0058 809a 0000 ff01 3303 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 003c 4706 4000 ff06 20a2 0606 0606 0404 0404 9c40 0050 0000 0001 0000 0000 a002 16d0 849a 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001
4500 0058 809a 0000 ff01 3101 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
-------------------------------

View File

@ -1,28 +1,28 @@
4500 002c 10c9 4000 ff06 3289 0101 0101 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 f5a2 0000 0204 05b4
4500 002c 10c9 4000 ff06 f232 0101 0101 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 f5a2 0000 0204 05b4
4500 002c ffdd 4000 ef06 5374 96cb e002 c0a8 0103 0015 8032 3786 76c4 bd6b c9c9 6012 269c 8369 0000 0204 0584
4500 0028 10ca 4000 ff06 328c 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 76c5 5010 269c 5aa0 0000
4500 0028 10ca 4000 ff06 f235 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 76c5 5010 269c 5aa0 0000
4500 006f ffde 4000 ef06 5330 96cb e002 c0a8 0103 0015 8032 3786 76c5 bd6b c9c9 5018 269c 967e 0000 3232 302d 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 7520 4e63 4654 5064 2053 6572 7665 7220 2866 7265 6520 6564 7563 6174 696f 6e61 6c20 6c69 6365 6e73 6529 2072 6561 6479 2e0d 0a
4500 0028 10cb 4000 ff06 328b 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 770c 5010 269c 5a59 0000
4500 0028 10cb 4000 ff06 f234 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 770c 5010 269c 5a59 0000
ippr_ftp_server_valid:junk after cmd[220-Maintained by RSSS and RSPAS IT Staff (previously known as Coombs Comp]
4500 00c7 ffdf 4000 ef06 52d7 96cb e002 c0a8 0103 0015 8032 3786 770c bd6b c9c9 5018 269c 1087 0000 3232 302d 0d0a 3232 302d 4d61 696e 7461 696e 6564 2062 7920 5253 5353 2061 6e64 2052 5350 4153 2049 5420 5374 6166 6620 2870 7265 7669 6f75 736c 7920 6b6e 6f77 6e20 6173 2043 6f6f 6d62 7320 436f 6d70 7574 696e 6720 556e 6974 290d 0a32 3230 2d41 6e79 2070 726f 626c 656d 7320 636f 6e74 6163 7420 6674 706d 6173 7465 7240 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 750d 0a32 3230 2d0d 0a32 3230 200d 0a
4500 0028 10cc 4000 ff06 328a 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5010 269c 59ba 0000
4500 0038 10cd 4000 ff06 3279 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5018 269c d1c5 0000 5553 4552 2061 6e6f 6e79 6d6f 7573 0d0a
4500 0028 10cc 4000 ff06 f233 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5010 269c 59ba 0000
4500 0038 10cd 4000 ff06 f222 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5018 269c d1c5 0000 5553 4552 2061 6e6f 6e79 6d6f 7573 0d0a
4500 0028 ffe0 4000 ef06 5375 96cb e002 c0a8 0103 0015 8032 3786 77ab bd6b c9d9 5010 269c 9a00 0000
4500 006c ffe1 4000 ef06 5330 96cb e002 c0a8 0103 0015 8032 3786 77ab bd6b c9d9 5018 269c b00f 0000 3333 3120 4775 6573 7420 6c6f 6769 6e20 6f6b 2c20 7365 6e64 2079 6f75 7220 636f 6d70 6c65 7465 2065 2d6d 6169 6c20 6164 6472 6573 7320 6173 2070 6173 7377 6f72 642e 0d0a
4500 0028 10ce 4000 ff06 3288 0101 0101 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5010 269c 5966 0000
4500 0036 10cf 4000 ff06 3279 0101 0101 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5018 269c 373f 0000 5041 5353 2061 7661 6c6f 6e40 0d0a
4500 0028 10ce 4000 ff06 f231 0101 0101 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5010 269c 5966 0000
4500 0036 10cf 4000 ff06 f222 0101 0101 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5018 269c 373f 0000 5041 5353 2061 7661 6c6f 6e40 0d0a
4500 005f ffe2 4000 ef06 533c 96cb e002 c0a8 0103 0015 8032 3786 77ef bd6b c9e7 5018 269c 895e 0000 3233 302d 596f 7520 6172 6520 7573 6572 2023 3420 6f66 2035 3020 7369 6d75 6c74 616e 656f 7573 2075 7365 7273 2061 6c6c 6f77 6564 2e0d 0a
4500 0028 10d0 4000 ff06 3286 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7826 5010 269c 5921 0000
4500 0028 10d0 4000 ff06 f22f 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7826 5010 269c 5921 0000
4500 0099 ffe3 4000 ef06 5301 96cb e002 c0a8 0103 0015 8032 3786 7826 bd6b c9e7 5018 269c d399 0000 3233 302d 0d0a 3233 302d 0d0a 3233 302d 4869 2e20 2057 6527 7265 2063 6c65 616e 696e 6720 7570 2e20 2041 6e79 2066 6565 6462 6163 6b20 6d6f 7374 2077 656c 636f 6d65 2e20 3130 2041 7567 2030 300d 0a32 3330 2d0d 0a32 3330 204c 6f67 6765 6420 696e 2061 6e6f 6e79 6d6f 7573 6c79 2e0d 0a
4500 0028 10d1 4000 ff06 3285 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7897 5010 269c 58b0 0000
4500 0030 10d2 4000 ff06 327c 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7897 5018 269c 86ae 0000 5459 5045 2049 0d0a
4500 0028 10d1 4000 ff06 f22e 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7897 5010 269c 58b0 0000
4500 0030 10d2 4000 ff06 f225 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7897 5018 269c 86ae 0000 5459 5045 2049 0d0a
4500 0038 ffe4 4000 ef06 5361 96cb e002 c0a8 0103 0015 8032 3786 7897 bd6b c9ef 5018 269c 5fae 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a
4500 0028 10d3 4000 ff06 3283 0101 0101 96cb e002 8032 0015 bd6b c9ef 3786 78a7 5010 269c 5898 0000
4500 003d 10d4 4000 ff06 3269 0101 0101 96cb e002 8032 0015 bd6b c9ef 3786 78a7 5018 269c 4b67 0000 504f 5254 2031 2c31 2c31 2c31 2c31 3238 2c35 310d 0a
4500 0028 10d3 4000 ff06 f22c 0101 0101 96cb e002 8032 0015 bd6b c9ef 3786 78a7 5010 269c 5898 0000
4500 003d 10d4 4000 ff06 f216 0101 0101 96cb e002 8032 0015 bd6b c9ef 3786 78a7 5018 269c 4b67 0000 504f 5254 2031 2c31 2c31 2c31 2c31 3238 2c35 310d 0a
4500 0046 ffe5 4000 ef06 5352 96cb e002 c0a8 0103 0015 8032 3786 78a7 bd6b ca0c 5018 269c dbc3 0000 3230 3020 504f 5254 2063 6f6d 6d61 6e64 2073 7563 6365 7373 6675 6c2e 0d0a
4500 0030 10d5 4000 ff06 3279 0101 0101 96cb e002 8032 0015 bd6b ca04 3786 78c5 5018 269c 866b 0000 5459 5045 2041 0d0a
4500 0030 10d5 4000 ff06 f222 0101 0101 96cb e002 8032 0015 bd6b ca04 3786 78c5 5018 269c 866b 0000 5459 5045 2041 0d0a
4500 0038 ffe6 4000 ef06 535f 96cb e002 c0a8 0103 0015 8032 3786 78c5 bd6b ca14 5018 269c 5f5b 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a
4500 002e 10d6 4000 ff06 327a 0101 0101 96cb e002 8032 0015 bd6b ca0c 3786 78d5 5018 269c a994 0000 4e4c 5354 0d0a
4500 002e 10d6 4000 ff06 f223 0101 0101 96cb e002 8032 0015 bd6b ca0c 3786 78d5 5018 269c a994 0000 4e4c 5354 0d0a
4500 002c ffe7 4000 ef06 536a 96cb e002 c0a8 0103 0014 8033 d9f8 11d4 0000 0000 6002 2238 d190 0000 0204 0584
4500 002c 10d7 4000 ff06 327b c0a8 0103 96cb e002 8033 0014 bd78 5c12 d9f8 11d5 6012 02f8 d734 0000 0204 0584
4500 0028 ffe8 4000 ef06 536d 96cb e002 c0a8 0103 0014 8033 d9f8 11d5 bd78 5c13 5010 269c cb1d 0000
@ -34,14 +34,14 @@ ippr_ftp_server_valid:junk after cmd[220-Maintained by RSSS and RSPAS IT Staff (
4500 0028 10da 4000 ff06 327c c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5010 6348 8e35 0000
4500 0028 10db 4000 ff06 327b c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5011 6348 8e34 0000
4500 0028 ffec 4000 ef06 5369 96cb e002 c0a8 0103 0014 8033 d9f8 1211 bd78 5c14 5010 269c cae0 0000
4500 0028 10dc 4000 ff06 327a 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 790a 5010 269c 5812 0000
4500 0028 10dc 4000 ff06 f223 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 790a 5010 269c 5812 0000
4500 0040 ffed 4000 ef06 5350 96cb e002 c0a8 0103 0015 8032 3786 790a bd6b ca1a 5018 269c 7c9e 0000 3232 3620 4c69 7374 696e 6720 636f 6d70 6c65 7465 642e 0d0a
4500 0030 10dd 4000 ff06 3271 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 7922 5018 269c 85f8 0000 5459 5045 2049 0d0a
4500 0030 10dd 4000 ff06 f21a 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 7922 5018 269c 85f8 0000 5459 5045 2049 0d0a
4500 0038 ffee 4000 ef06 5357 96cb e002 c0a8 0103 0015 8032 3786 7922 bd6b ca22 5018 269c 5ef0 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a
4500 0028 10de 4000 ff06 3278 0101 0101 96cb e002 8032 0015 bd6b ca1a 3786 7932 5010 269c 57e2 0000
4500 002e 10df 4000 ff06 3271 0101 0101 96cb e002 8032 0015 bd6b ca1a 3786 7932 5018 269c b020 0000 5155 4954 0d0a
4500 0028 10de 4000 ff06 f221 0101 0101 96cb e002 8032 0015 bd6b ca1a 3786 7932 5010 269c 57e2 0000
4500 002e 10df 4000 ff06 f21a 0101 0101 96cb e002 8032 0015 bd6b ca1a 3786 7932 5018 269c b020 0000 5155 4954 0d0a
4500 0036 ffef 4000 ef06 5358 96cb e002 c0a8 0103 0015 8032 3786 7932 bd6b ca28 5018 269c a93c 0000 3232 3120 476f 6f64 6279 652e 0d0a
4500 0028 10e0 4000 ff06 3276 0101 0101 96cb e002 8032 0015 bd6b ca20 3786 7940 5011 269c 57cd 0000
4500 0028 10e0 4000 ff06 f21f 0101 0101 96cb e002 8032 0015 bd6b ca20 3786 7940 5011 269c 57cd 0000
4500 0028 fff0 4000 ef06 5365 96cb e002 c0a8 0103 0015 8032 3786 7940 bd6b ca28 5011 269c 981b 0000
4500 0028 10e1 4000 ff06 3275 c0a8 0103 96cb e002 8032 0015 bd6b ca25 3786 7941 5010 269c 981e 0000
4500 0028 fff1 4000 ef06 5364 96cb e002 c0a8 0103 0015 8032 3786 7941 bd6b ca29 5010 269c 981a 0000

View File

@ -0,0 +1,3 @@
4500 0028 4706 4000 0111 1eac 0404 0404 0606 0606 afc9 829e 0014 6308 0402 0000 3be5 468d 000a cfc3
4500 0038 809a 0000 ff01 2f1f 0202 0202 0404 0404 0b00 f91c 0000 0000 4500 0028 4706 4000 0111 26b4 0404 0404 0202 0202 afc9 829e 0014 c966
-------------------------------

View File

@ -0,0 +1,5 @@
4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 0038 809a 0000 ff01 271f 0a02 0202 0404 0404 0303 a7fb 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001
4500 0058 809a 0000 ff01 26ff 0a02 0202 0404 0404 0303 1137 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001 0000 0000 a002 16d0 cc32 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001
-------------------------------

View File

@ -1,35 +1,35 @@
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF SYN
45 00 0028 0000 4000 3f 06 0000 01010101 02010101
45 00 0028 0000 4000 3f 06 36cd 01010101 02010101
0401 0019 00000000 00000000 50 02 2000 0000 0000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF ACK
45 00 0028 0000 4000 3f 06 0000 01010101 02010101
45 00 0028 0000 4000 3f 06 36cd 01010101 02010101
0401 0019 00000000 00000000 50 10 2000 0000 0000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 ACK
45 00 0028 0000 6000 3f 06 0000 01010101 02010101
45 00 0028 0000 6000 3f 06 16cd 01010101 02010101
0401 0019 00000000 00000000 50 10 2000 0000 0000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0
45 00 001c 0000 6000 3f 06 0000 01010101 02010101
45 00 001c 0000 6000 3f 06 16d9 01010101 02010101
0401 0019 00000000
# 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 ACK
45 00 001c 0000 6001 3f 06 0000 01010101 02010101
45 00 001c 0000 6001 3f 06 16d8 01010101 02010101
00000000 50 10 2000
# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP DF MF FO=0
45 00 0014 0000 6000 3f 11 0000 01010101 02010101
45 00 0014 0000 6000 3f 11 16d6 01010101 02010101
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
45 00 0018 0000 2000 3f 11 0000 01010101 02010101
45 00 0018 0000 2000 3f 11 56d2 01010101 02010101
0035 0035
# 1.1.1.1,1 -> 2.1.1.1,1 TTL=63 UDP MF FO=0
45 00 001c 0000 2000 3f 11 0000 01010101 02010101
45 00 001c 0000 2000 3f 11 56ce 01010101 02010101
0001 0001 0004 0000
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
45 00 001c 0000 2000 3f 11 0000 01010101 02010101
45 00 001c 0000 2000 3f 11 56ce 01010101 02010101
0035 0035 0004 0000

View File

@ -1,51 +1,51 @@
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,MF,FO=0 SYN
45 00 0028 0001 4000 3f 06 0000 01010101 02010101
45 00 0028 0001 4000 3f 06 36cc 01010101 02010101
0401 0019 00000000 00000000 50 02 2000 0000 0000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP MF ACK
45 00 0024 0002 2000 3f 06 0000 01010101 02010101
45 00 0024 0002 2000 3f 06 56cf 01010101 02010101
0401001900000000 0000000050102000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP FO=2 ACK
45 00 002c 0002 0002 3f 06 0000 01010101 02010101
45 00 002c 0002 0002 3f 06 76c5 01010101 02010101
0000000000010203 0405060708090a0b 0c0d0e0f10111213
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN
45 00 0028 0003 6000 3f 06 0000 01010101 02010101
45 00 0028 0003 6000 3f 06 16ca 01010101 02010101
0401 0019 00000000 00000000 50 10 2000 0000 0000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0
45 00 001c 0004 6000 3f 06 0000 01010101 02010101
45 00 001c 0004 6000 3f 06 16d5 01010101 02010101
0401 0019 00000000
# 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 SYN
45 00 001c 0005 6001 3f 06 0000 01010101 02010101
45 00 001c 0005 6001 3f 06 16d3 01010101 02010101
00000000 50 10 2000
# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP DF MF FO=0
45 00 0014 0006 6000 3f 11 0000 01010101 02010101
45 00 0014 0006 6000 3f 11 16d0 01010101 02010101
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
45 00 0018 0007 2000 3f 11 0000 01010101 02010101
45 00 0018 0007 2000 3f 11 56cb 01010101 02010101
0035 0035
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
45 00 001c 0008 2000 3f 11 0000 01010101 02010101
45 00 001c 0008 2000 3f 11 56c6 01010101 02010101
0035003500040000
# 1.1.1.1,53 -> 2.1.1.1,54 TTL=63 UDP MF FO=0 (short)
45 00 0018 0008 2000 3f 11 0000 01010101 02010101
45 00 0018 0008 2000 3f 11 56ca 01010101 02010101
00350036
# 1.1.1.1,21 -> 2.1.1.1,54 TTL=63 UDP MF FO=0
45 00 001c 0008 2000 3f 11 0000 01010101 02010101
45 00 001c 0008 2000 3f 11 56c6 01010101 02010101
0015003600040000
# 1.1.1.1,21 -> 2.1.1.1,54 TTL=63 TCP MF FO=0
45 00 001c 0008 2000 3f 06 0000 01010101 02010101
45 00 001c 0008 2000 3f 06 56d1 01010101 02010101
0015 0036 00000000 00000000 50 02 2000 0000 0000
# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP FO=1
45 00 001c 0008 0001 3f 11 0000 01010101 02010101
45 00 001c 0008 0001 3f 11 76c5 01010101 02010101
0000000000000000

View File

@ -1,61 +1,61 @@
# (1.1.1.1,54076,seq=0xbfd08989) -> (2.2.2.2,25,seq=0) SYN
[out,ppp0]
4500 003c 8262 0000 4006 8417 0101 0101
4500 003c 8262 0000 4006 f254 0101 0101
0202 0202 d33c 0019 bfd0 8989 0000 0000
a002 4000 6190 0000 0204 05b4 0103 0300
a002 4000 cfcd 0000 0204 05b4 0103 0300
0101 080a 008e 17f7 0000 0000
# (2.2.2.2,25,seq=0x40203436) -> (1.1.1.1,54076,seq=0xbfdfcbc9) ACK
[in,ppp0]
4500 003c 8262 0000 1106 b317 0202 0202
4500 003c 8262 0000 1106 2155 0202 0202
0101 0101 0019 d33c 4020 3436 bfdf cbc9
5010 4000 fb0c 0000 0204 0584 0103 0300
5010 4000 694a 0000 0204 0584 0103 0300
0101 080a 008e 17f7 0000 0000
# (1.1.1.1,54076,seq=0xbfd08989) -> (2.2.2.2,25,seq=0x0) SYN
[out,ppp0]
4500 003c 8265 0000 4006 8414 0101 0101
4500 003c 8265 0000 4006 f251 0101 0101
0202 0202 d33c 0019 bfd0 8989 0000 0000
a002 4000 6185 0000 0204 05b4 0103 0300
a002 4000 cfc2 0000 0204 05b4 0103 0300
0101 080a 008e 1802 0000 0000
# (2.2.2.2,25,seq=0xed674d4e) -> (1.1.1.1,54076,seq=0xbfd0898a) SYN-ACK
[in,ppp0]
4500 002c 7442 4000 2906 6947 0202 0202
4500 002c 7442 4000 2906 d784 0202 0202
0101 0101 0019 d33c ed67 4d4e bfd0 898a
6012 2118 ab84 0000 0204 0584
6012 2118 19c2 0000 0204 0584
#
# (2.2.2.2,25,seq=0xbfd0898a) -> (1.1.1.1,54076,seq=0xed674d4e) ACK
[out,ppp0]
4500 002c 8262 0000 4006 8417 0101 0101
4500 002c 8262 0000 4006 f264 0101 0101
0202 0202 d33c 0019 bfd0 898a ed67 4d4e
5010 4000 6190 0000 0000
# (1.1.1.1,54076,seq=0xcfd08989) -> (2.2.2.2,25,seq=0x0) SYN
[out,ppp0]
4500 003c 8265 0000 4006 8414 0101 0101
4500 003c 8265 0000 4006 f251 0101 0101
0202 0202 d33c 0019 cfd0 8989 0000 0000
a002 4000 6185 0000 0204 05b4 0103 0300
a002 4000 bfc2 0000 0204 05b4 0103 0300
0101 080a 008e 1802 0000 0000
# (1.1.1.1,54076,seq=0xcfd08989) -> (2.2.2.2,25,seq=0x0) SYN
[out,ppp0]
4500 003c 8266 0000 4006 8413 0101 0101
4500 003c 8266 0000 4006 f250 0101 0101
0202 0202 d33c 0019 cfd0 8989 0000 0000
a002 4000 6185 0000 0204 05b4 0103 0300
a002 4000 bfc2 0000 0204 05b4 0103 0300
0101 080a 008e 1802 0000 0000
# (2.2.2.2,25,seq=0xed674d4e) -> (1.1.1.1,54076,seq=0xcfd0898a) SYN-ACK
[in,ppp0]
4500 002c 7442 4000 2906 6947 0202 0202
4500 002c 7442 4000 2906 d784 0202 0202
0101 0101 0019 d33c ed67 4d4e cfd0 898a
6012 2118 ab84 0000 0204 0584
6012 2118 09c2 0000 0204 0584
#
# (2.2.2.2,25,seq=0xcfd0898a) -> (1.1.1.1,54076,seq=0xed674d4e) ACK
[out,ppp0]
4500 002c 8262 0000 4006 8417 0101 0101
4500 002c 8262 0000 4006 f264 0101 0101
0202 0202 d33c 0019 cfd0 898a ed67 4d4e
5010 4000 6190 0000 0000

View File

@ -1,6 +1,19 @@
#v tos len id off ttl p sum src dst
# ICMP timeout exceeded in reply to a ICMP packet going out.
[out,df0] 45 00 0028 4706 4000 01 11 ced8 0202 0202 0404 0404 afc9 829e 0014 1335 0402 0000 3be5 468d 000a cfc3
[out,df0]
4500 0028 4706 4000 0111 26b4 0202 0202
0404 0404 afc9 829e 0014 6b10 0402 0000
3be5 468d 000a cfc3
[in,df0] 45 00 0038 809a 0000 ff 01 8f31 0303 0303 0101 0101 0b00 ad3f 0000 0000 4500 0028 4703 4000 0111 e781 0606 0606 0404 0404 afc9 829e 0014 1547
[in,df0]
4500 0038 809a 0000 ff01 2919 0303 0303
0606 0606 0b00 5f7b 0000 0000
4500 0028 4706 4000 0111 1eac 0606 0606 0404 0404
afc9 829e 0014 6308
[in,df0]
4500 0044 809a 0000 ff01 290d 0303 0303
0606 0606 0b00 0939 0000 0000
4500 0028 4706 4000 0111 1eac 0606 0606 0404 0404
afc9 829e 0014 6308 0402 0000 3be5 468d 000a cfc3

View File

@ -0,0 +1,19 @@
#v tos len id off ttl p sum src dst
# ICMP dest unreachable with 64 bits in payload (in reply to a TCP packet
# going out)
[in,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 04 04 04 04 02 02 02 02 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
[out,df0]
4500 0038 809a 0000 ff01 2d1d 0303 0303 0404 0404
0303 acab 0000 0000
4500 003c 4706 4000 ff06 20a2 0404 0404 0606 0606
5000 0050 0000 0001
# ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits)
[out,df0] 45 00 00 58 80 9a 00 00 ff 01 2c fd 03 03 03 03 04 04 04 04 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 04 04 04 04 06 06 06 06 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d0 da 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
[out,df0]
4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505
0303 acab 0000 0000
4500 003c 4706 4000 ff06 28ab 0404 0404 0202 0201 5000 0050 0000 0001

View File

@ -0,0 +1,24 @@
#v tos len id off ttl p sum src dst
# ICMP dest unreachable with 64 bits in payload (in reply to a TCP packet
# going out)
[in,df0] 45 00 00 3c 47 06 40 00 ff 06 20 aa 04 04 04 04 0a 02 02 02 50 00 05 00 00 00 00 01 00 00 00 00 a0 02 16 d0 cc 32 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
[out,df0]
4500 0038 809a 0000 ff01 2d1d 0303 0303 0404 0404
0303 0fa3 0000 0000
4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101
5000 9d58 0000 0001
# ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits)
[out,df0]
4500 0058 809a 0000 ff01 2cfd 0303 0303 0404 0404
0303 0735 0000 0000
4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101
5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000
0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
[out,df0]
4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505
0303 0fa3 0000 0000
4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001

View File

@ -1,27 +1,27 @@
# Test of fragmentation required coming from the inside.
[out,xl0]
4510 002c bd0d 4000 3e06 ea1d
4510 002c bd0d 4000 3e06 b1d1
0a01 0201
c0a8 0133
05f6 0077 a664 2485 0000 0000
6002 4000 b8f2 0000 0204 05b4
[in,xl0]
4500 002c ce83 4000 7e06 98b7
4500 002c ce83 4000 7e06 606b
c0a8 0133
0a01 0201
0077 05f6 fbdf 1a21 a664 2486
6012 2238 c0a8 0000 0204 05b4 0000
[out,xl0]
4510 0028 bd0e 4000 3e06 ea20
4510 0028 bd0e 4000 3e06 b1d4
0a01 0201
c0a8 0133
05f6 0077 a664 2486 fbdf 1a22
5010 4470 b62d 0000
[in,xl0]
4500 005b cf83 4000 7e06 9788
4500 005b cf83 4000 7e06 5f3c
c0a8 0133
0a01 0201
0077 05f6 fbdf 1a22 a664 2486
@ -31,21 +31,21 @@ c0a8 0133
0000 0000 0000 0000 0000 0a
[out,xl0]
4510 0028 bd18 4000 3e06 ea16
4510 0028 bd18 4000 3e06 b1ca
0a01 0201
c0a8 0133
05f6 0077 a664 2486 fbdf 1a55
5010 4470 b5fa 0000
[out,xl0]
4510 002e bd1e 4000 3e06 ea0a
4510 002e bd1e 4000 3e06 b1be
0a01 0201
c0a8 0133
05f6 0077 a664 2486 fbdf 1a55
5018 4470 a8e2 0000 0000 0000 0d0a
[in,xl0]
4500 0048 e383 4000 7e06 839b
4500 0048 e383 4000 7e06 4b4f
c0a8 0133
0a01 0201
0077 05f6 fbdf 1a55 a664 248c
@ -54,7 +54,7 @@ c0a8 0133
0000 0000 0000 0000
[in,xl0]
4500 05dc e483 4000 7e06 7d07
4500 05dc e483 4000 7e06 44bb
c0a8 0133
0a01 0201
0077 05f6 fbdf 1a75 a664 248c
@ -152,10 +152,10 @@ c0a8 0133
0000 0000 0000 0000 0000 0000
[out,xl0]
4500 0038 d71d 4000 4001 ce16
4500 0038 d71d 4000 4001 7d22
c0a8 6401
c0a8 0133
0304 cad5 0000 05a0 4500 05dc
e483 4000 7e06 7d07 c0a8 0133 0a01 0201
0304 da99 0000 05a0 4500 05dc
e483 4000 7e06 44bb c0a8 0133 0a01 0201
0077 05f6 fbdf 1a75

View File

@ -3,8 +3,8 @@
# going out)
[out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
[in,df0] 45 00 00 38 80 9a 00 00 ff 01 33 23 03 03 03 03 01 01 01 01 03 03 ac ab 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01
[in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 ac ac 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01
# ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits)
[in,df0] 45 00 00 58 80 9a 00 00 ff 01 33 03 03 03 03 03 01 01 01 01 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d0 da 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
[in,df0] 45 00 00 58 80 9a 00 00 ff 01 28 f9 03 03 03 03 06 06 06 06 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d0 da 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00

View File

@ -3,8 +3,8 @@
# going out)
[out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
[in,df0] 45 00 00 38 80 9a 00 00 ff 01 33 23 03 03 03 03 01 01 01 01 03 03 60 6b 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01
[in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 60 6c 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01
# ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits)
[in,df0] 45 00 00 58 80 9a 00 00 ff 01 33 03 03 03 03 03 01 01 01 01 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 84 9a 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
[in,df0] 45 00 00 58 80 9a 00 00 ff 01 28 f9 03 03 03 03 06 06 06 06 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 84 9a 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00

View File

@ -4,7 +4,7 @@
6002 2238 35f9 0000 0204 05b4
[in,ppp0]
4500 002c ffdd 4000 ef06 5374 96cb e002
4500 002c ffdd 4000 ef06 131e 96cb e002
0101 0101 0015 8032 3786 76c4 bd6b c9c9
6012 269c 4313 0000 0204 0584
@ -14,7 +14,7 @@
5010 269c 9af6 0000
[in,ppp0]
4500 006f ffde 4000 ef06 5330 96cb e002
4500 006f ffde 4000 ef06 12da 96cb e002
0101 0101 0015 8032 3786 76c5 bd6b c9c9
5018 269c 5628 0000 3232 302d 636f 6f6d
6273 2e61 6e75 2e65 6475 2e61 7520 4e63
@ -28,7 +28,7 @@
5010 269c 9aaf 0000
[in,ppp0]
4500 00c7 ffdf 4000 ef06 52d7 96cb e002
4500 00c7 ffdf 4000 ef06 1281 96cb e002
0101 0101 0015 8032 3786 770c bd6b c9c9
5018 269c d030 0000 3232 302d 0d0a 3232
302d 4d61 696e 7461 696e 6564 2062 7920
@ -54,12 +54,12 @@
6e79 6d6f 7573 0d0a
[in,ppp0]
4500 0028 ffe0 4000 ef06 5375 96cb e002
4500 0028 ffe0 4000 ef06 131f 96cb e002
0101 0101 0015 8032 3786 77ab bd6b c9d9
5010 269c 59aa 0000
[in,ppp0]
4500 006c ffe1 4000 ef06 5330 96cb e002
4500 006c ffe1 4000 ef06 12da 96cb e002
0101 0101 0015 8032 3786 77ab bd6b c9d9
5018 269c 6fb9 0000 3333 3120 4775 6573
7420 6c6f 6769 6e20 6f6b 2c20 7365 6e64
@ -79,7 +79,7 @@
6c6f 6e40 0d0a
[in,ppp0]
4500 005f ffe2 4000 ef06 533c 96cb e002
4500 005f ffe2 4000 ef06 12e6 96cb e002
0101 0101 0015 8032 3786 77ef bd6b c9e7
5018 269c 4908 0000 3233 302d 596f 7520
6172 6520 7573 6572 2023 3420 6f66 2035
@ -92,7 +92,7 @@
5010 269c 9977 0000
[in,ppp0]
4500 0099 ffe3 4000 ef06 5301 96cb e002
4500 0099 ffe3 4000 ef06 12ab 96cb e002
0101 0101 0015 8032 3786 7826 bd6b c9e7
5018 269c 9343 0000 3233 302d 0d0a 3233
302d 0d0a 3233 302d 4869 2e20 2057 6527
@ -114,7 +114,7 @@
5018 269c c704 0000 5459 5045 2049 0d0a
[in,ppp0]
4500 0038 ffe4 4000 ef06 5361 96cb e002
4500 0038 ffe4 4000 ef06 130b 96cb e002
0101 0101 0015 8032 3786 7897 bd6b c9ef
5018 269c 1f58 0000 3230 3020 5479 7065
206f 6b61 792e 0d0a
@ -132,7 +132,7 @@
0a
[in,ppp0]
4500 0046 ffe5 4000 ef06 5352 96cb e002
4500 0046 ffe5 4000 ef06 12fc 96cb e002
0101 0101 0015 8032 3786 78a7 bd6b ca08
5018 269c 9b71 0000 3230 3020 504f 5254
2063 6f6d 6d61 6e64 2073 7563 6365 7373
@ -144,7 +144,7 @@
5018 269c c6bd 0000 5459 5045 2041 0d0a
[in,ppp0]
4500 0038 ffe6 4000 ef06 535f 96cb e002
4500 0038 ffe6 4000 ef06 1309 96cb e002
0101 0101 0015 8032 3786 78c5 bd6b ca10
5018 269c 1f09 0000 3230 3020 5479 7065
206f 6b61 792e 0d0a
@ -155,7 +155,7 @@
5018 269c e9e6 0000 4e4c 5354 0d0a
[in,ppp0]
4500 002c ffe7 4000 ef06 536a 96cb e002
4500 002c ffe7 4000 ef06 1314 96cb e002
0101 0101 0014 8033 d9f8 11d4 0000 0000
6002 2238 913a 0000 0204 0584
@ -165,12 +165,12 @@
6012 02f8 d734 0000 0204 0584
[in,ppp0]
4500 0028 ffe8 4000 ef06 536d 96cb e002
4500 0028 ffe8 4000 ef06 1317 96cb e002
0101 0101 0014 8033 d9f8 11d5 bd78 5c13
5010 269c 8ac7 0000
[in,ppp0]
4500 005d ffe9 4000 ef06 5337 96cb e002
4500 005d ffe9 4000 ef06 12e1 96cb e002
0101 0101 0015 8032 3786 78d5 bd6b ca16
5018 269c ae7e 0000 3135 3020 4f70 656e
696e 6720 4153 4349 4920 6d6f 6465 2064
@ -183,7 +183,7 @@
5010 6348 8e71 0000
[in,ppp0]
4500 0063 ffea 4000 ef06 5330 96cb e002
4500 0063 ffea 4000 ef06 12da 96cb e002
0101 0101 0014 8033 d9f8 11d5 bd78 5c13
5018 269c 62bf 0000 636f 6f6d 6273 7061
7065 7273 0d0a 6465 7074 730d 0a66 6f75
@ -197,7 +197,7 @@
5010 6348 8e36 0000
[in,ppp0]
4500 0028 ffeb 4000 ef06 536a 96cb e002
4500 0028 ffeb 4000 ef06 1314 96cb e002
0101 0101 0014 8033 d9f8 1210 bd78 5c13
5011 269c 8a8b 0000
@ -212,7 +212,7 @@
5011 6348 8e34 0000
[in,ppp0]
4500 0028 ffec 4000 ef06 5369 96cb e002
4500 0028 ffec 4000 ef06 1313 96cb e002
0101 0101 0014 8033 d9f8 1211 bd78 5c14
5010 269c 8a8a 0000
@ -222,7 +222,7 @@
5010 269c 9864 0000
[in,ppp0]
4500 0040 ffed 4000 ef06 5350 96cb e002
4500 0040 ffed 4000 ef06 12fa 96cb e002
0101 0101 0015 8032 3786 790a bd6b ca16
5018 269c 3c4c 0000 3232 3620 4c69 7374
696e 6720 636f 6d70 6c65 7465 642e 0d0a
@ -233,7 +233,7 @@
5018 269c c64a 0000 5459 5045 2049 0d0a
[in,ppp0]
4500 0038 ffee 4000 ef06 5357 96cb e002
4500 0038 ffee 4000 ef06 1301 96cb e002
0101 0101 0015 8032 3786 7922 bd6b ca1e
5018 269c 1e9e 0000 3230 3020 5479 7065
206f 6b61 792e 0d0a
@ -249,7 +249,7 @@
5018 269c f072 0000 5155 4954 0d0a
[in,ppp0]
4500 0036 ffef 4000 ef06 5358 96cb e002
4500 0036 ffef 4000 ef06 1302 96cb e002
0101 0101 0015 8032 3786 7932 bd6b ca24
5018 269c 68ea 0000 3232 3120 476f 6f64
6279 652e 0d0a
@ -260,7 +260,7 @@
5011 269c 981f 0000
[in,ppp0]
4500 0028 fff0 4000 ef06 5365 96cb e002
4500 0028 fff0 4000 ef06 130f 96cb e002
0101 0101 0015 8032 3786 7940 bd6b ca24
5011 269c 57c9 0000
@ -270,7 +270,7 @@
5010 269c 981e 0000
[in,ppp0]
4500 0028 fff1 4000 ef06 5364 96cb e002
4500 0028 fff1 4000 ef06 130e 96cb e002
0101 0101 0015 8032 3786 7941 bd6b ca25
5010 269c 57c8 0000

View File

@ -0,0 +1,13 @@
#v tos len id off ttl p sum src dst
# ICMP timeout exceeded in reply to a ICMP packet coming in.
[in,df0]
4500 0028 4706 4000 0111 26b4 0404 0404
0202 0202 afc9 829e 0014 6b10 0402 0000
3be5 468d 000a cfc3
[out,df0]
4500 0038 809a 0000 ff01 2d1d 0303 0303
0404 0404 0b00 0125 0000 0000
4500 0028 4706 4000 0111 1eac 0404 0404 0606 0606
afc9 829e 0014 c15e

View File

@ -0,0 +1,24 @@
#v tos len id off ttl p sum src dst
# ICMP dest unreachable with 64 bits in payload (in reply to a TCP packet
# going out)
[in,df0] 45 00 00 3c 47 06 40 00 ff 06 20 aa 04 04 04 04 0a 02 02 02 50 00 05 00 00 00 00 01 00 00 00 00 a0 02 16 d0 cc 32 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
[out,df0]
4500 0038 809a 0000 ff01 2d1d 0303 0303 0404 0404
0303 0fa3 0000 0000
4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101
5000 9d58 0000 0001
# ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits)
[out,df0]
4500 0058 809a 0000 ff01 2cfd 0303 0303 0404 0404
0303 0735 0000 0000
4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101
5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000
0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
[out,df0]
4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505
0303 0fa3 0000 0000
4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001

View File

@ -2,3 +2,4 @@ pass in on ed0 proto tcp from localhost to localhost port = telnet keep state
block in log first on lo0 proto tcp/udp from any to any keep state
pass in proto udp from localhost to localhost port = 2049 keep frags
pass in proto udp from localhost to localhost port = 53 keep state keep frags
pass in proto tcp from any port gt 1024 to localhost port eq 25 keep state

View File

@ -22,3 +22,4 @@ map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 age 30
map le0 0/0 -> 0/32 frag age 10
map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 frag age 10/20
map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 frag age 30
map fxp0 from 192.168.0.0/18 to 0/0 port = 21 -> 1.2.3.4/32 proxy port 21 ftp/tcp

View File

@ -0,0 +1,4 @@
block in all
block out all
pass in proto udp from any to any keep state
pass in proto tcp from any to any flags S keep state

View File

@ -0,0 +1 @@
rdr df0 2.2.2.2/32 port 0 -> 6.6.6.6 port 0 ip

View File

@ -0,0 +1,4 @@
block in all
block out all
pass in proto udp from any to any keep state
pass in proto tcp from any to any flags S keep state

View File

@ -0,0 +1 @@
rdr df0 10.0.0.0/8 port 1000-2000 -> 1.1.1.1 port 40000 tcp/udp

View File

@ -0,0 +1,4 @@
block in all
block out all
pass in proto udp from any to any keep state
pass in proto tcp from any to any flags S keep state

View File

@ -0,0 +1 @@
rdr df0 2.2.2.2/32 port 0 -> 6.6.6.6 port 0 ip

View File

@ -0,0 +1 @@
pass in quick proto tcp from any to any flags S/SAFR keep state

View File

@ -0,0 +1 @@
rdr df0 10.0.0.0/8 port 1000-2000 -> 1.1.1.1 port 40000 tcp/udp

264
contrib/ipfilter/test/vfycksum.pl Executable file
View File

@ -0,0 +1,264 @@
#
# validate the IPv4 header checksum.
# $bytes[] is an array of 16bit values, with $cnt elements in the array.
#
sub dosum {
local($seed) = $_[0];
local($start) = $_[1];
local($max) = $_[2];
local($idx) = $start;
local($lsum) = $seed;
for ($idx = $start, $lsum = $seed; $idx < $max; $idx++) {
$lsum += $bytes[$idx];
}
while ($lsum > 65535) {
$lsum = ($lsum & 0xffff) + ($lsum >> 16);
}
$lsum = ~$lsum & 0xffff;
return $lsum;
}
sub ipv4check {
local($base) = $_[0];
$hl = $bytes[$base] / 256;
return if (($hl >> 4) != 4); # IPv4 ?
$hl &= 0xf;
$hl <<= 1; # get the header length in 16bit words
$hs = &dosum(0, $base, $base + $hl);
$osum = $bytes[$base + 5];
if ($hs != 0) {
$bytes[$base + 5] = 0;
$hs2 = &dosum($base, 0, $base + $hl);
$bytes[$base + 5] = $osum;
printf " IP: (%x) %x != %x", $hs, $osum, $hs2;
} else {
print " IP($base): ok ";
}
#
# Recognise TCP & UDP and calculate checksums for each of these.
#
if (($bytes[$base + 4] & 0xff) == 6) {
&tcpcheck($base);
}
if (($bytes[$base + 4] & 0xff) == 17) {
&udpcheck($base);
}
if (($bytes[$base + 4] & 0xff) == 1) {
&icmpcheck($base);
}
if ($base == 0) {
print "\n";
}
}
sub tcpcheck {
local($base) = $_[0];
local($hl) = $bytes[$base] / 256;
return if (($hl >> 4) != 4);
return if ($bytes[3] & 0x1fff);
$hl &= 0xf;
$hl <<= 1;
local($hs2);
local($hs) = 6; # TCP
local($len) = $bytes[$base + 1] - ($hl << 1);
$hs += $len;
$hs += $bytes[$base + 6]; # source address
$hs += $bytes[$base + 7];
$hs += $bytes[$base + 8]; # destination address
$hs += $bytes[$base + 9];
local($tcpsum) = $hs;
local($thl) = $bytes[$base + $hl + 6] >> 8;
$thl &= 0xf0;
$thl >>= 2;
if (($bytes[$base + 1] > ($cnt - $base) * 2) ||
(($cnt - $base) * 2 < $hl + 20) ||
(($cnt - $base) * 2 < $hl + $thl)) {
print " TCP: missing data";
return;
}
local($tcpat) = $base + $hl;
$hs = &dosum($tcpsum, $tcpat, $cnt);
if ($hs != 0) {
local($osum) = $bytes[$tcpat + 8];
$bytes[$base + $hl + 8] = 0;
$hs2 = &dosum($tcpsum, $tcpat, $cnt);
$bytes[$tcpat + 8] = $osum;
printf " TCP: (%x) %x != %x", $hs, $osum, $hs2;
} else {
print " TCP: ok";
}
}
sub udpcheck {
local($base) = $_[0];
local($hl) = $bytes[0] / 256;
return if (($hl >> 4) != 4);
return if ($bytes[3] & 0x1fff);
$hl &= 0xf;
$hl <<= 1;
local($hs2);
local($hs) = 17; # UDP
local($len) = $bytes[$base + 1] - ($hl << 1);
$hs += $len;
$hs += $bytes[$base + 6]; # source address
$hs += $bytes[$base + 7];
$hs += $bytes[$base + 8]; # destination address
$hs += $bytes[$base + 9];
local($udpsum) = $hs;
if ($bytes[$base + 1] > ($cnt - $base) * 2) {
print " UDP: missing data(1)";
return;
} elsif ($bytes[$base + 1] < ($hl << 1) + 8) {
print " UDP: missing data(2)";
return;
} elsif (($cnt - $base) * 2 < ($hl << 1) + 8) {
print " UDP: missing data(3)";
return;
}
local($udpat) = $base + $hl;
$hs = &dosum($udpsum, $udpat, $cnt);
local($osum) = $bytes[$udpat + 3];
#
# It is valid for UDP packets to have a 0 checksum field.
# If it is 0, then display what it would otherwise be.
#
if ($osum == 0) {
printf " UDP: => %x", $hs;
} elsif ($hs != 0) {
$bytes[$udpat + 3] = 0;
$hs2 = &dosum($udpsum, $udpat, $cnt);
$bytes[$udpat + 3] = $osum;
printf " UDP: (%x) %x != %x", $hs, $osum, $hs2;
} else {
print " UDP: ok";
}
}
sub icmpcheck {
local($base) = $_[0];
local($hl) = $bytes[$base + 0] / 256;
return if (($hl >> 4) != 4);
return if ($bytes[3] & 0x1fff);
$hl &= 0xf;
$hl <<= 1;
local($hs);
local($hs2);
local($len) = $bytes[$base + 1] - ($hl << 1);
if ($len > $cnt * 2) {
print "missing icmp data\n";
}
local($osum) = $bytes[$base + $hl + 1];
$bytes[$hl + 1] = 0;
for ($i = $base + $hl, $hs2 = 0; $i < $cnt; $i++) {
$hs2 += $bytes[$i];
}
$hs = $hs2 + $osum;
while ($hs2 > 65535) {
$hs2 = ($hs2 & 0xffff) + ($hs2 >> 16);
}
while ($hs > 65535) {
$hs = ($hs & 0xffff) + ($hs >> 16);
}
$hs2 = ~$hs2 & 0xffff;
$hs = ~$hs & 0xffff;
if ($osum != $hs2) {
printf " ICMP: (%x) %x != %x", $hs, $osum, $hs2;
} else {
print " ICMP: ok";
}
if ($base == 0) {
$type = $bytes[$hl] >> 8;
if ($type == 3 || $type == 4 || $type == 5 ||
$type == 11 || $type == 12) {
&ipv4check($hl + 4);
}
}
}
while ($#ARGV >= 0) {
open(I, "$ARGV[0]") || die $!;
print "--- $ARGV[0] ---\n";
$multi = 0;
while (<I>) {
chop;
s/#.*//g;
#
# If the first non-comment, non-empty line of input starts
# with a '[', then allow the input to be a multi-line hex
# string, otherwise it has to be all on one line.
#
if (/^\[/) {
$multi=1;
s/^\[[^]]*\]//g;
}
s/^ *//g;
if (length == 0) {
next if ($cnt == 0);
&ipv4check(0);
$cnt = 0;
$multi = 0;
next;
}
#
# look for 16 bits, represented with leading 0's as required,
# in hex.
#
s/\t/ /g;
while (/^[0-9a-fA-F][0-9a-fA-F] [0-9a-fA-F][0-9a-fA-F] .*/) {
s/^([0-9a-fA-F][0-9a-fA-F]) ([0-9a-fA-F][0-9a-fA-F]) (.*)/$1$2 $3/;
}
while (/.* [0-9a-fA-F][0-9a-fA-F] [0-9a-fA-F][0-9a-fA-F] .*/) {
$b=$_;
s/(.*?) ([0-9a-fA-F][0-9a-fA-F]) ([0-9a-fA-F][0-9a-fA-F]) (.*)/$1 $2$3 $4/g;
}
while (/^[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F].*/) {
$x = $_;
$x =~ s/([0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]).*/$1/;
$x =~ s/ *//g;
$y = hex $x;
s/[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F] *(.*)/$1/;
$bytes[$cnt] = $y;
$cnt++;
}
#
# Pick up stragler bytes.
#
if (/^[0-9a-fA-F][0-9a-fA-F]/) {
$y = hex $_;
$bytes[$cnt++] = $y * 256;
}
if ($multi == 0 && $cnt > 0) {
&ipv4check(0);
$cnt = 0;
}
}
if ($cnt > 0) {
&ipv4check(0);
}
close(I);
shift(@ARGV);
}