d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove files not in the v3_3_8 import.

Browse Source
This commit is contained in:
Peter Wemm 2000-02-10 05:09:52 +00:00
parent 96c630d7b2
commit 0decb68047
67 changed files with 0 additions and 4830 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
contrib/ipfilter/COMPILE.2.5
View File

@ -1,11 +0,0 @@
If you get the following error whilst compiling:
In file included from /usr/local/lib/gcc-lib/sparc-sun-solaris2.3/2.6.3/include/sys/user.h:48,
from /usr/include/sys/file.h:15,
from ../ip_nat.c:15:
/usr/include/sys/psw.h:19: #error Kernel include of psw.h
Remove (comment out) the line in
/usr/local/lib/gcc-lib/sparc-sun-solaris2.3/2.6.3include/sys/user.h
which includes psw.h

19
contrib/ipfilter/COMPILE.Solaris2
View File

@ -1,19 +0,0 @@
If you have BOTH GNU make and the normal make shipped with your system,
DO NOT use the GNU make to build this package. If you have any errors
relating to "(" or "TOP", check that you are using /usr/ccs/bin/make as
shipped with Solaris 2.
If you get the following error whilst compiling:
In file included from /usr/local/lib/gcc-lib/sparc-sun-solaris2.3/2.6.3/include/sys/user.h:48,
from /usr/include/sys/file.h:15,
from ../ip_nat.c:15:
/usr/include/sys/psw.h:19: #error Kernel include of psw.h
That means that you have a version of gcc build under on older release
of Solaris 2.x
You need to reinstall gcc after each Solaris upgrade; gcc creates its own
set of modified system include files which are only valid for the exact
release on which gcc was build.

0
contrib/ipfilter/FWTK/FWTK.sed
View File

35
contrib/ipfilter/INSTALL.BSDOS
View File

@ -1,35 +0,0 @@
BSD/OS users.
-------------
First, you need to build IP Filter. Do this from the "ip_fil3.2.x"
directory with the command "make bsdos". If this completes successfully,
install the various bits and pieces with "make install-bsd".
Prior to starting, it is a good idea for you to know what your kernel config
file is (it appears that the script guesses incorrectly at present).
Once you have that in mind, run the 'kinstall' script in the correct
BSDOS3 or BSDOS4 directory. This will attempt to patch a bunch of files
or install the relevant .o files if you don't have kernel source.
It will also go and install all the IP Filter .c and .h files where they
can be find when it comes time to build the kernel.
The script will then pause and ask you for your kernel configuration
file. After you enter this, it will add "options IPFILTER" to your
kernel configuration file. IF YOU WANT TO DO LOGGING, ADD
"options IPFILTER_LOG" to your kernel configuration file NOW!
Now that you've got your kernel configuration file done, use config
to setup a new kernel build and complete with make.
When the kernel rebuilt is complete, put it into / and reboot with
your new kernel. If IP Filter has been configured into your kernel
correctly, you will see a message like this when your system boots:
IP Filter: initialized. Default = pass all, Logging = enabled
Upon logging in, the IP Filter commands ipfstat, et al, should all
function properly.
Darren

44
contrib/ipfilter/INSTALL.BSDOS3
View File

@ -1,44 +0,0 @@
BSD/OS 3.x users.
-----------------
First, you will need to either:
(a) have a source license for the kernel so you can patch some files or
(b) obtain the relevant pre-compiled .o files (I can't supply these yet).
The files which you will need patched are:
ip_input.c, ip_output.c (maybe in_proto.c and ioconf.c.i386 too - NOT sure).
First, you need to build IP Filter. Do this from the "ip_fil3.2.x"
directory with the command "make bsdos". If this completes successfully,
install the various bits and pieces with "make install-bsd".
Prior to starting, it is a good idea for you to know what your kernel config
file is (it appears that the script guesses incorrectly at present).
Once you have that in mind, run the 'kinstall' script in the BSDOS3
directory. This will attempt to patch a bunch of files. If you've
obtained the relevant .o files, ignore the errors, otherwise please
report them to me and mention which version of BSD/OS you are using
and on what platform (Sparc, i386, etc). It will also go and install
all the IP Filter .c and .h files where they can be find when it comes
time to build the kernel.
The script will then pause and ask you for your kernel configuration
file. After you enter this, it will add "options IPFILTER" to your
kernel configuration file. IF YOU WANT TO DO LOGGING, ADD
"options IPFILTER_LOG" to your kernel configuration file NOW!
Now that you've got your kernel configuration file done, use config
to setup a new kernel build and complete with make.
When the kernel rebuilt is complete, put it into / and reboot with
your new kernel. If IP Filter has been configured into your kernel
correctly, you will see a message like this when your system boots:
IP Filter: initialized. Default = pass all, Logging = enabled
Upon logging in, the IP Filter commands ipfstat, et al, should all
function properly.
Darren

108
contrib/ipfilter/INSTALL.IRIX
View File

@ -1,108 +0,0 @@
IP Filter has been mostly tested under IRIX 6.2. It should work under IRIX 6.3
as well. Under IRIX 5.3, it has been successfully compiled and linked in the
kernel, but not tested. Compilation under IRIX >= 6.4 is not yet supported.
To build a kernel with the IP filter and install it on your system,
follow these steps:
1. edit the top-level Makefile to
a) comment-out the IPFLKM definition.
This means changing the line reading:
IPFLKM=-DIPFILTER_LKM
to
#IPFLKM=-DIPFILTER_LKM
b) select the system's compiler (cc)
This means changing the line reading:
CC=gcc
to
CC=cc
b) enable full optimization
This means changing the lines reading:
DEBUG=-g
CFLAGS=-I$$(TOP)
to
DEBUG=
CFLAGS=-O2 -I$$(TOP)
1. do "make irix" (Warning: GNU make is not supported, so if it has
been installed on your system, verify your path and/or do "which make"
to guarantee that IRIX's /sbin/make has precedence)
2. do "make install-irix" as root
(a new kernel will be automatically built)
3. determine the filtering rules and place them in /etc/ipf.conf
and /etc/ipnat.conf
4. do "init 6" as root to reboot with the new kernel
After restarting, the filter should be active and behaving according to
the rules loaded from /etc/ipf.conf and /etc/ipfnat.conf.
These files can be changed at any time, and reloaded using the
following command sequence:
# sh /etc/init.d/ipf stop; sh /etc/init.d/ipf start
To remove the IP Filter from your kernel, follow these steps:
1. Delete the /var/sysgen/boot/ipfilter.o file
# rm /var/sysgen/boot/ipfilter.o
2. If SGI's ipfilter.o had been previously installed, restore it
back to its original location
# mv /var/sysgen/boot/ipfilter.o.DIST /var/sysgen/boot/ipfilter.o
3. Build a new kernel
# /etc/autoconfig
4. Delete the /etc/rc2.d/S33ipf symbolic link
# rm /etc/rc2.d/S33ipf
5. Reboot
# init 6
ADDITIONAL NOTES:
- The IP filter uses the same kernel interface to the IP driver as
SGI's ipfilter. In fact, it is installed in place of SGI's
/var/sysgen/boot/ipfilter.o module, after renaming it (if installed)
to /var/sysgen/boot/ipfilter.o.DIST. You should ensure that SGI's
ipfilterd daemon is not running simultaneously, since this package uses
the same major device number.
- We have not tested IP Filter on a multiprocessor machine yet.
However, feel free to try it and send your experiences/patches
back to marc@CAM.ORG. SGI prescribes that kernel code be built on such
systems with -D_MP_NETLOCKS -DMP. Therefore, these flags should
probably be uncommented on the DFLAGS line of IRIX/Makefile if your
machine has more than one processor.
- It is also possible to build IP Filter as a dynamically loadable
kernel module (by retaining the IPFLKM=-DIPFILTER_LKM definition in the
top-level Makefile), but this is not recommended other than for testing
and debugging purposes, because the only possible method for dynamic
attachment to the IP stack (instruction patching) is highly dependent
on the processor architecture. The code provided has only been tested
with IP22 CPU boards and can sometime cause panics during loading due
to a potential race condition.
CREDITS:
IP Filter was ported to IRIX by Marc Boucher <marc@CAM.ORG>
Marc Boucher wishes to thank the
ICARI Institute (http://www.icari.qc.ca)
and
Aurelio Cascio <aurelio@toonboom.com>
for their financial support and testing facilities, respectively.

50
contrib/ipfilter/INSTALL.Linux
View File

@ -1,50 +0,0 @@
IP-Filter on Linux 2.0.31
-------------------------
NOTE: I have *ONLY* compiled and created patches for using IP Filter on
Linux 2.0.31. Any other kernel revision may need seprate patches.
Also, I've only tested on a x86 CPU so I can't make any guarantees
about it working on Sparc/Mac/Amiga.
First, you should do a sanity check of your system to make sure it will
compile IP Filter. You will need a "libfl" and a "libelf". If you don't
have these, install them before proceeding.
The installation and compiliation process assumes that Linux 2.0.31
will be in the /usr/src/linux directory and that all the symbolic links
in /usr/include match. /usr/src/linux may be a symbolic link too, but
it must point to a 2.0.31 kernel source tree.
The first step is to make the IP Filter binaries. Do this with a
"make linux" from the ip_fil3.2.x directory. If this completes with
no errors, install IP Filter with a "make install-linux".
Now that the user part of it is complete, it is time to work on the kernel.
To start this off, run "Linux/minstall". This will configure the devices
you will need for the IP Filter. Then run "Linux/kinstall". This will
patch your kernel source code and configuration files so you can enabled IP
Filter. You must now go to /usr/src/linux and configure your kernel using one
of the available interfaces to enable IP Filter. IP Filter will be presented
as a three way choice "y/m/n" - select "m" to enable it. Save your kernel
configuration file, rebuild, install and reboot with the new kernel.
When you've rebooted with the new kernel, you should be able to load
IP Filter with the command "insmod if_ipl". All going will, you will
see a message like this on your console:
IP Filter: initialized. Default = pass all, Logging = enabled
indicating that IP Filter has successfully been loaded into the kernel
and is awaiting.
Darren
Features Not Available on Linux, yet:
- compiled into the kernel
"<action> in on <if> to <if> ..."
"<action> in on <if> dup-to <if> ..."
"<action> in on <if> fastroute ..."
"block return-rst ..."
"map ... proxy ..." (Linux's masquerading is better at present)

59
contrib/ipfilter/INSTALL.NetBSD
View File

@ -1,59 +0,0 @@
To build a kernel for use with the loadable kernel module, follow these
steps:
1. do "make netbsd"
2. do "make install-bsd"
(probably has to be done as root)
3(a) NetBSD systems prior to 1.2:
run "NetBSD/minstall" as root
3(b) NetBSD 1.2 systems or later:
run "NetBSD-1.2/minstall" as root
4. build a new kernel
5. install and reboot with the new kernel
6. use modload(8) to load the packet filter with:
modload if_ipl.o
7. do "modstat" to confirm that it has been loaded successfully.
There is no need to use mknod to create the device in /dev;
- upon loading the module, it will create itself with the correct values,
under the name (IPL_NAME) from the Makefile. It will also remove itself
from /dev when it is modunload'd.
To build a kernel with the IP filter, follow these steps:
1. do "make netbsd"
2. do "make install-bsd"
(probably has to be done as root)
3(a) NetBSD systems prior to 1.2:
run "NetBSD/kinstall" as root
3(b) NetBSD 1.2 systems or later:
run "NetBSD-1.2/kinstall" as root
3(c) If conf.c fails on the 2nd hunk of the patch, you will have to
manually apply the patch.
4. build a new kernel
5. Create device files. For NetBSD-1.2 (or later), use 49 as the
major number. For NetBSD-1.1 or earlier, use 59. Run these
commands as root, substituting <major> for the appropriate number:
mknod /dev/ipl c <major> 0
mknod /dev/ipnat c <major> 1
mknod /dev/ipstate c <major> 2
mknod /dev/ipauth c <major> 3
** NOTE: both the numbers 49 and 59 should be substituted with
whatever number you inserted it into conf.c as.
6. install and reboot with the new kernel
Darren Reed
darrenr@pobox.com

28
contrib/ipfilter/INSTALL.Sol2
View File

@ -1,28 +0,0 @@
For those running Solaris 2.5 or later, please read COMPILE.2.5 before
building IP Filter.
Type "make solaris" to build all the required binaries. DO NOT USE THE
GNU make!!!
Once IP Filter has been successfully compiled, you may then install it using
the usual package method (using pkgadd), however, the package needs to be
created, prior to pkgadd'ing. To create the package in /var/spool/pkg, change
directory to SunOS5 and enter the following command:
make package
This will build the package into SunOS5/<arch>/root, copy that to
/var/spool/pkg as a package and then start the installation using
pkgadd.
As part of the postinstall script, it will install loadable kernel module
as part of Solaris 2 (using add_drv) making it available for immeadiate use.
IP Filter will be installed into /opt/CYBSipf (programs, manual pages and
examples) and create a directory /etc/opt/CYBSipf with a null body file
called "ipf.conf" using touch. The rc scripts have been written to look
for the configuration file here, using the installed binaries in /sbin.
Darren Reed
darrenr@pobox.com

40
contrib/ipfilter/INSTALL.SunOS
View File

@ -1,40 +0,0 @@
To install as a Loadable Kernel Module (LKM):
1. do a "make solaris" in this directory
2. Run the script "SunOS4/minstall" as root.
3. change directory to SunOS4 and run "make install"
4. Reboot using the new kernel
5. use modload(8) to load the packet filter with:
modload if_ipl.o
6. do "modstat" to confirm that it has been loaded successfully.
There is no need to use mknod to create the device in /dev;
- upon loading the module, it will create itself with the correct
values, under the name (IPL_NAME) from the Makefile. It will
also remove itself from /dev when it is modunload'd.
To install as part of a SunOS 4.1.x kernel:
1. do a "make solaris" in this directory
2. Run the script "SunOS4/kinstall" as root.
NOTE: This script sets up /dev/ipl as char. device 59,0
in /sys/sun/conf.c
3. Run the following commands as root:
mknod /dev/ipl c 59 0
mknod /dev/ipnat c 59 1
mknod /dev/ipstate c 59 2
mknod /dev/ipauth c 59 3
4. Reboot using the new kernel
Darren Reed
darrenr@pobox.com

44
contrib/ipfilter/INSTALL.xBSD
View File

@ -1,44 +0,0 @@
To build a kernel for use with the loadable kernel module, follow these
steps:
1. do "make bsd"
2. cd to the "BSD" directory and type "make install"
3. run "4bsd/minstall" as root
4. build a new kernel
5. install and reboot with the new kernel
6. use modload(8) to load the packet filter with:
modload if_ipl.o
7. do "modstat" to confirm that it has been loaded successfully.
There is no need to use mknod to create the device in /dev;
- upon loading the module, it will create itself with the correct values,
under the name (IPL_NAME) from the Makefile. It will also remove itself
from /dev when it is modunload'd.
To build a kernel with the IP filter, follow these steps:
1. do "make bsd"
2. cd to the "BSD" directory and type "make install"
3. run "4bsd/kinstall" as root
4. build a new kernel
5. create devices for IP Filter as follows (assuming it was
installed into the device table as char dev 20):
mknod /dev/ipl c 20 0
mknod /dev/ipnat c 20 1
mknod /dev/ipstate c 20 2
mknod /dev/ipauth c 20 3
6. install and reboot with the new kernel
Darren
darrenr@pobox.com

16
contrib/ipfilter/buildlinux
View File

@ -1,16 +0,0 @@
#!/bin/sh
LINUX=`uname -r | perl -e '$_=<>;@F=split(/\./);printf "%02d%02d\n",$F[0],$F[1];';`
case ${LINUX} in
0200)
make linuxrev "LINUXK=-DLINUX=${LINUX}"
;;
0201)
make linuxrev "LINUXK=-DLINUX=${LINUX}"
;;
*)
echo "invalid linux version $LINUX"
exit 1;
;;
esac
exit 0

49
contrib/ipfilter/buildsunos
View File

@ -1,49 +0,0 @@
#! /bin/sh
if [ ! -f netinet/done ] ; then
echo "Do NOT run this script directly, do 'make solaris'!"
exit 1
fi
# $Id: buildsunos,v 2.1.2.1 1999/08/08 13:55:20 darrenr Exp $
:
rev=`uname -r | sed -e 's/^\([^\.]*\)\..*/\1/'`
if [ -d /usr/ccs/bin ] ; then
PATH=/usr/ccs/bin:${PATH}
fi
if [ $rev = 5 ] ; then
cpu=`uname -p`
cpudir=${cpu}-`uname -r`
solrev=`uname -r | sh -c 'IFS=. read j n x; echo $n'`
if [ ! -d SunOS5/${cpudir} -a ! -h SunOS5/${cpudir} ] ; then
mkdir -p SunOS5/${cpudir}
fi
/bin/rm -f SunOS5/${cpudir}/Makefile
/bin/rm -f SunOS5/${cpudir}/Makefile.ipsend
ln -s `pwd`/SunOS5/Makefile SunOS5/${cpudir}/Makefile
ln -s `pwd`/SunOS5/Makefile.ipsend SunOS5/${cpudir}/Makefile.ipsend
ARCHINC=
XARCH=
if [ -d /opt/SUNWspro/bin ] ; then
CC="/opt/SUNWspro/bin/cc ${CFL}"
export CC
/bin/optisa sparcv9 >/dev/null 2>&1
if [ $? -eq 0 ] ; then
ARCHINC="-I/usr/include/v9"
XARCH="-xarch=v9 -xchip=ultra -dalign -xcode=abs32"
fi
else
CC=gcc
fi
else
cpu=`uname -m`
cpudir=${cpu}-`uname -r`
fi
if [ $cpu = i386 ] ; then
make ${1+"$@"} sunos5x86 SOLARIS2="-DSOLARIS2=$solrev" CPU= CPUDIR=${cpudir} CC="$CC $XARCH" XARCH="$XARCH" ARCHINC="$ARCHINC"
exit $?
fi
if [ x$solrev = x ] ; then
make ${1+"$@"} sunos$rev "ARCH=`uname -m`"
exit $?
fi
make ${1+"$@"} sunos$rev SOLARIS2="-DSOLARIS2=$solrev" CPU= CPUDIR=${cpudir} CC="$CC $XARCH" XARCH="$XARCH" ARCHINC="$ARCHINC"
exit $?

2
contrib/ipfilter/etc/etc.sed
View File

@ -1,2 +0,0 @@
Æ . Ä..'! CVS
 protocols

83
contrib/ipfilter/ipl_ldev.c
View File

@ -1,83 +0,0 @@
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
/*
* routines below for saving IP headers to buffer
*/
int iplopen(struct inode * inode, struct file * filp)
{
u_int min = MINOR(inode->i_rdev);
if (flags & FWRITE)
return ENXIO;
if (min)
return ENXIO;
iplbusy++;
return 0;
}
int iplclose(struct inode * inode, struct file * filp)
{
u_int min = MINOR(inode->i_rdev);
if (min)
return ENXIO;
iplbusy--;
return 0;
}
/*
* iplread/ipllog
* all three of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
int iplread(struct inode *inode, struct file *file, char *buf, int count)
{
register int ret, s;
register size_t sz, sx;
int error;
if (!uio->uio_resid)
return 0;
while (!iplused) {
error = SLEEP(iplbuf, "ipl sleep");
if (error)
return error;
}
SPLNET(s);
ret = sx = sz = MIN(count, iplused);
if (iplh < iplt)
sz = MIN(sz, LOGSIZE - (iplt - iplbuf));
sx -= sz;
memcpy_tofs(buf, iplt, sz);
buf += sz;
iplt += sz;
iplused -= sz;
if ((iplh < iplt) && (iplt == iplbuf + LOGSIZE))
iplt = iplbuf;
if (sx) {
memcpy_tofs(buf, iplt, sx);
ret += sx;
iplt += sx;
iplused -= sx;
if ((iplh < iplt) && (iplt == iplbuf + LOGSIZE))
iplt = iplbuf;
}
if (!iplused) /* minimise wrapping around the end */
iplh = iplt = iplbuf;
SPLX(s);
return ret;
}

201
contrib/ipfilter/ipsd/ip_compat.h
View File

@ -1,201 +0,0 @@
/*
* (C)opyright 1995 by Darren Reed.
*
* This code may be freely distributed as long as it retains this notice
* and is not changed in any way. The author accepts no responsibility
* for the use of this software. I hate legaleese, don't you ?
*
* @(#)ip_compat.h 1.1 9/14/95
*/
/*
* These #ifdef's are here mainly for linux, but who knows, they may
* not be in other places or maybe one day linux will grow up and some
* of these will turn up there too.
*/
#ifndef ICMP_UNREACH
# define ICMP_UNREACH ICMP_DEST_UNREACH
#endif
#ifndef ICMP_SOURCEQUENCH
# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH
#endif
#ifndef ICMP_TIMXCEED
# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED
#endif
#ifndef ICMP_PARAMPROB
# define ICMP_PARAMPROB ICMP_PARAMETERPROB
#endif
#ifndef IPVERSION
# define IPVERSION 4
#endif
#ifndef IPOPT_MINOFF
# define IPOPT_MINOFF 4
#endif
#ifndef IPOPT_COPIED
# define IPOPT_COPIED(x) ((x)&0x80)
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#endif
#ifndef IP_MF
# define IP_MF ((u_short)0x2000)
#endif
#ifndef ETHERTYPE_IP
# define ETHERTYPE_IP ((u_short)0x0800)
#endif
#ifndef TH_FIN
# define TH_FIN 0x01
#endif
#ifndef TH_SYN
# define TH_SYN 0x02
#endif
#ifndef TH_RST
# define TH_RST 0x04
#endif
#ifndef TH_PUSH
# define TH_PUSH 0x08
#endif
#ifndef TH_ACK
# define TH_ACK 0x10
#endif
#ifndef TH_URG
# define TH_URG 0x20
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#endif
#ifndef IPOPT_RR
# define IPOPT_RR 7
#endif
#ifndef IPOPT_TS
# define IPOPT_TS 68
#endif
#ifndef IPOPT_SECURITY
# define IPOPT_SECURITY 130
#endif
#ifndef IPOPT_LSRR
# define IPOPT_LSRR 131
#endif
#ifndef IPOPT_SATID
# define IPOPT_SATID 136
#endif
#ifndef IPOPT_SSRR
# define IPOPT_SSRR 137
#endif
#ifndef IPOPT_SECUR_UNCLASS
# define IPOPT_SECUR_UNCLASS ((u_short)0x0000)
#endif
#ifndef IPOPT_SECUR_CONFID
# define IPOPT_SECUR_CONFID ((u_short)0xf135)
#endif
#ifndef IPOPT_SECUR_EFTO
# define IPOPT_SECUR_EFTO ((u_short)0x789a)
#endif
#ifndef IPOPT_SECUR_MMMM
# define IPOPT_SECUR_MMMM ((u_short)0xbc4d)
#endif
#ifndef IPOPT_SECUR_RESTR
# define IPOPT_SECUR_RESTR ((u_short)0xaf13)
#endif
#ifndef IPOPT_SECUR_SECRET
# define IPOPT_SECUR_SECRET ((u_short)0xd788)
#endif
#ifndef IPOPT_SECUR_TOPSECRET
# define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5)
#endif
#ifdef linux
# define icmp icmphdr
# define icmp_type type
# define icmp_code code
/*
* From /usr/include/netinet/ip_var.h
* !%@#!$@# linux...
*/
struct ipovly {
caddr_t ih_next, ih_prev; /* for protocol sequence q's */
u_char ih_x1; /* (unused) */
u_char ih_pr; /* protocol */
short ih_len; /* protocol length */
struct in_addr ih_src; /* source internet address */
struct in_addr ih_dst; /* destination internet address */
};
typedef struct {
__u16 th_sport;
__u16 th_dport;
__u32 th_seq;
__u32 th_ack;
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
defined(vax)
__u8 th_res:4;
__u8 th_off:4;
#else
__u8 th_off:4;
__u8 th_res:4;
#endif
__u8 th_flags;
__u16 th_win;
__u16 th_sum;
__u16 th_urp;
} tcphdr_t;
typedef struct {
__u16 uh_sport;
__u16 uh_dport;
__s16 uh_ulen;
__u16 uh_sum;
} udphdr_t;
typedef struct {
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
defined(vax)
__u8 ip_hl:4;
__u8 ip_v:4;
# else
__u8 ip_hl:4;
__u8 ip_v:4;
# endif
__u8 ip_tos;
__u16 ip_len;
__u16 ip_id;
__u16 ip_off;
__u8 ip_ttl;
__u8 ip_p;
__u16 ip_sum;
struct in_addr ip_src;
struct in_addr ip_dst;
} ip_t;
typedef struct {
__u8 ether_dhost[6];
__u8 ether_shost[6];
__u16 ether_type;
} ether_header_t;
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define ifnet device
#else
typedef struct udphdr udphdr_t;
typedef struct tcphdr tcphdr_t;
typedef struct ip ip_t;
typedef struct ether_header ether_header_t;
#endif
#ifdef solaris
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define bzero(a,b) memset(a,0,b)
#endif

0
contrib/ipfilter/ipsd/ipsd.sed
View File

242
contrib/ipfilter/ipsend/ip_compat.h
View File

@ -1,242 +0,0 @@
/*
* (C)opyright 1995 by Darren Reed.
*
* This code may be freely distributed as long as it retains this notice
* and is not changed in any way. The author accepts no responsibility
* for the use of this software. I hate legaleese, don't you ?
*
* @(#)ip_compat.h 1.2 12/7/95
*/
/*
* These #ifdef's are here mainly for linux, but who knows, they may
* not be in other places or maybe one day linux will grow up and some
* of these will turn up there too.
*/
#ifndef ICMP_UNREACH
# define ICMP_UNREACH ICMP_DEST_UNREACH
#endif
#ifndef ICMP_SOURCEQUENCH
# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH
#endif
#ifndef ICMP_TIMXCEED
# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED
#endif
#ifndef ICMP_PARAMPROB
# define ICMP_PARAMPROB ICMP_PARAMETERPROB
#endif
#ifndef IPVERSION
# define IPVERSION 4
#endif
#ifndef IPOPT_MINOFF
# define IPOPT_MINOFF 4
#endif
#ifndef IPOPT_COPIED
# define IPOPT_COPIED(x) ((x)&0x80)
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#endif
#ifndef IP_MF
# define IP_MF ((u_short)0x2000)
#endif
#ifndef ETHERTYPE_IP
# define ETHERTYPE_IP ((u_short)0x0800)
#endif
#ifndef TH_FIN
# define TH_FIN 0x01
#endif
#ifndef TH_SYN
# define TH_SYN 0x02
#endif
#ifndef TH_RST
# define TH_RST 0x04
#endif
#ifndef TH_PUSH
# define TH_PUSH 0x08
#endif
#ifndef TH_ACK
# define TH_ACK 0x10
#endif
#ifndef TH_URG
# define TH_URG 0x20
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#endif
#ifndef IPOPT_RR
# define IPOPT_RR 7
#endif
#ifndef IPOPT_TS
# define IPOPT_TS 68
#endif
#ifndef IPOPT_SECURITY
# define IPOPT_SECURITY 130
#endif
#ifndef IPOPT_LSRR
# define IPOPT_LSRR 131
#endif
#ifndef IPOPT_SATID
# define IPOPT_SATID 136
#endif
#ifndef IPOPT_SSRR
# define IPOPT_SSRR 137
#endif
#ifndef IPOPT_SECUR_UNCLASS
# define IPOPT_SECUR_UNCLASS ((u_short)0x0000)
#endif
#ifndef IPOPT_SECUR_CONFID
# define IPOPT_SECUR_CONFID ((u_short)0xf135)
#endif
#ifndef IPOPT_SECUR_EFTO
# define IPOPT_SECUR_EFTO ((u_short)0x789a)
#endif
#ifndef IPOPT_SECUR_MMMM
# define IPOPT_SECUR_MMMM ((u_short)0xbc4d)
#endif
#ifndef IPOPT_SECUR_RESTR
# define IPOPT_SECUR_RESTR ((u_short)0xaf13)
#endif
#ifndef IPOPT_SECUR_SECRET
# define IPOPT_SECUR_SECRET ((u_short)0xd788)
#endif
#ifndef IPOPT_SECUR_TOPSECRET
# define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5)
#endif
#ifdef linux
# if LINUX < 0200
# define icmp icmphdr
# define icmp_type type
# define icmp_code code
# endif
/*
* From /usr/include/netinet/ip_var.h
* !%@#!$@# linux...
*/
struct ipovly {
caddr_t ih_next, ih_prev; /* for protocol sequence q's */
u_char ih_x1; /* (unused) */
u_char ih_pr; /* protocol */
short ih_len; /* protocol length */
struct in_addr ih_src; /* source internet address */
struct in_addr ih_dst; /* destination internet address */
};
typedef struct {
__u16 th_sport;
__u16 th_dport;
__u32 th_seq;
__u32 th_ack;
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
defined(vax)
__u8 th_res:4;
__u8 th_off:4;
#else
__u8 th_off:4;
__u8 th_res:4;
#endif
__u8 th_flags;
__u16 th_win;
__u16 th_sum;
__u16 th_urp;
} tcphdr_t;
typedef struct {
__u16 uh_sport;
__u16 uh_dport;
__s16 uh_ulen;
__u16 uh_sum;
} udphdr_t;
typedef struct {
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
defined(vax)
__u8 ip_hl:4;
__u8 ip_v:4;
# else
__u8 ip_hl:4;
__u8 ip_v:4;
# endif
__u8 ip_tos;
__u16 ip_len;
__u16 ip_id;
__u16 ip_off;
__u8 ip_ttl;
__u8 ip_p;
__u16 ip_sum;
struct in_addr ip_src;
struct in_addr ip_dst;
} ip_t;
typedef struct {
__u8 ether_dhost[6];
__u8 ether_shost[6];
__u16 ether_type;
} ether_header_t;
typedef struct icmp {
u_char icmp_type; /* type of message, see below */
u_char icmp_code; /* type sub code */
u_short icmp_cksum; /* ones complement cksum of struct */
union {
u_char ih_pptr; /* ICMP_PARAMPROB */
struct in_addr ih_gwaddr; /* ICMP_REDIRECT */
struct ih_idseq {
n_short icd_id;
n_short icd_seq;
} ih_idseq;
int ih_void;
} icmp_hun;
#define icmp_pptr icmp_hun.ih_pptr
#define icmp_gwaddr icmp_hun.ih_gwaddr
#define icmp_id icmp_hun.ih_idseq.icd_id
#define icmp_seq icmp_hun.ih_idseq.icd_seq
#define icmp_void icmp_hun.ih_void
union {
struct id_ts {
n_time its_otime;
n_time its_rtime;
n_time its_ttime;
} id_ts;
struct id_ip {
ip_t idi_ip;
/* options and then 64 bits of data */
} id_ip;
u_long id_mask;
char id_data[1];
} icmp_dun;
#define icmp_otime icmp_dun.id_ts.its_otime
#define icmp_rtime icmp_dun.id_ts.its_rtime
#define icmp_ttime icmp_dun.id_ts.its_ttime
#define icmp_ip icmp_dun.id_ip.idi_ip
#define icmp_mask icmp_dun.id_mask
#define icmp_data icmp_dun.id_data
} icmphdr_t;
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define ifnet device
#else
typedef struct udphdr udphdr_t;
typedef struct tcphdr tcphdr_t;
typedef struct ip ip_t;
typedef struct ether_header ether_header_t;
#endif
#if defined(__SVR4) || defined(__svr4__)
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define bzero(a,b) memset(a,0,b)
#endif

3
contrib/ipfilter/ipsend/ipsend.sed
View File

@ -1,3 +0,0 @@
0Æ . Ä,..+ CVS0Í
.cvsignore0Î44arp.c0Ï Crashable0ÐMakefile0Ñarp.c0Ò
dlcommon.c0Ódltest.h0Ôin_var.h0Õip.c0Ö ip_compat.h0×ip_var.h0Ø

109
contrib/ipfilter/man/ipf.1
View File

@ -1,109 +0,0 @@
.TH IPF 1
.SH NAME
ipf \- alters packet filtering lists for IP packet input and ouput
.SH SYNOPSIS
.B ipf
[
.B \-AdDEInorsUvyzZ
] [
.B \-l
<block|pass|nomatch>
] [
.B \-F
<i|o|a>
]
.B \-f
<\fIfilename\fP>
[
.B \-f
<\fIfilename\fP>
[...]]
.SH DESCRIPTION
.PP
\fBipf\fP opens the filenames listed (treating "\-" as stdin) and parses the
file for a set of rules which are to be added or removed from the packet
filter rule set.
.PP
Each rule processed by \fBipf\fP
is added to the kernel's internal lists if there are no parsing problems.
Rules are added to the end of the internal lists, matching the order in
which they appear when given to \fBipf\fP.
.SH OPTIONS
.TP
.B \-A
Set the list to make changes to the active list (default).
.TP
.B \-d
Turn debug mode on. Causes a hexdump of filter rules to be generated as
it processes each one.
.TP
.B \-D
Disable the filter (if enabled). Not effective for loadable kernel versions.
.TP
.B \-E
Enable the filter (if disabled). Not effective for loadable kernel versions.
.TP
.BR \-F \0<param>
This option specifies which filter list to flush. The parameter should
either be "i" (input), "o" (output) or "a" (remove all filter rules).
Either a single letter or an entire word starting with the appropriate
letter maybe used. This option maybe before, or after, any other with
the order on the command line being that used to execute options.
.TP
.BR \-f \0<filename>
This option specifies which files
\fBipf\fP should use to get input from for modifying the packet filter rule
lists.
.TP
.B \-I
Set the list to make changes to the inactive list.
.TP
.B \-l \0<param>
Use of the \fB-l\fP flag toggles default logging of packets. Valid
arguments to this option are \fBpass\fP, \fBblock\fP and \fBnomatch\fP.
When an option is set, any packet which exits filtering and matches the
set category is logged. This is most useful for causing all packets
which don't match any of the loaded rules to be logged.
.TP
.B \-n
This flag (no-change) prevents \fBipf\fP from actually making any ioctl
calls or doing anything which would alter the currently running kernel.
.TP
.B \-o
Force rules by default to be added/deleted to/from the output list, rather
than the (default) input list.
.TP
.B \-r
Remove matching filter rules rather than add them to the internal lists
.TP
.B \-s
Swap the active filter list in use to be the "other" one.
.TP
.B \-U
(SOLARIS 2 ONLY) Block packets travelling along the data stream which aren't
recognised as IP packets. They will be printed out on the console.
.TP
.B \-v
Turn verbose mode on. Displays information relating to rule processing.
.TP
.B \-y
(SOLARIS 2 ONLY) Manually resync the in-kernel interface list maintained
by IP Filter with the current interface status list.
.TP
.B \-z
For each rule in the input file, reset the statistics for it to zero and
display the statistics prior to them being zero'd.
.TP
.B \-Z
Zero global statistics held in the kernel for filtering only (this doesn't
affect fragment or state statistics).
.DT
.SH SEE ALSO
ipfstat(8), ipftest(1), ipf(5)
.SH DIAGNOSTICS
.PP
Needs to be run as root for the packet filtering lists to actually
be affected inside the kernel.
.SH BUGS
.PP
If you find any, please send email to me at darrenr@cyber.com.au

1
contrib/ipfilter/man/man.sed
View File

@ -1 +0,0 @@
DF . Ä.. CVSD~MakefileDipf.1D€ipf.4D<EFBFBD>ipf.5D

5
contrib/ipfilter/rules/rules.sed
View File

@ -1,5 +0,0 @@
WÆ . Ä..'& CVSWÜ example.1WÝ
example.10WÞ
example.11Wß
example.12Wà
example.13Wá example.2Wâ example.3Wã example.4Wä example.5Wå example.6Wæ example.7Wç example.8Wè example.9Wé

16
contrib/ipfilter/test/expected/1
View File

@ -1,16 +0,0 @@
block
block
nomatch
nomatch
pass
pass
nomatch
nomatch
nomatch
nomatch
block
block
nomatch
nomatch
pass
pass

108
contrib/ipfilter/test/expected/10
View File

@ -1,108 +0,0 @@
nomatch
block
nomatch
nomatch
nomatch
nomatch
pass
pass
pass
nomatch
nomatch
pass
block
block
block
nomatch
nomatch
block
pass
pass
pass
nomatch
nomatch
pass
block
block
nomatch
nomatch
nomatch
block
pass
pass
nomatch
nomatch
nomatch
pass
block
block
block
block
block
block
pass
pass
pass
pass
pass
pass
nomatch
block
block
block
nomatch
block
nomatch
pass
pass
pass
nomatch
pass
nomatch
pass
nomatch
nomatch
nomatch
nomatch
nomatch
block
block
block
block
block
nomatch
pass
pass
pass
pass
pass
block
block
nomatch
block
nomatch
block
pass
pass
nomatch
pass
nomatch
pass
block
block
block
block
block
block
pass
pass
pass
pass
pass
pass
block
block
block
nomatch
nomatch
block

66
contrib/ipfilter/test/expected/11
View File

@ -1,66 +0,0 @@
pass
pass
pass
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block
block
block
block
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
pass
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block
block
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
pass
pass
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block
block
block
nomatch
nomatch

54
contrib/ipfilter/test/expected/12
View File

@ -1,54 +0,0 @@
pass
pass
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
pass
pass
pass
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block
block
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block
block
block
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
pass
nomatch
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block

40
contrib/ipfilter/test/expected/14
View File

@ -1,40 +0,0 @@
nomatch
block
nomatch
nomatch
nomatch
nomatch
pass
nomatch
nomatch
nomatch
nomatch
block
block
nomatch
nomatch
nomatch
pass
pass
nomatch
nomatch
nomatch
block
block
block
nomatch
nomatch
pass
pass
pass
nomatch
block
block
block
block
block
pass
pass
pass
pass
pass

36
contrib/ipfilter/test/expected/2
View File

@ -1,36 +0,0 @@
block
block
nomatch
nomatch
nomatch
nomatch
pass
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block
block
nomatch
nomatch
nomatch
nomatch
pass
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block
block
nomatch
nomatch
nomatch
nomatch
pass
pass

40
contrib/ipfilter/test/expected/3
View File

@ -1,40 +0,0 @@
nomatch
block
nomatch
nomatch
nomatch
nomatch
pass
nomatch
nomatch
nomatch
nomatch
block
block
nomatch
nomatch
nomatch
pass
pass
nomatch
nomatch
nomatch
block
block
block
nomatch
nomatch
pass
pass
pass
nomatch
block
block
block
block
block
pass
pass
pass
pass
pass

40
contrib/ipfilter/test/expected/4
View File

@ -1,40 +0,0 @@
nomatch
block
nomatch
nomatch
nomatch
nomatch
pass
nomatch
nomatch
nomatch
nomatch
block
block
nomatch
nomatch
nomatch
pass
pass
nomatch
nomatch
nomatch
block
block
block
nomatch
nomatch
pass
pass
pass
nomatch
block
block
block
block
block
pass
pass
pass
pass
pass

1344
contrib/ipfilter/test/expected/5
View File

File diff suppressed because it is too large Load Diff

1344
contrib/ipfilter/test/expected/6
View File

File diff suppressed because it is too large Load Diff

54
contrib/ipfilter/test/expected/7
View File

@ -1,54 +0,0 @@
block
block
block
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
pass
pass
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block
block
block
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
pass
pass
pass

36
contrib/ipfilter/test/expected/8
View File

@ -1,36 +0,0 @@
block
nomatch
nomatch
nomatch
nomatch
nomatch
pass
nomatch
nomatch
nomatch
nomatch
nomatch
block
nomatch
block
nomatch
nomatch
nomatch
pass
nomatch
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch

108
contrib/ipfilter/test/expected/9
View File

@ -1,108 +0,0 @@
block
block
block
block
block
block
nomatch
nomatch
nomatch
pass
pass
nomatch
nomatch
nomatch
nomatch
nomatch
block
nomatch
nomatch
nomatch
nomatch
nomatch
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block
nomatch
nomatch
nomatch
nomatch
nomatch
pass
nomatch
nomatch
nomatch
nomatch
pass
pass
pass
pass
pass
pass
block
block
nomatch
nomatch
nomatch
nomatch
pass
pass
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
nomatch
block
block
nomatch

0
contrib/ipfilter/test/expected/expected.sed
View File

4
contrib/ipfilter/test/input/1
View File

@ -1,4 +0,0 @@
in 127.0.0.1 127.0.0.1
in 1.1.1.1 1.2.1.1
out 127.0.0.1 127.0.0.1
out 1.1.1.1 1.2.1.1

6
contrib/ipfilter/test/input/10
View File

@ -1,6 +0,0 @@
in 1.1.1.1 2.1.1.1 opt lsrr
in 1.1.1.1 2.1.1.1
in 1.1.1.1 2.1.1.1 opt ts
in 1.1.1.1 2.1.1.1 opt sec-class=topsecret
in 1.1.1.1 2.1.1.1 opt ssrr,sec-class=topsecret
in 1.1.1.1 2.1.1.1 opt sec

11
contrib/ipfilter/test/input/11
View File

@ -1,11 +0,0 @@
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 S
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
in on e1 tcp 2.1.2.2,23 1.1.1.1,1 A
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 F
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
in on e0 tcp 1.1.1.1,2 2.1.2.2,23 A
in on e1 udp 1.1.1.1,1 4.4.4.4,53
in on e1 udp 2.2.2.2,2 4.4.4.4,53
in on e0 udp 4.4.4.4,53 1.1.1.1,1
in on e0 udp 4.4.4.4,1023 1.1.1.1,2049
in on e0 udp 4.4.4.4,2049 1.1.1.1,1023

35
contrib/ipfilter/test/input/12
View File

@ -1,35 +0,0 @@
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF SYN
45 00 0028 0000 4000 3f 06 0000 01010101 02010101
0401 0019 00000000 00000000 50 02 2000 0000 0000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF ACK
45 00 0028 0000 4000 3f 06 0000 01010101 02010101
0401 0019 00000000 00000000 50 10 2000 0000 0000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 ACK
45 00 0028 0000 6000 3f 06 0000 01010101 02010101
0401 0019 00000000 00000000 50 10 2000 0000 0000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0
45 00 001c 0000 6000 3f 06 0000 01010101 02010101
0401 0019 00000000
# 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 ACK
45 00 001c 0000 6001 3f 06 0000 01010101 02010101
00000000 50 10 2000
# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP DF MF FO=0
45 00 0014 0000 6000 3f 11 0000 01010101 02010101
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
45 00 0018 0000 2000 3f 11 0000 01010101 02010101
0035 0035
# 1.1.1.1,1 -> 2.1.1.1,1 TTL=63 UDP MF FO=0
45 00 001c 0000 2000 3f 11 0000 01010101 02010101
0001 0001 0004 0000
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
45 00 001c 0000 2000 3f 11 0000 01010101 02010101
0035 0035 0004 0000

39
contrib/ipfilter/test/input/13
View File

@ -1,39 +0,0 @@
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,MF,FO=0 SYN
45 00 0028 0001 4000 3f 06 0000 01010101 02010101
0401 0019 00000000 00000000 50 02 2000 0000 0000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP MF ACK
45 00 0024 0002 2000 3f 06 0000 01010101 02010101
0401001900000000 0000000050102000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP FO=2 ACK
45 00 002c 0002 0002 3f 06 0000 01010101 02010101
0000000000010203 0405060708090a0b 0c0d0e0f10111213
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN
45 00 0028 0003 6000 3f 06 0000 01010101 02010101
0401 0019 00000000 00000000 50 10 2000 0000 0000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0
45 00 001c 0004 6000 3f 06 0000 01010101 02010101
0401 0019 00000000
# 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 SYN
45 00 001c 0005 6001 3f 06 0000 01010101 02010101
00000000 50 10 2000
# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP DF MF FO=0
45 00 0014 0006 6000 3f 11 0000 01010101 02010101
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
45 00 0018 0007 2000 3f 11 0000 01010101 02010101
0035 0035
# 1.1.1.1,1 -> 2.1.1.1,1 TTL=63 UDP MF FO=0
45 00 001c 0008 2000 3f 11 0000 01010101 02010101
0035003500040000
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP FO=1
45 00 001c 0008 0001 3f 11 0000 01010101 02010101
0000000000000000

5
contrib/ipfilter/test/input/14
View File

@ -1,5 +0,0 @@
in 127.0.0.1 127.0.0.1
in 1.1.1.1 1.2.1.1
in 1.1.1.2 1.2.1.1
in 1.1.2.2 1.2.1.1
in 1.2.2.2 1.2.1.1

6
contrib/ipfilter/test/input/2
View File

@ -1,6 +0,0 @@
in tcp 127.0.0.1,1 127.0.0.1,21
in tcp 1.1.1.1,1 1.2.1.1,21
in udp 127.0.0.1,1 127.0.0.1,21
in udp 1.1.1.1,1 1.2.1.1,21
in icmp 127.0.0.1 127.0.0.1
in icmp 1.1.1.1 1.2.1.1

5
contrib/ipfilter/test/input/3
View File

@ -1,5 +0,0 @@
in 127.0.0.1 127.0.0.1
in 1.1.1.1 1.2.1.1
in 1.1.1.2 1.2.1.1
in 1.1.2.2 1.2.1.1
in 1.2.2.2 1.2.1.1

5
contrib/ipfilter/test/input/4
View File

@ -1,5 +0,0 @@
in 127.0.0.1 127.0.0.1
in 1.1.1.1 1.1.1.1
in 1.1.1.1 1.1.1.2
in 1.1.1.1 1.1.2.2
in 1.1.1.1 1.2.2.2

28
contrib/ipfilter/test/input/5
View File

@ -1,28 +0,0 @@
in tcp 1.1.1.1,0 2.2.2.2,2222
in tcp 1.1.1.1,1 2.2.2.2,2222
in tcp 1.1.1.1,23 2.2.2.2,2222
in tcp 1.1.1.1,21 2.2.2.2,2222
in tcp 1.1.1.1,1023 2.2.2.2,2222
in tcp 1.1.1.1,1024 2.2.2.2,2222
in tcp 1.1.1.1,1025 2.2.2.2,2222
in tcp 1.1.1.1,32767 2.2.2.2,2222
in tcp 1.1.1.1,32768 2.2.2.2,2222
in tcp 1.1.1.1,65535 2.2.2.2,2222
in tcp 1.1.1.1,5999 2.2.2.2,2222
in tcp 1.1.1.1,6000 2.2.2.2,2222
in tcp 1.1.1.1,6009 2.2.2.2,2222
in tcp 1.1.1.1,6010 2.2.2.2,2222
in udp 1.1.1.1,0 2.2.2.2,2222
in udp 1.1.1.1,1 2.2.2.2,2222
in udp 1.1.1.1,23 2.2.2.2,2222
in udp 1.1.1.1,21 2.2.2.2,2222
in udp 1.1.1.1,1023 2.2.2.2,2222
in udp 1.1.1.1,1024 2.2.2.2,2222
in udp 1.1.1.1,1025 2.2.2.2,2222
in udp 1.1.1.1,32767 2.2.2.2,2222
in udp 1.1.1.1,32768 2.2.2.2,2222
in udp 1.1.1.1,65535 2.2.2.2,2222
in udp 1.1.1.1,5999 2.2.2.2,2222
in udp 1.1.1.1,6000 2.2.2.2,2222
in udp 1.1.1.1,6009 2.2.2.2,2222
in udp 1.1.1.1,6010 2.2.2.2,2222

28
contrib/ipfilter/test/input/6
View File

@ -1,28 +0,0 @@
in tcp 2.2.2.2,2222 1.1.1.1,0
in tcp 2.2.2.2,2222 1.1.1.1,1
in tcp 2.2.2.2,2222 1.1.1.1,23
in tcp 2.2.2.2,2222 1.1.1.1,21
in tcp 2.2.2.2,2222 1.1.1.1,1023
in tcp 2.2.2.2,2222 1.1.1.1,1024
in tcp 2.2.2.2,2222 1.1.1.1,1025
in tcp 2.2.2.2,2222 1.1.1.1,32767
in tcp 2.2.2.2,2222 1.1.1.1,32768
in tcp 2.2.2.2,2222 1.1.1.1,65535
in tcp 2.2.2.2,2222 1.1.1.1,5999
in tcp 2.2.2.2,2222 1.1.1.1,6000
in tcp 2.2.2.2,2222 1.1.1.1,6009
in tcp 2.2.2.2,2222 1.1.1.1,6010
in udp 2.2.2.2,2222 1.1.1.1,0
in udp 2.2.2.2,2222 1.1.1.1,1
in udp 2.2.2.2,2222 1.1.1.1,23
in udp 2.2.2.2,2222 1.1.1.1,21
in udp 2.2.2.2,2222 1.1.1.1,1023
in udp 2.2.2.2,2222 1.1.1.1,1024
in udp 2.2.2.2,2222 1.1.1.1,1025
in udp 2.2.2.2,2222 1.1.1.1,32767
in udp 2.2.2.2,2222 1.1.1.1,32768
in udp 2.2.2.2,2222 1.1.1.1,65535
in udp 2.2.2.2,2222 1.1.1.1,5999
in udp 2.2.2.2,2222 1.1.1.1,6000
in udp 2.2.2.2,2222 1.1.1.1,6009
in udp 2.2.2.2,2222 1.1.1.1,6010

9
contrib/ipfilter/test/input/7
View File

@ -1,9 +0,0 @@
in icmp 1.1.1.1 2.1.1.1 echo
in icmp 1.1.1.1 2.1.1.1 echo,1
in icmp 1.1.1.1 2.1.1.1 echo,3
in icmp 1.1.1.1 2.1.1.1 unreach
in icmp 1.1.1.1 2.1.1.1 unreach,1
in icmp 1.1.1.1 2.1.1.1 unreach,3
in icmp 1.1.1.1 2.1.1.1 echorep
in icmp 1.1.1.1 2.1.1.1 echorep,1
in icmp 1.1.1.1 2.1.1.1 echorep,3

6
contrib/ipfilter/test/input/8
View File

@ -1,6 +0,0 @@
in tcp 1.1.1.1,1 2.1.2.2,1 S
in tcp 1.1.1.1,1 2.1.2.2,1 SA
in tcp 1.1.1.1,1 2.1.2.2,1 SF
in tcp 1.1.1.1,1 2.1.2.2,1 SFPAUR
in tcp 1.1.1.1,1 2.1.2.2,1 PAU
in tcp 1.1.1.1,1 2.1.2.2,1 A

6
contrib/ipfilter/test/input/9
View File

@ -1,6 +0,0 @@
in 1.1.1.1 2.1.1.1 opt lsrr
in 1.1.1.1 2.1.1.1 opt lsrr,ssrr
in 1.1.1.1 2.1.1.1 opt ts
in 1.1.1.1 2.1.1.1 opt sec-class=topsecret
in 1.1.1.1 2.1.1.1 opt ssrr,sec-class=topsecret
in 1.1.1.1 2.1.1.1 opt sec

0
contrib/ipfilter/test/input/input.sed
View File

4
contrib/ipfilter/test/regress/1
View File

@ -1,4 +0,0 @@
block in all
pass in all
block out all
pass out all

18
contrib/ipfilter/test/regress/10
View File

@ -1,18 +0,0 @@
block in from any to any with not ipopts
pass in from any to any with not opt sec-class topsecret
block in from any to any with not opt ssrr,sec-class topsecret
pass in from any to any with not opt ssrr,sec-class topsecret
block in from any to any with not opt ts,sec-class topsecret
pass in from any to any with not opt ts,sec-class topsecret
block in from any to any with not opt sec-class secret
pass in from any to any with not opt sec-class secret
block in from any to any with not opt lsrr,ssrr
pass in from any to any with not opt lsrr,ssrr
pass in from any to any with not ipopts
block in from any to any with not opt lsrr
pass in from any to any with not opt lsrr
block in from any to any with not opt ssrr,ts
pass in from any to any with not opt ssrr,ts
block in from any to any with not opt rr
pass in from any to any with not opt rr
block in from any to any with not opt sec-class topsecret

6
contrib/ipfilter/test/regress/11
View File

@ -1,6 +0,0 @@
pass in proto tcp from any to any port = 23 flags S/SA keep state
block in proto tcp from any to any port = 23 flags S/SA keep state
pass in proto udp from any to any port = 53 keep frags
block in proto udp from any to any port = 53 keep frags
pass in proto udp from any to any port = 53 keep state
block in proto udp from any to any port = 53 keep state

6
contrib/ipfilter/test/regress/12
View File

@ -1,6 +0,0 @@
pass in proto tcp from any port > 1024 to any port = 25 with not short
pass in proto tcp from any port > 1024 to any port = 25
block in proto tcp from any to any with short
block in proto tcp from any to any with frag
pass in proto udp from any port = 53 to any port = 53
block in proto udp from any port = 53 to any port = 53 with not short

6
contrib/ipfilter/test/regress/13
View File

@ -1,6 +0,0 @@
pass in proto tcp from any to any port = 25 flags S/SA keep frags
block in proto tcp from any to any port = 25 flags S/SA keep frags
pass in proto udp from any to any port = 53 keep frags
block in proto udp from any to any port = 53 keep frags
pass in proto tcp from any to any port = 25 flags S/SA keep state keep frags
block in proto tcp from any to any port = 25 flags S/SA keep state keep frags

8
contrib/ipfilter/test/regress/14
View File

@ -1,8 +0,0 @@
block in from !1.1.1.1 to any
pass in from 1.1.1.1 to !any
block in from 1.1.1.1/24 to !any
pass in from !1.1.1.1/24 to any
block in from !1.1.1.1/16 to any
pass in from 1.1.1.1/16 to !any
block in from 1.1.1.1/0 to !any
pass in from !1.1.1.1/0 to any

6
contrib/ipfilter/test/regress/2
View File

@ -1,6 +0,0 @@
block in proto tcp from any to any
pass in proto tcp from any to any
block in proto udp from any to any
pass in proto udp from any to any
block in proto icmp from any to any
pass in proto icmp from any to any

8
contrib/ipfilter/test/regress/3
View File

@ -1,8 +0,0 @@
block in from 1.1.1.1 to any
pass in from 1.1.1.1 to any
block in from 1.1.1.1/24 to any
pass in from 1.1.1.1/24 to any
block in from 1.1.1.1/16 to any
pass in from 1.1.1.1/16 to any
block in from 1.1.1.1/0 to any
pass in from 1.1.1.1/0 to any

8
contrib/ipfilter/test/regress/4
View File

@ -1,8 +0,0 @@
block in from any to 1.1.1.1
pass in from any to 1.1.1.1
block in from any to 1.1.1.1/24
pass in from any to 1.1.1.1/24
block in from any to 1.1.1.1/16
pass in from any to 1.1.1.1/16
block in from any to 1.1.1.1/0
pass in from any to 1.1.1.1/0

48
contrib/ipfilter/test/regress/5
View File

@ -1,48 +0,0 @@
block in proto tcp from any port = 23 to any
block in proto udp from any port = 23 to any
block in proto tcp/udp from any port = 23 to any
pass in proto tcp from any port <= 1023 to any
pass in proto udp from any port <= 1023 to any
pass in proto tcp/udp from any port <= 1023 to any
block in proto tcp from any port >= 1024 to any
block in proto udp from any port >= 1024 to any
block in proto tcp/udp from any port >= 1024 to any
pass in proto tcp from any port >= 1024 to any
pass in proto udp from any port >= 1024 to any
pass in proto tcp/udp from any port >= 1024 to any
block in proto tcp from any port 0 >< 512 to any
block in proto udp from any port 0 >< 512 to any
block in proto tcp/udp from any port 0 >< 512 to any
pass in proto tcp from any port 0 >< 512 to any
pass in proto udp from any port 0 >< 512 to any
pass in proto tcp/udp from any port 0 >< 512 to any
block in proto tcp from any port 6000 <> 6009 to any
block in proto udp from any port 6000 <> 6009 to any
block in proto tcp/udp from any port 6000 <> 6009 to any
pass in proto tcp from any port 6000 <> 6009 to any
pass in proto udp from any port 6000 <> 6009 to any
pass in proto tcp/udp from any port 6000 <> 6009 to any
pass in proto tcp from any port = 23 to any
pass in proto udp from any port = 23 to any
pass in proto tcp/udp from any port = 23 to any
block in proto tcp from any port != 21 to any
block in proto udp from any port != 21 to any
block in proto tcp/udp from any port != 21 to any
pass in proto tcp from any port != 21 to any
pass in proto udp from any port != 21 to any
pass in proto tcp/udp from any port != 21 to any
block in proto tcp from any port < 1024 to any
block in proto udp from any port < 1024 to any
block in proto tcp/udp from any port < 1024 to any
pass in proto tcp from any port < 1024 to any
pass in proto udp from any port < 1024 to any
pass in proto tcp/udp from any port < 1024 to any
block in proto tcp from any port > 1023 to any
block in proto udp from any port > 1023 to any
block in proto tcp/udp from any port > 1023 to any
pass in proto tcp from any port > 1023 to any
pass in proto udp from any port > 1023 to any
pass in proto tcp/udp from any port > 1023 to any
block in proto tcp from any port <= 1023 to any
block in proto udp from any port <= 1023 to any
block in proto tcp/udp from any port <= 1023 to any

48
contrib/ipfilter/test/regress/6
View File

@ -1,48 +0,0 @@
block in proto tcp from any to any port = 23
block in proto udp from any to any port = 23
block in proto tcp/udp from any to any port = 23
pass in proto tcp from any to any port <= 1023
pass in proto udp from any to any port <= 1023
pass in proto tcp/udp from any to any port <= 1023
block in proto tcp from any to any port >= 1024
block in proto udp from any to any port >= 1024
block in proto tcp/udp from any to any port >= 1024
pass in proto tcp from any to any port >= 1024
pass in proto udp from any to any port >= 1024
pass in proto tcp/udp from any to any port >= 1024
block in proto tcp from any to any port 0 >< 512
block in proto udp from any to any port 0 >< 512
block in proto tcp/udp from any to any port 0 >< 512
pass in proto tcp from any to any port 0 >< 512
pass in proto udp from any to any port 0 >< 512
pass in proto tcp/udp from any to any port 0 >< 512
block in proto tcp from any to any port 6000 <> 6009
block in proto udp from any to any port 6000 <> 6009
block in proto tcp/udp from any to any port 6000 <> 6009
pass in proto tcp from any to any port 6000 <> 6009
pass in proto udp from any to any port 6000 <> 6009
pass in proto tcp/udp from any to any port 6000 <> 6009
pass in proto tcp from any to any port = 23
pass in proto udp from any to any port = 23
pass in proto tcp/udp from any to any port = 23
block in proto tcp from any to any port != 21
block in proto udp from any to any port != 21
block in proto tcp/udp from any to any port != 21
pass in proto tcp from any to any port != 21
pass in proto udp from any to any port != 21
pass in proto tcp/udp from any to any port != 21
block in proto tcp from any to any port < 1024
block in proto udp from any to any port < 1024
block in proto tcp/udp from any to any port < 1024
pass in proto tcp from any to any port < 1024
pass in proto udp from any to any port < 1024
pass in proto tcp/udp from any to any port < 1024
block in proto tcp from any to any port > 1023
block in proto udp from any to any port > 1023
block in proto tcp/udp from any to any port > 1023
pass in proto tcp from any to any port > 1023
pass in proto udp from any to any port > 1023
pass in proto tcp/udp from any to any port > 1023
block in proto tcp from any to any port <= 1023
block in proto udp from any to any port <= 1023
block in proto tcp/udp from any to any port <= 1023

6
contrib/ipfilter/test/regress/7
View File

@ -1,6 +0,0 @@
block in proto icmp from any to any icmp-type echo
pass in proto icmp from any to any icmp-type echo
block in proto icmp from any to any icmp-type unreach code 3
pass in proto icmp from any to any icmp-type unreach code 3
block in proto icmp from any to any icmp-type echorep
pass in proto icmp from any to any icmp-type echorep

6
contrib/ipfilter/test/regress/8
View File

@ -1,6 +0,0 @@
block in proto tcp from any to any flags S
pass in proto tcp from any to any flags S
block in proto tcp from any to any flags S/SA
pass in proto tcp from any to any flags S/SA
block in proto tcp from any to any flags S/APU
pass in proto tcp from any to any flags S/APU

18
contrib/ipfilter/test/regress/9
View File

@ -1,18 +0,0 @@
block in from any to any with ipopts
pass in from any to any with opt sec-class topsecret
block in from any to any with opt ssrr,sec-class topsecret
pass in from any to any with opt ssrr,sec-class topsecret
block in from any to any with opt ts,sec-class topsecret
pass in from any to any with opt ts,sec-class topsecret
block in from any to any with opt sec-class secret
pass in from any to any with opt sec-class secret
block in from any to any with opt lsrr,ssrr
pass in from any to any with opt lsrr,ssrr
pass in from any to any with ipopts
block in from any to any with opt lsrr
pass in from any to any with opt lsrr
block in from any to any with opt ssrr,ts
pass in from any to any with opt ssrr,ts
block in from any to any with opt rr
pass in from any to any with opt rr
block in from any to any with opt sec-class topsecret

0
contrib/ipfilter/test/regress/regress.sed
View File

6
contrib/ipfilter/test/test.sed
View File

@ -1,6 +0,0 @@
Ç . Ä..0þ CVSGexpected0ÇinputDG$regress

.cvsignore
!Makefile
"dotest
#hextest