This commit was generated by cvs2svn to compensate for changes in r110917,
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
commit
50d563d31c
@ -246,7 +246,7 @@ install:
|
||||
for i in ip_compat.h ip_fil.h ip_nat.h ip_state.h ip_proxy.h \
|
||||
ip_frag.h ip_auth.h; do \
|
||||
/bin/cp $(TOP)/$$i /usr/include/netinet/; \
|
||||
-$(CHMOD) 444 /usr/include/netinet/$$i; \
|
||||
$(CHMOD) 444 /usr/include/netinet/$$i; \
|
||||
done
|
||||
-if [ -d /lkm -a -f if_ipl.o ] ; then \
|
||||
cp if_ipl.o /lkm; \
|
||||
|
@ -31,6 +31,24 @@ for i in ip_fil.[ch] fil.c ip_nat.[ch] ip_frag.[ch] ip_state.[ch] ip_proxy.[ch]
|
||||
chmod 644 $ipfdir/$i
|
||||
done
|
||||
echo ""
|
||||
echo -n "Installing into /usr/include/netinet"
|
||||
for j in auth compat fil frag nat proxy state ; do
|
||||
i=ip_$j.h
|
||||
if [ -f "$i" ] ; then
|
||||
echo -n " $i"
|
||||
cp $i /usr/include/netinet/$i
|
||||
chmod 644 /usr/include/netinet/$i
|
||||
fi
|
||||
done
|
||||
for j in ipl.h; do
|
||||
if [ -f "$j" ] ; then
|
||||
echo -n " $j"
|
||||
cp $j /usr/include/netinet/$j
|
||||
chmod 644 /usr/include/netinet/$j
|
||||
fi
|
||||
done
|
||||
echo
|
||||
|
||||
if [ -f /sys/netinet/ip_fil_compat.h ] ; then
|
||||
echo "Linking /sys/netinet/ip_compat.h to /sys/netinet/ip_fil_compat.h"
|
||||
rm /sys/netinet/ip_fil_compat.h
|
||||
|
@ -5,7 +5,7 @@ To build a kernel with the IP filter, follow these seven steps:
|
||||
2. do "make install-bsd"
|
||||
(probably has to be done as root)
|
||||
|
||||
3. run "FreeBSD-4/kinstall" as root
|
||||
3. run "FreeBSD-4.0/kinstall" as root
|
||||
|
||||
4. build a new kernel
|
||||
|
||||
|
@ -22,6 +22,52 @@
|
||||
# and especially those who have found the time to port IP Filter to new
|
||||
# platforms.
|
||||
#
|
||||
3.4.31 7/12/2002 - Released
|
||||
|
||||
Solaris 10 compatibility
|
||||
|
||||
fix linking into pfil in NetBSD
|
||||
|
||||
fix IRIX 6.2 compatibility
|
||||
|
||||
add code to check consistency of fr_checkp/fr_check on non-Solaris
|
||||
|
||||
OpenBSD: missing patches for ip6_output.c on OpenBSD 3.2,
|
||||
make LKM work for 3.2 (OpenBSD LKMs now match NetBSD)
|
||||
|
||||
3.4.30 26/11/2002 - Released
|
||||
|
||||
attempt to detect using GNU make and abort if so
|
||||
|
||||
OpenBSD 3.2 patches from Stefan Hermes von GMX
|
||||
|
||||
add MSS clamping code from NetBSD
|
||||
|
||||
correctly display ipv6 output with ipfstat for (accounting) rules
|
||||
|
||||
fix problems with ioctl handling for /dev/ipauth
|
||||
|
||||
set SYN bit in rcmd fake packet to create back channel
|
||||
|
||||
make libpcap reader capable of determining in/out (not in libpcap file)
|
||||
and add more DLT types
|
||||
|
||||
do not allow redirects to localhost for Solaris in NAT parser
|
||||
|
||||
allow return-rst with auth rules
|
||||
|
||||
man page corrections
|
||||
|
||||
fix for handling ipv6 icmp errors
|
||||
|
||||
fix up ipfs command line option processing
|
||||
|
||||
only allow processing a ftp 227 response following a PASV command
|
||||
|
||||
NetBSD: use poll() and adapt to new cdevsw mechanism
|
||||
|
||||
make flushing for just ipv6 things work
|
||||
|
||||
3.4.29 28/8/2002 - Released
|
||||
|
||||
Make substantial changes to the FTP proxy to improve reliability, security
|
||||
|
@ -3,7 +3,7 @@
|
||||
#
|
||||
# See the IPFILTER.LICENCE file for details on licencing.
|
||||
#
|
||||
# $Id: Makefile,v 2.11.2.13 2002/03/06 09:43:15 darrenr Exp $
|
||||
# $Id: Makefile,v 2.11.2.15 2002/12/02 04:22:56 darrenr Exp $
|
||||
#
|
||||
BINDEST=/usr/local/bin
|
||||
SBINDEST=/sbin
|
||||
@ -91,7 +91,6 @@ all:
|
||||
@echo "bsd - compile for generic 4.4BSD systems"
|
||||
@echo "bsdi - compile for BSD/OS"
|
||||
@echo "irix - compile for SGI IRIX"
|
||||
@echo "linux - compile for Linux 2.0.31+"
|
||||
@echo ""
|
||||
|
||||
tests:
|
||||
@ -237,15 +236,15 @@ get:
|
||||
fi \
|
||||
done
|
||||
|
||||
sunos4 solaris1:
|
||||
sunos4 solaris1: null
|
||||
(cd SunOS4; make build TOP=.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
|
||||
(cd SunOS4; make -f Makefile.ipsend "CC=$(CC)" TOP=.. $(DEST) $(MFLAGS); cd ..)
|
||||
|
||||
sunos5 solaris2:
|
||||
sunos5 solaris2: null
|
||||
(cd SunOS5/$(CPUDIR); make build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Dsparc -D__sparc__"; cd ..)
|
||||
(cd SunOS5/$(CPUDIR); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
|
||||
|
||||
sunos5x86 solaris2x86:
|
||||
sunos5x86 solaris2x86: null
|
||||
(cd SunOS5/$(CPUDIR); make build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Di86pc -Di386 -D__i386__"; cd ..)
|
||||
(cd SunOS5/$(CPUDIR); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
|
||||
|
||||
@ -282,3 +281,10 @@ rcsget:
|
||||
do-cvs:
|
||||
find . -type d -name CVS -print | xargs /bin/rm -rf
|
||||
find . -type f -name .cvsignore -print | xargs /bin/rm -f
|
||||
|
||||
null:
|
||||
-@if [ "`$(MAKE) -v 2>&1 | sed -ne 's/GNU.*/GNU/p'`" = "GNU" ] ; then \
|
||||
echo 'Do not use GNU make (gmake) to compile IPFilter'; \
|
||||
exit 1; \
|
||||
fi
|
||||
-@echo make ok
|
||||
|
450
contrib/ipfilter/bpf.h
Normal file
450
contrib/ipfilter/bpf.h
Normal file
@ -0,0 +1,450 @@
|
||||
/*-
|
||||
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
*
|
||||
* This code is derived from the Stanford/CMU enet packet filter,
|
||||
* (net/enet.c) distributed as part of 4.3BSD, and code contributed
|
||||
* to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
|
||||
* Berkeley Laboratory.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by the University of
|
||||
* California, Berkeley and its contributors.
|
||||
* 4. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
|
||||
*
|
||||
* @(#) $Header: /devel/CVS/IP-Filter/Attic/bpf.h,v 1.1.2.1 2002/11/07 13:18:35 darrenr Exp $ (LBL)
|
||||
*/
|
||||
|
||||
#ifndef BPF_MAJOR_VERSION
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* BSD style release date */
|
||||
#define BPF_RELEASE 199606
|
||||
|
||||
typedef int bpf_int32;
|
||||
typedef u_int bpf_u_int32;
|
||||
|
||||
/*
|
||||
* Alignment macros. BPF_WORDALIGN rounds up to the next
|
||||
* even multiple of BPF_ALIGNMENT.
|
||||
*/
|
||||
#ifndef __NetBSD__
|
||||
#define BPF_ALIGNMENT sizeof(bpf_int32)
|
||||
#else
|
||||
#define BPF_ALIGNMENT sizeof(long)
|
||||
#endif
|
||||
#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
|
||||
|
||||
#define BPF_MAXINSNS 512
|
||||
#define BPF_MAXBUFSIZE 0x8000
|
||||
#define BPF_MINBUFSIZE 32
|
||||
|
||||
/*
|
||||
* Structure for BIOCSETF.
|
||||
*/
|
||||
struct bpf_program {
|
||||
u_int bf_len;
|
||||
struct bpf_insn *bf_insns;
|
||||
};
|
||||
|
||||
/*
|
||||
* Struct returned by BIOCGSTATS.
|
||||
*/
|
||||
struct bpf_stat {
|
||||
u_int bs_recv; /* number of packets received */
|
||||
u_int bs_drop; /* number of packets dropped */
|
||||
};
|
||||
|
||||
/*
|
||||
* Struct return by BIOCVERSION. This represents the version number of
|
||||
* the filter language described by the instruction encodings below.
|
||||
* bpf understands a program iff kernel_major == filter_major &&
|
||||
* kernel_minor >= filter_minor, that is, if the value returned by the
|
||||
* running kernel has the same major number and a minor number equal
|
||||
* equal to or less than the filter being downloaded. Otherwise, the
|
||||
* results are undefined, meaning an error may be returned or packets
|
||||
* may be accepted haphazardly.
|
||||
* It has nothing to do with the source code version.
|
||||
*/
|
||||
struct bpf_version {
|
||||
u_short bv_major;
|
||||
u_short bv_minor;
|
||||
};
|
||||
/* Current version number of filter architecture. */
|
||||
#define BPF_MAJOR_VERSION 1
|
||||
#define BPF_MINOR_VERSION 1
|
||||
|
||||
/*
|
||||
* BPF ioctls
|
||||
*
|
||||
* The first set is for compatibility with Sun's pcc style
|
||||
* header files. If your using gcc, we assume that you
|
||||
* have run fixincludes so the latter set should work.
|
||||
*/
|
||||
#if (defined(sun) || defined(ibm032)) && !defined(__GNUC__)
|
||||
#define BIOCGBLEN _IOR(B,102, u_int)
|
||||
#define BIOCSBLEN _IOWR(B,102, u_int)
|
||||
#define BIOCSETF _IOW(B,103, struct bpf_program)
|
||||
#define BIOCFLUSH _IO(B,104)
|
||||
#define BIOCPROMISC _IO(B,105)
|
||||
#define BIOCGDLT _IOR(B,106, u_int)
|
||||
#define BIOCGETIF _IOR(B,107, struct ifreq)
|
||||
#define BIOCSETIF _IOW(B,108, struct ifreq)
|
||||
#define BIOCSRTIMEOUT _IOW(B,109, struct timeval)
|
||||
#define BIOCGRTIMEOUT _IOR(B,110, struct timeval)
|
||||
#define BIOCGSTATS _IOR(B,111, struct bpf_stat)
|
||||
#define BIOCIMMEDIATE _IOW(B,112, u_int)
|
||||
#define BIOCVERSION _IOR(B,113, struct bpf_version)
|
||||
#define BIOCSTCPF _IOW(B,114, struct bpf_program)
|
||||
#define BIOCSUDPF _IOW(B,115, struct bpf_program)
|
||||
#else
|
||||
#define BIOCGBLEN _IOR('B',102, u_int)
|
||||
#define BIOCSBLEN _IOWR('B',102, u_int)
|
||||
#define BIOCSETF _IOW('B',103, struct bpf_program)
|
||||
#define BIOCFLUSH _IO('B',104)
|
||||
#define BIOCPROMISC _IO('B',105)
|
||||
#define BIOCGDLT _IOR('B',106, u_int)
|
||||
#define BIOCGETIF _IOR('B',107, struct ifreq)
|
||||
#define BIOCSETIF _IOW('B',108, struct ifreq)
|
||||
#define BIOCSRTIMEOUT _IOW('B',109, struct timeval)
|
||||
#define BIOCGRTIMEOUT _IOR('B',110, struct timeval)
|
||||
#define BIOCGSTATS _IOR('B',111, struct bpf_stat)
|
||||
#define BIOCIMMEDIATE _IOW('B',112, u_int)
|
||||
#define BIOCVERSION _IOR('B',113, struct bpf_version)
|
||||
#define BIOCSTCPF _IOW('B',114, struct bpf_program)
|
||||
#define BIOCSUDPF _IOW('B',115, struct bpf_program)
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Structure prepended to each packet.
|
||||
*/
|
||||
struct bpf_hdr {
|
||||
struct timeval bh_tstamp; /* time stamp */
|
||||
bpf_u_int32 bh_caplen; /* length of captured portion */
|
||||
bpf_u_int32 bh_datalen; /* original length of packet */
|
||||
u_short bh_hdrlen; /* length of bpf header (this struct
|
||||
plus alignment padding) */
|
||||
};
|
||||
/*
|
||||
* Because the structure above is not a multiple of 4 bytes, some compilers
|
||||
* will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work.
|
||||
* Only the kernel needs to know about it; applications use bh_hdrlen.
|
||||
*/
|
||||
#if defined(KERNEL) || defined(_KERNEL)
|
||||
#define SIZEOF_BPF_HDR 18
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Data-link level type codes.
|
||||
*/
|
||||
|
||||
/*
|
||||
* These are the types that are the same on all platforms; on other
|
||||
* platforms, a <net/bpf.h> should be supplied that defines the additional
|
||||
* DLT_* codes appropriately for that platform (the BSDs, for example,
|
||||
* should not just pick up this version of "bpf.h"; they should also define
|
||||
* the additional DLT_* codes used by their kernels, as well as the values
|
||||
* defined here - and, if the values they use for particular DLT_ types
|
||||
* differ from those here, they should use their values, not the ones
|
||||
* here).
|
||||
*/
|
||||
#define DLT_NULL 0 /* no link-layer encapsulation */
|
||||
#define DLT_EN10MB 1 /* Ethernet (10Mb) */
|
||||
#define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */
|
||||
#define DLT_AX25 3 /* Amateur Radio AX.25 */
|
||||
#define DLT_PRONET 4 /* Proteon ProNET Token Ring */
|
||||
#define DLT_CHAOS 5 /* Chaos */
|
||||
#define DLT_IEEE802 6 /* IEEE 802 Networks */
|
||||
#define DLT_ARCNET 7 /* ARCNET */
|
||||
#define DLT_SLIP 8 /* Serial Line IP */
|
||||
#define DLT_PPP 9 /* Point-to-point Protocol */
|
||||
#define DLT_FDDI 10 /* FDDI */
|
||||
|
||||
/*
|
||||
* These are values from the traditional libpcap "bpf.h".
|
||||
* Ports of this to particular platforms should replace these definitions
|
||||
* with the ones appropriate to that platform, if the values are
|
||||
* different on that platform.
|
||||
*/
|
||||
#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
|
||||
#define DLT_RAW 12 /* raw IP */
|
||||
|
||||
/*
|
||||
* These are values from BSD/OS's "bpf.h".
|
||||
* These are not the same as the values from the traditional libpcap
|
||||
* "bpf.h"; however, these values shouldn't be generated by any
|
||||
* OS other than BSD/OS, so the correct values to use here are the
|
||||
* BSD/OS values.
|
||||
*
|
||||
* Platforms that have already assigned these values to other
|
||||
* DLT_ codes, however, should give these codes the values
|
||||
* from that platform, so that programs that use these codes will
|
||||
* continue to compile - even though they won't correctly read
|
||||
* files of these types.
|
||||
*/
|
||||
#ifdef __NetBSD__
|
||||
#ifndef DLT_SLIP_BSDOS
|
||||
#define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */
|
||||
#define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */
|
||||
#endif
|
||||
#else
|
||||
#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */
|
||||
#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
|
||||
#endif
|
||||
|
||||
#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
|
||||
|
||||
/*
|
||||
* These values are defined by NetBSD; other platforms should refrain from
|
||||
* using them for other purposes, so that NetBSD savefiles with link
|
||||
* types of 50 or 51 can be read as this type on all platforms.
|
||||
*/
|
||||
#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */
|
||||
#define DLT_PPP_ETHER 51 /* PPP over Ethernet */
|
||||
|
||||
/*
|
||||
* Values between 100 and 103 are used in capture file headers as
|
||||
* link-layer types corresponding to DLT_ types that differ
|
||||
* between platforms; don't use those values for new DLT_ new types.
|
||||
*/
|
||||
|
||||
/*
|
||||
* This value was defined by libpcap 0.5; platforms that have defined
|
||||
* it with a different value should define it here with that value -
|
||||
* a link type of 104 in a save file will be mapped to DLT_C_HDLC,
|
||||
* whatever value that happens to be, so programs will correctly
|
||||
* handle files with that link type regardless of the value of
|
||||
* DLT_C_HDLC.
|
||||
*
|
||||
* The name DLT_C_HDLC was used by BSD/OS; we use that name for source
|
||||
* compatibility with programs written for BSD/OS.
|
||||
*
|
||||
* libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
|
||||
* for source compatibility with programs written for libpcap 0.5.
|
||||
*/
|
||||
#define DLT_C_HDLC 104 /* Cisco HDLC */
|
||||
#define DLT_CHDLC DLT_C_HDLC
|
||||
|
||||
#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
|
||||
|
||||
/*
|
||||
* Values between 106 and 107 are used in capture file headers as
|
||||
* link-layer types corresponding to DLT_ types that might differ
|
||||
* between platforms; don't use those values for new DLT_ new types.
|
||||
*/
|
||||
|
||||
/*
|
||||
* OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
|
||||
* that the AF_ type in the link-layer header is in network byte order.
|
||||
*
|
||||
* OpenBSD defines it as 12, but that collides with DLT_RAW, so we
|
||||
* define it as 108 here. If OpenBSD picks up this file, it should
|
||||
* define DLT_LOOP as 12 in its version, as per the comment above -
|
||||
* and should not use 108 as a DLT_ value.
|
||||
*/
|
||||
#define DLT_LOOP 108
|
||||
|
||||
/*
|
||||
* Values between 109 and 112 are used in capture file headers as
|
||||
* link-layer types corresponding to DLT_ types that might differ
|
||||
* between platforms; don't use those values for new DLT_ types
|
||||
* other than the corresponding DLT_ types.
|
||||
*/
|
||||
|
||||
/*
|
||||
* This is for Linux cooked sockets.
|
||||
*/
|
||||
#define DLT_LINUX_SLL 113
|
||||
|
||||
/*
|
||||
* Apple LocalTalk hardware.
|
||||
*/
|
||||
#define DLT_LTALK 114
|
||||
|
||||
/*
|
||||
* Acorn Econet.
|
||||
*/
|
||||
#define DLT_ECONET 115
|
||||
|
||||
/*
|
||||
* Reserved for use with OpenBSD ipfilter.
|
||||
*/
|
||||
#define DLT_IPFILTER 116
|
||||
|
||||
/*
|
||||
* Reserved for use in capture-file headers as a link-layer type
|
||||
* corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD,
|
||||
* but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it
|
||||
* in capture-file headers.
|
||||
*/
|
||||
#define DLT_PFLOG 117
|
||||
|
||||
/*
|
||||
* Registered for Cisco-internal use.
|
||||
*/
|
||||
#define DLT_CISCO_IOS 118
|
||||
|
||||
/*
|
||||
* Reserved for 802.11 cards using the Prism II chips, with a link-layer
|
||||
* header including Prism monitor mode information plus an 802.11
|
||||
* header.
|
||||
*/
|
||||
#define DLT_PRISM_HEADER 119
|
||||
|
||||
/*
|
||||
* Reserved for Aironet 802.11 cards, with an Aironet link-layer header
|
||||
* (see Doug Ambrisko's FreeBSD patches).
|
||||
*/
|
||||
#define DLT_AIRONET_HEADER 120
|
||||
|
||||
/*
|
||||
* Reserved for Siemens HiPath HDLC.
|
||||
*/
|
||||
#define DLT_HHDLC 121
|
||||
|
||||
/*
|
||||
* Reserved for RFC 2625 IP-over-Fibre Channel, as per a request from
|
||||
* Don Lee <donlee@cray.com>.
|
||||
*
|
||||
* This is not for use with raw Fibre Channel, where the link-layer
|
||||
* header starts with a Fibre Channel frame header; it's for IP-over-FC,
|
||||
* where the link-layer header starts with an RFC 2625 Network_Header
|
||||
* field.
|
||||
*/
|
||||
#define DLT_IP_OVER_FC 122
|
||||
|
||||
/*
|
||||
* The instruction encodings.
|
||||
*/
|
||||
/* instruction classes */
|
||||
#define BPF_CLASS(code) ((code) & 0x07)
|
||||
#define BPF_LD 0x00
|
||||
#define BPF_LDX 0x01
|
||||
#define BPF_ST 0x02
|
||||
#define BPF_STX 0x03
|
||||
#define BPF_ALU 0x04
|
||||
#define BPF_JMP 0x05
|
||||
#define BPF_RET 0x06
|
||||
#define BPF_MISC 0x07
|
||||
|
||||
/* ld/ldx fields */
|
||||
#define BPF_SIZE(code) ((code) & 0x18)
|
||||
#define BPF_W 0x00
|
||||
#define BPF_H 0x08
|
||||
#define BPF_B 0x10
|
||||
#define BPF_MODE(code) ((code) & 0xe0)
|
||||
#define BPF_IMM 0x00
|
||||
#define BPF_ABS 0x20
|
||||
#define BPF_IND 0x40
|
||||
#define BPF_MEM 0x60
|
||||
#define BPF_LEN 0x80
|
||||
#define BPF_MSH 0xa0
|
||||
|
||||
/* alu/jmp fields */
|
||||
#define BPF_OP(code) ((code) & 0xf0)
|
||||
#define BPF_ADD 0x00
|
||||
#define BPF_SUB 0x10
|
||||
#define BPF_MUL 0x20
|
||||
#define BPF_DIV 0x30
|
||||
#define BPF_OR 0x40
|
||||
#define BPF_AND 0x50
|
||||
#define BPF_LSH 0x60
|
||||
#define BPF_RSH 0x70
|
||||
#define BPF_NEG 0x80
|
||||
#define BPF_JA 0x00
|
||||
#define BPF_JEQ 0x10
|
||||
#define BPF_JGT 0x20
|
||||
#define BPF_JGE 0x30
|
||||
#define BPF_JSET 0x40
|
||||
#define BPF_SRC(code) ((code) & 0x08)
|
||||
#define BPF_K 0x00
|
||||
#define BPF_X 0x08
|
||||
|
||||
/* ret - BPF_K and BPF_X also apply */
|
||||
#define BPF_RVAL(code) ((code) & 0x18)
|
||||
#define BPF_A 0x10
|
||||
|
||||
/* misc */
|
||||
#define BPF_MISCOP(code) ((code) & 0xf8)
|
||||
#define BPF_TAX 0x00
|
||||
#define BPF_TXA 0x80
|
||||
|
||||
/*
|
||||
* The instruction data structure.
|
||||
*/
|
||||
struct bpf_insn {
|
||||
u_short code;
|
||||
u_char jt;
|
||||
u_char jf;
|
||||
bpf_int32 k;
|
||||
};
|
||||
|
||||
/*
|
||||
* Macros for insn array initializers.
|
||||
*/
|
||||
#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
|
||||
#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
|
||||
|
||||
#if defined(BSD) && (defined(KERNEL) || defined(_KERNEL))
|
||||
/*
|
||||
* Systems based on non-BSD kernels don't have ifnet's (or they don't mean
|
||||
* anything if it is in <net/if.h>) and won't work like this.
|
||||
*/
|
||||
# if __STDC__
|
||||
extern void bpf_tap(struct ifnet *, u_char *, u_int);
|
||||
extern void bpf_mtap(struct ifnet *, struct mbuf *);
|
||||
extern void bpfattach(struct ifnet *, u_int, u_int);
|
||||
extern void bpfilterattach(int);
|
||||
# else
|
||||
extern void bpf_tap();
|
||||
extern void bpf_mtap();
|
||||
extern void bpfattach();
|
||||
extern void bpfilterattach();
|
||||
# endif /* __STDC__ */
|
||||
#endif /* BSD && (_KERNEL || KERNEL) */
|
||||
#if __STDC__ || defined(__cplusplus)
|
||||
extern int bpf_validate(struct bpf_insn *, int);
|
||||
extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
|
||||
#else
|
||||
extern int bpf_validate();
|
||||
extern u_int bpf_filter();
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
|
||||
*/
|
||||
#define BPF_MEMWORDS 16
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <sys/types.h>
|
||||
|
@ -12,7 +12,7 @@
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -32,8 +32,13 @@
|
||||
(!defined(__FreeBSD_version) || (__FreeBSD_version < 430000))
|
||||
# undef STATETOP
|
||||
# endif
|
||||
# if defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105000000)
|
||||
# undef STATETOP
|
||||
# if defined(__NetBSD_Version__)
|
||||
# if (__NetBSD_Version__ < 105000000)
|
||||
# undef STATETOP
|
||||
# else
|
||||
# include <poll.h>
|
||||
# define USE_POLL
|
||||
# endif
|
||||
# endif
|
||||
# if defined(sun)
|
||||
# if defined(__svr4__) || defined(__SVR4)
|
||||
@ -94,7 +99,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.36 2002/06/27 14:29:16 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.40 2002/12/06 11:40:20 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
extern char *optarg;
|
||||
@ -104,7 +109,8 @@ extern int optind;
|
||||
#define FPRINTF (void)fprintf
|
||||
#define F_IN 0
|
||||
#define F_OUT 1
|
||||
#define F_AC 2
|
||||
#define F_ACIN 2
|
||||
#define F_ACOUT 3
|
||||
static char *filters[4] = { "ipfilter(in)", "ipfilter(out)",
|
||||
"ipacct(in)", "ipacct(out)" };
|
||||
|
||||
@ -773,13 +779,22 @@ struct friostat *fiop;
|
||||
if (opts & OPT_INACTIVE)
|
||||
set = 1 - set;
|
||||
if (opts & OPT_ACCNT) {
|
||||
i = F_AC;
|
||||
#ifdef USE_INET6
|
||||
if ((use_inet6) && (opts & OPT_OUTQUE)) {
|
||||
i = F_ACOUT;
|
||||
fp = (struct frentry *)fiop->f_acctout6[set];
|
||||
} else if ((use_inet6) && (opts & OPT_INQUE)) {
|
||||
i = F_ACIN;
|
||||
fp = (struct frentry *)fiop->f_acctin6[set];
|
||||
} else
|
||||
#endif
|
||||
if (opts & OPT_OUTQUE) {
|
||||
i = F_ACOUT;
|
||||
fp = (struct frentry *)fiop->f_acctout[set];
|
||||
i++;
|
||||
} else if (opts & OPT_INQUE)
|
||||
} else if (opts & OPT_INQUE) {
|
||||
i = F_ACIN;
|
||||
fp = (struct frentry *)fiop->f_acctin[set];
|
||||
else {
|
||||
} else {
|
||||
FPRINTF(stderr, "No -i or -o given with -a\n");
|
||||
return;
|
||||
}
|
||||
@ -807,7 +822,7 @@ struct friostat *fiop;
|
||||
|
||||
if (opts & OPT_VERBOSE)
|
||||
PRINTF("fp %p set %d\n", fp, set);
|
||||
if (!fp) {
|
||||
if (fp == NULL) {
|
||||
FPRINTF(stderr, "empty list for %s%s\n",
|
||||
(opts & OPT_INACTIVE) ? "inactive " : "", filters[i]);
|
||||
return;
|
||||
@ -915,12 +930,16 @@ int topclosed;
|
||||
ipstate_t *istab[IPSTATE_SIZE], ips;
|
||||
ips_stat_t ipsst, *ipsstp = &ipsst;
|
||||
statetop_t *tstable = NULL, *tp;
|
||||
struct timeval selecttimeout;
|
||||
char hostnm[HOSTNMLEN];
|
||||
struct protoent *proto;
|
||||
fd_set readfd;
|
||||
int c = 0;
|
||||
time_t t;
|
||||
#ifdef USE_POLL
|
||||
struct pollfd set[1];
|
||||
#else
|
||||
struct timeval selecttimeout;
|
||||
fd_set readfd;
|
||||
#endif
|
||||
|
||||
/* open state device */
|
||||
if ((sfd = open(IPL_STATE, O_RDONLY)) == -1) {
|
||||
@ -1188,6 +1207,14 @@ int topclosed;
|
||||
}
|
||||
|
||||
/* wait for key press or a 1 second time out period */
|
||||
#ifdef USE_POLL
|
||||
set[0].fd = 0;
|
||||
set[0].events = POLLIN;
|
||||
poll(set, 1, refreshtime * 1000);
|
||||
|
||||
/* if key pressed, read all waiting keys */
|
||||
if (set[0].revents & POLLIN)
|
||||
#else
|
||||
selecttimeout.tv_sec = refreshtime;
|
||||
selecttimeout.tv_usec = 0;
|
||||
FD_ZERO(&readfd);
|
||||
@ -1195,7 +1222,10 @@ int topclosed;
|
||||
select(1, &readfd, NULL, NULL, &selecttimeout);
|
||||
|
||||
/* if key pressed, read all waiting keys */
|
||||
if (FD_ISSET(0, &readfd)) {
|
||||
if (FD_ISSET(0, &readfd))
|
||||
#endif
|
||||
|
||||
{
|
||||
c = wgetch(stdscr);
|
||||
if (c == ERR)
|
||||
continue;
|
||||
|
@ -4,7 +4,7 @@
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#if !defined(lint)
|
||||
static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.4 2002/03/06 09:44:11 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.5 2002/10/03 13:47:19 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#if defined(KERNEL) && !defined(_KERNEL)
|
||||
@ -327,15 +327,6 @@ int iplioctl(dev_t dev, int cmd, caddr_t data, int mode)
|
||||
error = IWCOPYPTR((caddr_t)ipfr_fragstats(), data,
|
||||
sizeof(ipfrstat_t));
|
||||
break;
|
||||
case SIOCAUTHW :
|
||||
case SIOCAUTHR :
|
||||
if (!(mode & FWRITE)) {
|
||||
error = EPERM;
|
||||
break;
|
||||
}
|
||||
case SIOCATHST :
|
||||
error = fr_auth_ioctl(data, mode, cmd, NULL, NULL);
|
||||
break;
|
||||
case SIOCFRSYN :
|
||||
if (!(mode & FWRITE))
|
||||
error = EPERM;
|
||||
|
@ -7,7 +7,7 @@
|
||||
*/
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.20 2002/08/28 12:42:44 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.24 2002/12/06 11:42:22 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -88,8 +88,8 @@ int ipldetach()
|
||||
for (i = IPL_LOGMAX; i >= 0; i--)
|
||||
ipflog_clear(i);
|
||||
#endif
|
||||
i = frflush(IPL_LOGIPF, FR_INQUE|FR_OUTQUE|FR_INACTIVE);
|
||||
i += frflush(IPL_LOGIPF, FR_INQUE|FR_OUTQUE);
|
||||
i = frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE);
|
||||
i += frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE);
|
||||
ipfr_unload();
|
||||
fr_stateunload();
|
||||
ip_natunload();
|
||||
@ -226,7 +226,16 @@ int *rp;
|
||||
return error;
|
||||
}
|
||||
if (unit == IPL_LOGAUTH) {
|
||||
error = fr_auth_ioctl((caddr_t)data, mode, cmd, NULL, NULL);
|
||||
if ((cmd == SIOCADAFR) || (cmd == SIOCRMAFR)) {
|
||||
if (!(mode & FWRITE)) {
|
||||
error = EPERM;
|
||||
} else {
|
||||
error = frrequest(unit, cmd, (caddr_t)data,
|
||||
fr_active);
|
||||
}
|
||||
} else {
|
||||
error = fr_auth_ioctl((caddr_t)data, mode, cmd);
|
||||
}
|
||||
RWLOCK_EXIT(&ipf_solaris);
|
||||
return error;
|
||||
}
|
||||
@ -316,7 +325,7 @@ int *rp;
|
||||
error = IRCOPY((caddr_t)data, (caddr_t)&tmp,
|
||||
sizeof(tmp));
|
||||
if (!error) {
|
||||
tmp = frflush(unit, tmp);
|
||||
tmp = frflush(unit, 4, tmp);
|
||||
error = IWCOPY((caddr_t)&tmp, (caddr_t)data,
|
||||
sizeof(tmp));
|
||||
if (error)
|
||||
@ -324,6 +333,23 @@ int *rp;
|
||||
}
|
||||
}
|
||||
break;
|
||||
#ifdef USE_INET6
|
||||
case SIOCIPFL6 :
|
||||
if (!(mode & FWRITE))
|
||||
error = EPERM;
|
||||
else {
|
||||
error = IRCOPY((caddr_t)data, (caddr_t)&tmp,
|
||||
sizeof(tmp));
|
||||
if (!error) {
|
||||
tmp = frflush(unit, 6, tmp);
|
||||
error = IWCOPY((caddr_t)&tmp, (caddr_t)data,
|
||||
sizeof(tmp));
|
||||
if (error)
|
||||
error = EFAULT;
|
||||
}
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
case SIOCSTLCK :
|
||||
error = IRCOPY((caddr_t)data, (caddr_t)&tmp, sizeof(tmp));
|
||||
if (!error) {
|
||||
@ -383,6 +409,9 @@ int v;
|
||||
{
|
||||
size_t len = strlen(name) + 1; /* includes \0 */
|
||||
ill_t *il;
|
||||
#if SOLARIS2 >= 10
|
||||
ill_walk_context_t ctx;
|
||||
#endif
|
||||
int sap;
|
||||
|
||||
if (v == 4)
|
||||
@ -391,7 +420,11 @@ int v;
|
||||
sap = 0x86dd;
|
||||
else
|
||||
return NULL;
|
||||
#if SOLARIS2 >= 10
|
||||
for (il = ILL_START_WALK_ALL(&ctx); il; il = ill_next(&ctx, il))
|
||||
#else
|
||||
for (il = ill_g_head; il; il = il->ill_next)
|
||||
#endif
|
||||
if ((len == il->ill_name_length) && (il->ill_sap == sap) &&
|
||||
!strncmp(il->ill_name, name, len))
|
||||
return il;
|
||||
@ -614,6 +647,9 @@ caddr_t data;
|
||||
}
|
||||
if (fg && fg->fg_head)
|
||||
fg->fg_head->fr_ref--;
|
||||
if (unit == IPL_LOGAUTH) {
|
||||
return fr_preauthcmd(req, f, ftail);
|
||||
}
|
||||
if (f->fr_grhead)
|
||||
fr_delgroup(f->fr_grhead, fp->fr_flags,
|
||||
unit, set);
|
||||
@ -628,6 +664,9 @@ caddr_t data;
|
||||
if (f) {
|
||||
error = EEXIST;
|
||||
} else {
|
||||
if (unit == IPL_LOGAUTH) {
|
||||
return fr_preauthcmd(req, fp, ftail);
|
||||
}
|
||||
KMALLOC(f, frentry_t *);
|
||||
if (f != NULL) {
|
||||
if (fg && fg->fg_head)
|
||||
|
@ -12,7 +12,7 @@
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -50,7 +50,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.17 2002/06/27 14:29:17 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.19 2002/12/06 11:41:13 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#if SOLARIS
|
||||
@ -440,9 +440,15 @@ char *arg;
|
||||
rem = fl;
|
||||
|
||||
closedevice();
|
||||
if (opendevice(IPL_STATE) != -2 &&
|
||||
ioctl(fd, SIOCIPFFL, &fl) == -1)
|
||||
perror("ioctl(SIOCIPFFL)");
|
||||
if (opendevice(IPL_STATE) != -2) {
|
||||
if (use_inet6) {
|
||||
if (ioctl(fd, SIOCIPFL6, &fl) == -1)
|
||||
perror("ioctl(SIOCIPFL6)");
|
||||
} else {
|
||||
if (ioctl(fd, SIOCIPFFL, &fl) == -1)
|
||||
perror("ioctl(SIOCIPFFL)");
|
||||
}
|
||||
}
|
||||
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
|
||||
printf("remove flags %s (%d)\n", arg, rem);
|
||||
printf("removed %d filter rules\n", fl);
|
||||
@ -459,8 +465,15 @@ char *arg;
|
||||
fl |= (opts & FR_INACTIVE);
|
||||
rem = fl;
|
||||
|
||||
if (opendevice(ipfname) != -2 && ioctl(fd, SIOCIPFFL, &fl) == -1)
|
||||
perror("ioctl(SIOCIPFFL)");
|
||||
if (opendevice(ipfname) != -2) {
|
||||
if (use_inet6) {
|
||||
if (ioctl(fd, SIOCIPFL6, &fl) == -1)
|
||||
perror("ioctl(SIOCIPFL6)");
|
||||
} else {
|
||||
if (ioctl(fd, SIOCIPFFL, &fl) == -1)
|
||||
perror("ioctl(SIOCIPFFL)");
|
||||
}
|
||||
}
|
||||
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
|
||||
printf("remove flags %s%s (%d)\n", (rem & FR_INQUE) ? "I" : "",
|
||||
(rem & FR_OUTQUE) ? "O" : "", rem);
|
||||
|
@ -45,7 +45,7 @@
|
||||
#include "ipf.h"
|
||||
|
||||
#if !defined(lint)
|
||||
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.11 2002/06/04 14:44:05 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.12 2002/09/26 12:25:19 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#ifndef IPF_SAVEDIR
|
||||
@ -77,19 +77,25 @@ int setlock __P((int, int));
|
||||
int writeall __P((char *));
|
||||
int readall __P((char *));
|
||||
int writenat __P((int, char *));
|
||||
char *concat __P((char *, char *));
|
||||
|
||||
int opts = 0;
|
||||
|
||||
|
||||
void usage()
|
||||
{
|
||||
fprintf(stderr, "usage: ipfs [-nv] -l\n");
|
||||
fprintf(stderr, "usage: ipfs [-nv] -u\n");
|
||||
fprintf(stderr, "usage: ipfs [-nv] [-d <dir>] -R\n");
|
||||
fprintf(stderr, "usage: ipfs [-nv] [-d <dir>] -W\n");
|
||||
fprintf(stderr, "usage: ipfs [-nNSv] [-f <file>] -r\n");
|
||||
fprintf(stderr, "usage: ipfs [-nNSv] [-f <file>] -w\n");
|
||||
fprintf(stderr, "usage: ipfs [-nNSv] -f <filename> -i <if1>,<if2>\n");
|
||||
fprintf(stderr, "\
|
||||
usage: ipfs [-nv] -l\n\
|
||||
usage: ipfs [-nv] -u\n\
|
||||
usage: ipfs [-nv] [-d <dir>] -R\n\
|
||||
usage: ipfs [-nv] [-d <dir>] -W\n\
|
||||
usage: ipfs [-nv] -N [-f <file> | -d <dir>] -r\n\
|
||||
usage: ipfs [-nv] -S [-f <file> | -d <dir>] -r\n\
|
||||
usage: ipfs [-nv] -N [-f <file> | -d <dir>] -w\n\
|
||||
usage: ipfs [-nv] -S [-f <file> | -d <dir>] -w\n\
|
||||
usage: ipfs [-nv] -N [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
|
||||
usage: ipfs [-nv] -S [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
|
||||
");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@ -218,7 +224,7 @@ char *argv[];
|
||||
usage();
|
||||
break;
|
||||
case 'f' :
|
||||
if ((set == 0) && !dirname && !filename)
|
||||
if ((set == 1) && !dirname && !filename && !(rw & 2))
|
||||
filename = optarg;
|
||||
else
|
||||
usage();
|
||||
@ -243,12 +249,14 @@ char *argv[];
|
||||
set = 1;
|
||||
break;
|
||||
case 'r' :
|
||||
if ((ns >= 0) || dirname || (rw != -1))
|
||||
if (dirname || (rw != -1) || (ns == -1))
|
||||
usage();
|
||||
rw = 0;
|
||||
set = 1;
|
||||
break;
|
||||
case 'R' :
|
||||
if (filename || (ns != -1))
|
||||
usage();
|
||||
rw = 2;
|
||||
set = 1;
|
||||
break;
|
||||
@ -274,14 +282,31 @@ char *argv[];
|
||||
set = 1;
|
||||
break;
|
||||
case 'W' :
|
||||
if (filename || (ns != -1))
|
||||
usage();
|
||||
rw = 3;
|
||||
set = 1;
|
||||
break;
|
||||
case '?' :
|
||||
default :
|
||||
usage();
|
||||
}
|
||||
|
||||
if (filename == NULL) {
|
||||
if (ns == 0) {
|
||||
if (dirname == NULL)
|
||||
dirname = IPF_SAVEDIR;
|
||||
if (dirname[strlen(dirname) - 1] != '/')
|
||||
dirname = concat(dirname, "/");
|
||||
filename = concat(dirname, IPF_NATFILE);
|
||||
} else if (ns == 1) {
|
||||
if (dirname == NULL)
|
||||
dirname = IPF_SAVEDIR;
|
||||
if (dirname[strlen(dirname) - 1] != '/')
|
||||
dirname = concat(dirname, "/");
|
||||
filename = concat(dirname, IPF_STATEFILE);
|
||||
}
|
||||
}
|
||||
|
||||
if (ifs) {
|
||||
if (!filename || ns < 0)
|
||||
usage();
|
||||
@ -331,6 +356,20 @@ char *argv[];
|
||||
}
|
||||
|
||||
|
||||
char *concat(base, append)
|
||||
char *base, *append;
|
||||
{
|
||||
char *str;
|
||||
|
||||
str = malloc(strlen(base) + strlen(append) + 1);
|
||||
if (str != NULL) {
|
||||
strcpy(str, base);
|
||||
strcat(str, append);
|
||||
}
|
||||
return str;
|
||||
}
|
||||
|
||||
|
||||
int opendevice(ipfdev)
|
||||
char *ipfdev;
|
||||
{
|
||||
|
@ -17,7 +17,7 @@ etherfind -n -t
|
||||
0.32 91 04 131.170.1.10 128.250.133.13
|
||||
0.33 566 udp 128.250.37.155 128.250.133.3 901 901
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -52,7 +52,7 @@ etherfind -n -t
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2.2.3 2002/06/27 14:29:17 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2.2.4 2002/12/06 11:40:25 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
static int etherf_open __P((char *));
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -43,7 +43,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 2.2.2.5 2002/02/22 15:32:54 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 2.2.2.6 2002/12/06 11:40:25 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
extern int opts;
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -31,13 +31,15 @@
|
||||
#include <netinet/tcpip.h>
|
||||
#include "ipf.h"
|
||||
#include "pcap.h"
|
||||
#include "bpf.h"
|
||||
#include "ipt.h"
|
||||
|
||||
#if !defined(lint)
|
||||
static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 2.2.2.3 2002/02/22 15:32:54 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 2.2.2.5 2002/12/06 11:40:25 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
struct llc {
|
||||
int lc_type;
|
||||
int lc_sz; /* LLC header length */
|
||||
int lc_to; /* LLC Type offset */
|
||||
int lc_tl; /* LLC Type length */
|
||||
@ -47,23 +49,48 @@ struct llc {
|
||||
* While many of these maybe the same, some do have different header formats
|
||||
* which make this useful.
|
||||
*/
|
||||
#define DLT_MAX 14
|
||||
|
||||
static struct llc llcs[DLT_MAX+1] = {
|
||||
{ 0, 0, 0 }, /* DLT_NULL */
|
||||
{ 14, 12, 2 }, /* DLT_E10MB */
|
||||
{ 0, 0, 0 }, /* DLT_EN3MB */
|
||||
{ 0, 0, 0 }, /* DLT_AX25 */
|
||||
{ 0, 0, 0 }, /* DLT_PRONET */
|
||||
{ 0, 0, 0 }, /* DLT_CHAOS */
|
||||
{ 0, 0, 0 }, /* DLT_IEEE802 */
|
||||
{ 0, 0, 0 }, /* DLT_ARCNET */
|
||||
{ 0, 0, 0 }, /* DLT_SLIP */
|
||||
{ 0, 0, 0 }, /* DLT_PPP */
|
||||
{ 0, 0, 0 }, /* DLT_FDDI */
|
||||
{ 0, 0, 0 }, /* DLT_ATMRFC1483 */
|
||||
{ 0, 0, 0 }, /* DLT_LOOP */
|
||||
{ 0, 0, 0 } /* DLT_ENC */
|
||||
static struct llc llcs[] = {
|
||||
{ DLT_NULL, 0, 0, 0 },
|
||||
{ DLT_EN10MB, 14, 12, 2 },
|
||||
{ DLT_EN3MB, 0, 0, 0 },
|
||||
{ DLT_AX25, 0, 0, 0 },
|
||||
{ DLT_PRONET, 0, 0, 0 },
|
||||
{ DLT_CHAOS, 0, 0, 0 },
|
||||
{ DLT_IEEE802, 0, 0, 0 },
|
||||
{ DLT_ARCNET, 0, 0, 0 },
|
||||
{ DLT_SLIP, 0, 0, 0 },
|
||||
{ DLT_PPP, 0, 0, 0 },
|
||||
{ DLT_FDDI, 0, 0, 0 },
|
||||
#ifdef DLT_ATMRFC1483
|
||||
{ DLT_ATMRFC1483, 0, 0, 0 },
|
||||
#endif
|
||||
{ DLT_RAW, 0, 0, 0 },
|
||||
#ifdef DLT_ENC
|
||||
{ DLT_ENC, 0, 0, 0 },
|
||||
#endif
|
||||
#ifdef DLT_SLIP_BSDOS
|
||||
{ DLT_SLIP_BSDOS, 0, 0, 0 },
|
||||
#endif
|
||||
#ifdef DLT_PPP_BSDOS
|
||||
{ DLT_PPP_BSDOS, 0, 0, 0 },
|
||||
#endif
|
||||
#ifdef DLT_HIPPI
|
||||
{ DLT_HIPPI, 0, 0, 0 },
|
||||
#endif
|
||||
#ifdef DLT_HDLC
|
||||
{ DLT_HDLC, 0, 0, 0 },
|
||||
#endif
|
||||
#ifdef DLT_PPP_SERIAL
|
||||
{ DLT_PPP_SERIAL, 4, 4, 0 },
|
||||
#endif
|
||||
#ifdef DLT_PPP_ETHER
|
||||
{ DLT_PPP_ETHER, 8, 8, 0 },
|
||||
#endif
|
||||
#ifdef DLT_ECONET
|
||||
{ DLT_ECONET, 0, 0, 0 },
|
||||
#endif
|
||||
{ -1, -1, -1, -1 }
|
||||
};
|
||||
|
||||
static int pcap_open __P((char *));
|
||||
@ -73,6 +100,7 @@ static void swap_hdr __P((pcaphdr_t *));
|
||||
static int pcap_read_rec __P((struct pcap_pkthdr *));
|
||||
|
||||
static int pfd = -1, s_type = -1, swapped = 0;
|
||||
static struct llc *llcp = NULL;
|
||||
|
||||
struct ipread pcap = { pcap_open, pcap_close, pcap_readip };
|
||||
|
||||
@ -96,7 +124,7 @@ static int pcap_open(fname)
|
||||
char *fname;
|
||||
{
|
||||
pcaphdr_t ph;
|
||||
int fd;
|
||||
int fd, i;
|
||||
|
||||
if (pfd != -1)
|
||||
return pfd;
|
||||
@ -118,7 +146,18 @@ char *fname;
|
||||
swap_hdr(&ph);
|
||||
}
|
||||
|
||||
if (ph.pc_v_maj != PCAP_VERSION_MAJ || ph.pc_type >= DLT_MAX) {
|
||||
if (ph.pc_v_maj != PCAP_VERSION_MAJ) {
|
||||
(void) close(fd);
|
||||
return -2;
|
||||
}
|
||||
|
||||
for (i = 0; llcs[i].lc_type != -1; i++)
|
||||
if (llcs[i].lc_type == ph.pc_type) {
|
||||
llcp = llcs + i;
|
||||
break;
|
||||
}
|
||||
|
||||
if (llcp == NULL) {
|
||||
(void) close(fd);
|
||||
return -2;
|
||||
}
|
||||
@ -210,7 +249,9 @@ int cnt, *dir;
|
||||
char *s, ty[4];
|
||||
int i, n;
|
||||
|
||||
do {
|
||||
l = llcp;
|
||||
|
||||
/* do { */
|
||||
if ((i = pcap_read_rec(&rec)) <= 0)
|
||||
return i;
|
||||
|
||||
@ -223,12 +264,11 @@ int cnt, *dir;
|
||||
if (read(pfd, s, i) != i)
|
||||
return -2;
|
||||
|
||||
l = &llcs[s_type];
|
||||
i -= l->lc_sz;
|
||||
s += l->lc_to;
|
||||
bcopy(s, ty, l->lc_tl);
|
||||
s += l->lc_tl;
|
||||
} while (ty[0] != 0x8 && ty[1] != 0);
|
||||
/* } while (ty[0] != 0x8 && ty[1] != 0); */
|
||||
n = MIN(i, cnt);
|
||||
bcopy(s, buf, n);
|
||||
return n;
|
||||
|
@ -7,7 +7,7 @@
|
||||
/*
|
||||
* Written to comply with the recent RFC 1761 from Sun.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -38,7 +38,7 @@
|
||||
#include "ipt.h"
|
||||
|
||||
#if !defined(lint)
|
||||
static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 2.2.2.3 2002/02/22 15:32:54 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 2.2.2.4 2002/12/06 11:40:26 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
struct llc {
|
||||
|
@ -26,7 +26,7 @@ tcpdump -nqte
|
||||
8:0:20:f:65:f7 0:0:c:1:8a:c5 81: 128.250.133.13.23 > 128.250.20.20.2419: tcp 27
|
||||
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -61,7 +61,7 @@ tcpdump -nqte
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2.2.3 2002/06/27 14:29:17 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2.2.4 2002/12/06 11:40:26 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
static int tcpd_open __P((char *));
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -44,7 +44,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.3.2.7 2002/06/27 14:29:17 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.3.2.8 2002/12/06 11:40:26 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
extern int opts;
|
||||
|
@ -5,7 +5,7 @@
|
||||
*
|
||||
* Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -60,7 +60,7 @@ extern char *sys_errlist[];
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.21 2002/06/06 10:49:19 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.22 2002/12/06 11:40:26 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* Based upon 4.4BSD's /usr/sbin/arp
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <unistd.h>
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -29,7 +29,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: arp.c,v 2.1.4.3 2002/02/22 15:32:57 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: arp.c,v 2.1.4.4 2002/12/06 11:40:35 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <errno.h>
|
||||
@ -32,7 +32,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "%W% %G% (C)1995";
|
||||
static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.4 2002/02/22 15:32:57 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.5 2002/12/06 11:40:35 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
static char *ipbuf = NULL, *ethbuf = NULL;
|
||||
|
@ -8,7 +8,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -34,7 +34,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1.4.3 2002/02/22 15:32:57 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1.4.4 2002/12/06 11:40:35 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <sys/param.h>
|
||||
@ -25,7 +25,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.3 2002/02/22 15:32:58 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.4 2002/12/06 11:40:35 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -8,7 +8,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -37,7 +37,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2.2.3 2002/02/22 15:32:58 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2.2.4 2002/12/06 11:40:35 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -5,9 +5,9 @@
|
||||
*/
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: lsock.c,v 2.1.4.2 2002/02/22 15:32:58 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: lsock.c,v 2.1.4.3 2002/12/06 11:40:36 darrenr Exp $";
|
||||
#endif
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
|
@ -8,7 +8,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -38,7 +38,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.4 2002/02/22 15:32:58 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.5 2002/12/06 11:40:36 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -4,7 +4,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
|
@ -12,7 +12,7 @@
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# define _KMEMUSER
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
@ -64,7 +64,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.22 2002/06/04 14:52:58 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.24 2002/12/06 11:40:26 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
extern char *optarg;
|
||||
@ -92,6 +92,7 @@ char *argv[];
|
||||
{
|
||||
char *datain, *iface, *ifname, *packet, *logout;
|
||||
int fd, i, dir, c, loaded, dump, hlen;
|
||||
struct in_addr src;
|
||||
struct ifnet *ifp;
|
||||
struct ipread *r;
|
||||
u_long buf[2048];
|
||||
@ -103,6 +104,7 @@ char *argv[];
|
||||
r = &iptext;
|
||||
iface = NULL;
|
||||
logout = NULL;
|
||||
src.s_addr = 0;
|
||||
ifname = "anon0";
|
||||
datain = NULL;
|
||||
|
||||
@ -112,7 +114,7 @@ char *argv[];
|
||||
ipflog_init();
|
||||
fr_running = 1;
|
||||
|
||||
while ((c = getopt(argc, argv, "6bdDEHi:I:l:NoPr:RSTvxX")) != -1)
|
||||
while ((c = getopt(argc, argv, "6bdDEHi:I:l:NoPr:Rs:STvxX")) != -1)
|
||||
switch (c)
|
||||
{
|
||||
case '6' :
|
||||
@ -149,6 +151,9 @@ char *argv[];
|
||||
return -1;
|
||||
loaded = 1;
|
||||
break;
|
||||
case 's' :
|
||||
src.s_addr = inet_addr(optarg);
|
||||
break;
|
||||
case 'v' :
|
||||
opts |= OPT_VERBOSE;
|
||||
break;
|
||||
@ -208,11 +213,21 @@ char *argv[];
|
||||
ip->ip_off = ntohs(ip->ip_off);
|
||||
ip->ip_len = ntohs(ip->ip_len);
|
||||
hlen = ip->ip_hl << 2;
|
||||
if (src.s_addr != 0) {
|
||||
if (src.s_addr == ip->ip_src.s_addr)
|
||||
dir = 1;
|
||||
else if (src.s_addr == ip->ip_dst.s_addr)
|
||||
dir = 0;
|
||||
}
|
||||
}
|
||||
#ifdef USE_INET6
|
||||
else
|
||||
hlen = sizeof(ip6_t);
|
||||
#endif
|
||||
if (opts & OPT_VERBOSE) {
|
||||
printf("%s on [%s]: ", dir ? "out" : "in",
|
||||
(iface && *iface) ? iface : "??");
|
||||
}
|
||||
packet = (char *)buf;
|
||||
/* ipfr_slowtimer(); */
|
||||
i = fr_check(ip, hlen, ifp, dir, (mb_t **)&packet);
|
||||
|
@ -8,7 +8,7 @@
|
||||
* returns 0 on success, -1 on error.
|
||||
*/
|
||||
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -46,7 +46,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.15 2002/07/27 15:59:37 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.16 2002/12/06 11:40:27 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#ifdef __sgi
|
||||
|
@ -80,12 +80,12 @@ Lock state tables in the kernel.
|
||||
.B \-r
|
||||
Read information in from the specified file and load it into the
|
||||
kernel. This requires the state tables to have already been locked
|
||||
and does not change the lock once comlete.
|
||||
and does not change the lock once complete.
|
||||
.TP
|
||||
.B \-w
|
||||
Write information out to the specified file and from the kernel.
|
||||
This requires the state tables to have already been locked
|
||||
and does not change the lock once comlete.
|
||||
and does not change the lock once complete.
|
||||
.TP
|
||||
.B \-R
|
||||
Restores all saved state information, if any, from two files,
|
||||
|
@ -7,10 +7,10 @@ The format for files accepted by ipnat is described by the following grammar:
|
||||
.nf
|
||||
ipmap :: = mapblock | redir | map .
|
||||
|
||||
map ::= mapit ifname ipmask "->" dstipmask [ mapport ] .
|
||||
map ::= mapit ifname fromto "->" dstipmask [ mapport ] .
|
||||
mapblock ::= "map-block" ifname ipmask "->" ipmask [ ports ] .
|
||||
redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport options .
|
||||
map ::= mapit ifname ipmask "->" dstipmask [ mapport ] mapoptions.
|
||||
map ::= mapit ifname fromto "->" dstipmask [ mapport ] mapoptions.
|
||||
mapblock ::= "map-block" ifname ipmask "->" ipmask [ ports ] mapoptions.
|
||||
redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport rdroptions .
|
||||
|
||||
dport ::= "port" portnum [ "-" portnum ] .
|
||||
ports ::= "ports" numports | "auto" .
|
||||
@ -20,7 +20,8 @@ fromto ::= "from" object "to" object .
|
||||
ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask .
|
||||
dstipmask ::= ipmask | "range" ip "-" ip .
|
||||
mapport ::= "portmap" tcpudp portspec .
|
||||
options ::= [ tcpudp ] [ rr ] .
|
||||
mapoptions ::= [ tcpudp ] [ "frag" ] [ age ] [ clamp ] .
|
||||
rdroptions ::= [ tcpudp ] [ rr ] [ "frag" ] [ age ] [ clamp ] .
|
||||
|
||||
object :: = addr [ port-comp | port-range ] .
|
||||
addr :: = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
|
||||
@ -28,8 +29,12 @@ port-comp :: = "port" compare port-num .
|
||||
port-range :: = "port" port-num range port-num .
|
||||
|
||||
rr ::= "round-robin" .
|
||||
nummask = host-name [ "/" decnumber ] .
|
||||
tcpudp ::= "tcp" | "udp" | "tcp/udp" .
|
||||
age ::= "age" decnumber [ "/" decnumber ] .
|
||||
clamp ::= "mssclamp" decnumber .
|
||||
tcpudp ::= "tcp/udp" | protocol .
|
||||
|
||||
protocol ::= protocol-name | decnumber .
|
||||
nummask ::= host-name [ "/" decnumber ] .
|
||||
portspec ::= "auto" | portnumber ":" portnumber .
|
||||
portnumber ::= number { numbers } .
|
||||
ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers .
|
||||
@ -107,6 +112,26 @@ rule. Such a rule might look like the following:
|
||||
.PP
|
||||
Only IP address and port numbers can be compared against. This is available
|
||||
with all NAT rules.
|
||||
.SH COMMAND QUALIFIERS
|
||||
At the end of each rule, a number of qualifiers can be used to change how
|
||||
the rule works. They are as follows:
|
||||
.TP
|
||||
protocol
|
||||
A specific protocol may be given either by its name (as found in
|
||||
/etc/protocols) or its number. A special case for supporting both
|
||||
TCP and UDP is allowed with the name \fBtcp/udp\fP.
|
||||
.TP
|
||||
.B round-robin
|
||||
Once a rule with this term has been successfully used, it is put at the
|
||||
bottom of the list of those available so that each one will get used, in
|
||||
turn, in a list of matching left hand sides.
|
||||
.TP
|
||||
.B frag
|
||||
This qualifier is currently has no impact on NAT operation.
|
||||
.TP
|
||||
.B age
|
||||
If more refined timeouts are required than those available globally for
|
||||
NAT settings, this allows you to set them for \fBnon-TCP\fP use.
|
||||
.SH TRANSLATION
|
||||
.PP
|
||||
To the right of the "->" is the address and port specificaton which will be
|
||||
|
@ -29,7 +29,7 @@ active NAT mappings)
|
||||
Show the list of current NAT table entry mappings.
|
||||
.TP
|
||||
.B \-n
|
||||
This flag (no-change) prevents \fBipf\fP from actually making any ioctl
|
||||
This flag (no-change) prevents \fBipnat\fP from actually making any ioctl
|
||||
calls or doing anything which would alter the currently running kernel.
|
||||
.TP
|
||||
.B \-s
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#if (SOLARIS2 >= 7)
|
||||
@ -53,7 +53,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)misc.c 1.3 2/4/96 (C) 1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: misc.c,v 2.2.2.8 2002/04/26 10:24:24 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: misc.c,v 2.2.2.9 2002/12/06 11:40:27 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
extern int opts;
|
||||
|
@ -274,10 +274,10 @@ ipfilterattach(void)
|
||||
static void
|
||||
nifattach()
|
||||
{
|
||||
nif_t *nif, *qf2;
|
||||
struct ifnet *ifp;
|
||||
struct frentry *f;
|
||||
ipnat_t *np;
|
||||
nif_t *nif;
|
||||
|
||||
MUTEX_ENTER(&ipfi_mutex); /* sets interrupt priority level to splhi */
|
||||
|
||||
@ -430,8 +430,8 @@ ipfsync(void)
|
||||
static void
|
||||
nifdetach()
|
||||
{
|
||||
nif_t *nif, *qf2, **qp;
|
||||
struct ifnet *ifp;
|
||||
nif_t *nif, **qp;
|
||||
|
||||
MUTEX_ENTER(&ipfi_mutex); /* sets interrupt priority level to splhi */
|
||||
/*
|
||||
|
@ -61,7 +61,7 @@
|
||||
|
||||
extern int lkmenodev __P((void));
|
||||
|
||||
#if NetBSD >= 199706
|
||||
#if (NetBSD >= 199706) || (defined(OpenBSD) && (OpenBSD >= 200211))
|
||||
int if_ipl_lkmentry __P((struct lkm_table *, int, int));
|
||||
#else
|
||||
#if defined(OpenBSD)
|
||||
@ -80,6 +80,9 @@ static char *ipf_devfiles[] = { IPL_NAME, IPL_NAT, IPL_STATE, IPL_AUTH,
|
||||
|
||||
#if (defined(NetBSD1_0) && (NetBSD1_0 > 1)) || \
|
||||
(defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199511))
|
||||
# if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
|
||||
extern const struct cdevsw ipl_cdevsw;
|
||||
# else
|
||||
struct cdevsw ipldevsw =
|
||||
{
|
||||
iplopen, /* open */
|
||||
@ -93,6 +96,7 @@ struct cdevsw ipldevsw =
|
||||
0, /* mmap */
|
||||
NULL /* strategy */
|
||||
};
|
||||
# endif
|
||||
#else
|
||||
struct cdevsw ipldevsw =
|
||||
{
|
||||
@ -113,14 +117,18 @@ struct cdevsw ipldevsw =
|
||||
#endif
|
||||
int ipl_major = 0;
|
||||
|
||||
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
|
||||
MOD_DEV(IPL_VERSION, "ipl", NULL, -1, &ipl_cdevsw, -1);
|
||||
#else
|
||||
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
|
||||
#endif
|
||||
|
||||
extern int vd_unuseddev __P((void));
|
||||
extern struct cdevsw cdevsw[];
|
||||
extern int nchrdev;
|
||||
|
||||
|
||||
#if NetBSD >= 199706
|
||||
#if (NetBSD >= 199706) || (defined(OpenBSD) && (OpenBSD >= 200211))
|
||||
int if_ipl_lkmentry(lkmtp, cmd, ver)
|
||||
#else
|
||||
#if defined(OpenBSD)
|
||||
@ -143,9 +151,11 @@ static int iplaction(lkmtp, cmd)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd;
|
||||
{
|
||||
int i;
|
||||
struct lkm_dev *args = lkmtp->private.lkm_dev;
|
||||
int err = 0;
|
||||
#if !defined(__NetBSD__) || (__NetBSD_Version__ < 106080000)
|
||||
int i;
|
||||
#endif
|
||||
|
||||
switch (cmd)
|
||||
{
|
||||
@ -153,6 +163,7 @@ int cmd;
|
||||
if (lkmexists(lkmtp))
|
||||
return EEXIST;
|
||||
|
||||
#if !defined(__NetBSD__) || (__NetBSD_Version__ < 106080000)
|
||||
for (i = 0; i < nchrdev; i++)
|
||||
if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
|
||||
cdevsw[i].d_open == iplopen)
|
||||
@ -164,9 +175,22 @@ int cmd;
|
||||
|
||||
ipl_major = i;
|
||||
args->lkm_offset = i; /* slot in cdevsw[] */
|
||||
#else
|
||||
err = devsw_attach(args->lkm_devname,
|
||||
args->lkm_bdev, &args->lkm_bdevmaj,
|
||||
args->lkm_cdev, &args->lkm_cdevmaj);
|
||||
if (err != 0)
|
||||
return (err);
|
||||
ipl_major = args->lkm_cdevmaj;
|
||||
#endif
|
||||
printf("IP Filter: loaded into slot %d\n", ipl_major);
|
||||
return ipl_load();
|
||||
case LKM_E_UNLOAD :
|
||||
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
|
||||
devsw_detach(args->lkm_bdev, args->lkm_cdev);
|
||||
args->lkm_bdevmaj = -1;
|
||||
args->lkm_cdevmaj = -1;
|
||||
#endif
|
||||
err = ipl_unload();
|
||||
if (!err)
|
||||
printf("IP Filter: unloaded from slot %d\n",
|
||||
@ -213,7 +237,11 @@ static int ipl_unload()
|
||||
* Unloading - remove the filter rule check from the IP
|
||||
* input/output stream.
|
||||
*/
|
||||
#if defined(__NetBSD__)
|
||||
error = ipl_disable();
|
||||
#else
|
||||
error = ipldetach();
|
||||
#endif
|
||||
|
||||
if (!error)
|
||||
error = ipl_remove();
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -12,9 +12,9 @@
|
||||
#include <errno.h>
|
||||
#include <sys/types.h>
|
||||
#if !defined(__SVR4) && !defined(__svr4__)
|
||||
#include <strings.h>
|
||||
# include <strings.h>
|
||||
#else
|
||||
#include <sys/byteorder.h>
|
||||
# include <sys/byteorder.h>
|
||||
#endif
|
||||
#include <sys/time.h>
|
||||
#include <sys/param.h>
|
||||
@ -56,7 +56,7 @@ extern char *sys_errlist[];
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.24 2002/04/24 17:30:51 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.27 2002/12/06 11:40:27 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
|
||||
@ -385,6 +385,13 @@ int linenum;
|
||||
}
|
||||
if (hostnum((u_32_t *)&ipn.in_inip, *cpp, linenum) == -1)
|
||||
return NULL;
|
||||
#if SOLARIS
|
||||
if (ntohl(ipn.in_inip) == INADDR_LOOPBACK) {
|
||||
fprintf(stderr,
|
||||
"localhost as destination not supported\n");
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
if (!strcmp(*cpp, ipn.in_ifname))
|
||||
*cpp = "0";
|
||||
@ -525,6 +532,19 @@ int linenum;
|
||||
cpp++;
|
||||
}
|
||||
|
||||
if (*cpp && !strcasecmp(*cpp, "mssclamp")) {
|
||||
cpp++;
|
||||
if (*cpp) {
|
||||
ipn.in_mssclamp = atoi(*cpp);
|
||||
cpp++;
|
||||
} else {
|
||||
fprintf(stderr,
|
||||
"%d: mssclamp with no parameters\n",
|
||||
linenum);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (*cpp) {
|
||||
fprintf(stderr,
|
||||
"%d: extra junk at the end of the line: %s\n",
|
||||
@ -569,14 +589,7 @@ int linenum;
|
||||
if (!*cpp)
|
||||
return &ipn;
|
||||
|
||||
if (ipn.in_redir == NAT_BIMAP) {
|
||||
fprintf(stderr,
|
||||
"%d: extra words at the end of bimap line: %s\n",
|
||||
linenum, *cpp);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!strcasecmp(*cpp, "proxy")) {
|
||||
if (ipn.in_redir != NAT_BIMAP && !strcasecmp(*cpp, "proxy")) {
|
||||
if (ipn.in_redir == NAT_BIMAP) {
|
||||
fprintf(stderr, "%d: cannot use proxy with bimap\n",
|
||||
linenum);
|
||||
@ -631,7 +644,7 @@ int linenum;
|
||||
(void) strncpy(ipn.in_plabel, *cpp, sizeof(ipn.in_plabel));
|
||||
cpp++;
|
||||
|
||||
} else if (!strcasecmp(*cpp, "portmap")) {
|
||||
} else if (ipn.in_redir != NAT_BIMAP && !strcasecmp(*cpp, "portmap")) {
|
||||
if (ipn.in_redir == NAT_BIMAP) {
|
||||
fprintf(stderr, "%d: cannot use portmap with bimap\n",
|
||||
linenum);
|
||||
@ -711,6 +724,18 @@ int linenum;
|
||||
cpp++;
|
||||
}
|
||||
|
||||
if (*cpp && !strcasecmp(*cpp, "mssclamp")) {
|
||||
cpp++;
|
||||
if (*cpp) {
|
||||
ipn.in_mssclamp = atoi(*cpp);
|
||||
cpp++;
|
||||
} else {
|
||||
fprintf(stderr, "%d: mssclamp with no parameters\n",
|
||||
linenum);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (*cpp) {
|
||||
fprintf(stderr, "%d: extra junk at the end of the line: %s\n",
|
||||
linenum, *cpp);
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -28,7 +28,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)opt.c 1.8 4/10/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: opt.c,v 2.2.2.2 2002/02/22 15:32:56 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: opt.c,v 2.2.2.3 2002/12/06 11:40:27 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
extern int opts;
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <sys/types.h>
|
||||
@ -158,7 +158,11 @@ int linenum;
|
||||
} else if (!strcasecmp("nomatch", *cpp)) {
|
||||
fil.fr_flags |= FR_NOMATCH;
|
||||
} else if (!strcasecmp("auth", *cpp)) {
|
||||
fil.fr_flags |= FR_AUTH;
|
||||
fil.fr_flags |= FR_AUTH;
|
||||
if (!strncasecmp(*(cpp+1), "return-rst", 10)) {
|
||||
fil.fr_flags |= FR_RETRST;
|
||||
cpp++;
|
||||
}
|
||||
} else if (!strcasecmp("preauth", *cpp)) {
|
||||
fil.fr_flags |= FR_PREAUTH;
|
||||
} else if (!strcasecmp("skip", *cpp)) {
|
||||
@ -1027,7 +1031,7 @@ int linenum;
|
||||
}
|
||||
} else if (fp->fr_proto == IPPROTO_ICMPV6) {
|
||||
fprintf(stderr, "%d: Unknown ICMPv6 type (%s) specified, %s",
|
||||
linenum, **cp, "(use numeric value instead\n");
|
||||
linenum, **cp, "(use numeric value instead)\n");
|
||||
return -1;
|
||||
} else {
|
||||
for (t = icmptypes, i = 0; ; t++, i++) {
|
||||
@ -1214,9 +1218,11 @@ struct frentry *fp;
|
||||
printlog(fp);
|
||||
} else if (fp->fr_flags & FR_ACCOUNT)
|
||||
printf("count");
|
||||
else if (fp->fr_flags & FR_AUTH)
|
||||
else if (fp->fr_flags & FR_AUTH) {
|
||||
printf("auth");
|
||||
else if (fp->fr_flags & FR_PREAUTH)
|
||||
if ((fp->fr_flags & FR_RETMASK) == FR_RETRST)
|
||||
printf(" return-rst");
|
||||
} else if (fp->fr_flags & FR_PREAUTH)
|
||||
printf("preauth");
|
||||
else if (fp->fr_skip)
|
||||
printf("skip %hu", fp->fr_skip);
|
||||
|
@ -5,7 +5,7 @@
|
||||
*
|
||||
* Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -58,7 +58,7 @@ extern char *sys_errlist[];
|
||||
#endif
|
||||
|
||||
#if !defined(lint)
|
||||
static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.10 2002/08/28 12:45:51 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.13 2002/12/06 11:40:27 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
|
||||
@ -145,14 +145,18 @@ int opts;
|
||||
ftp.ftp_side[0].ftps_buf[FTP_BUFSZ - 1] = '\0';
|
||||
ftp.ftp_side[1].ftps_buf[FTP_BUFSZ - 1] = '\0';
|
||||
printf("\tClient:\n");
|
||||
printf("\t\tseq %x len %d junk %d cmds %d\n",
|
||||
ftp.ftp_side[0].ftps_seq, ftp.ftp_side[0].ftps_len,
|
||||
printf("\t\tseq %08x%08x len %d junk %d cmds %d\n",
|
||||
ftp.ftp_side[0].ftps_seq[1],
|
||||
ftp.ftp_side[0].ftps_seq[0],
|
||||
ftp.ftp_side[0].ftps_len,
|
||||
ftp.ftp_side[0].ftps_junk, ftp.ftp_side[0].ftps_cmds);
|
||||
printf("\t\tbuf [");
|
||||
printbuf(ftp.ftp_side[0].ftps_buf, FTP_BUFSZ, 1);
|
||||
printf("]\n\tServer:\n");
|
||||
printf("\t\tseq %x len %d junk %d cmds %d\n",
|
||||
ftp.ftp_side[1].ftps_seq, ftp.ftp_side[1].ftps_len,
|
||||
printf("\t\tseq %08x%08x len %d junk %d cmds %d\n",
|
||||
ftp.ftp_side[1].ftps_seq[1],
|
||||
ftp.ftp_side[1].ftps_seq[0],
|
||||
ftp.ftp_side[1].ftps_len,
|
||||
ftp.ftp_side[1].ftps_junk, ftp.ftp_side[1].ftps_cmds);
|
||||
printf("\t\tbuf [");
|
||||
printbuf(ftp.ftp_side[1].ftps_buf, FTP_BUFSZ, 1);
|
||||
@ -387,6 +391,8 @@ int opts;
|
||||
printf(" frag");
|
||||
if (np->in_age[0])
|
||||
printf(" age %d/%d", np->in_age[0], np->in_age[1]);
|
||||
if (np->in_mssclamp)
|
||||
printf(" mssclamp %u", np->in_mssclamp);
|
||||
printf("\n");
|
||||
if (opts & OPT_DEBUG)
|
||||
printf("\tspc %lu flg %#x max %u use %d\n",
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#ifdef __sgi
|
||||
#if defined(__sgi) && (IRIX > 602)
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <sys/types.h>
|
||||
|
@ -16,6 +16,10 @@
|
||||
#include <netinet/in.h>
|
||||
#include <net/if.h>
|
||||
#include <sys/socket.h>
|
||||
#if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 105000000)
|
||||
# include <poll.h>
|
||||
# define USE_POLL
|
||||
#endif
|
||||
#include "ip_nat.h"
|
||||
|
||||
#define RELAY_BUFSZ 8192
|
||||
@ -26,7 +30,11 @@ char obuff[RELAY_BUFSZ];
|
||||
int relay(ifd, ofd, rfd)
|
||||
int ifd, ofd, rfd;
|
||||
{
|
||||
#ifdef USE_POLL
|
||||
struct pollfd set[3];
|
||||
#else
|
||||
fd_set rfds, wfds;
|
||||
#endif
|
||||
char *irh, *irt, *rrh, *rrt;
|
||||
char *iwh, *iwt, *rwh, *rwt;
|
||||
int nfd, n, rw;
|
||||
@ -39,7 +47,21 @@ int ifd, ofd, rfd;
|
||||
if (nfd < rfd)
|
||||
nfd = rfd;
|
||||
|
||||
#ifdef USE_POLL
|
||||
set[0].fd = rfd;
|
||||
set[1].fd = ifd;
|
||||
set[2].fd = ofd;
|
||||
#endif
|
||||
|
||||
while (1) {
|
||||
#ifdef USE_POLL
|
||||
set[0].events = (iwh < (obuff + RELAY_BUFSZ) ? POLLIN : 0) |
|
||||
(irh > irt ? POLLOUT : 0);
|
||||
set[1].events = (irh < (ibuff + RELAY_BUFSZ) ? POLLIN : 0);
|
||||
set[2].events = (iwh > iwt ? POLLOUT : 0);
|
||||
|
||||
switch ((n = poll(set, 3, INFTIM)))
|
||||
#else
|
||||
FD_ZERO(&rfds);
|
||||
FD_ZERO(&wfds);
|
||||
if (irh > irt)
|
||||
@ -52,12 +74,18 @@ int ifd, ofd, rfd;
|
||||
FD_SET(rfd, &rfds);
|
||||
|
||||
switch ((n = select(nfd + 1, &rfds, &wfds, NULL, NULL)))
|
||||
#endif
|
||||
{
|
||||
case -1 :
|
||||
case 0 :
|
||||
return -1;
|
||||
default :
|
||||
if (FD_ISSET(ifd, &rfds)) {
|
||||
#ifdef USE_POLL
|
||||
if (set[1].revents & POLLIN)
|
||||
#else
|
||||
if (FD_ISSET(ifd, &rfds))
|
||||
#endif
|
||||
{
|
||||
rw = read(ifd, irh, ibuff + RELAY_BUFSZ - irh);
|
||||
if (rw == -1)
|
||||
return -1;
|
||||
@ -66,14 +94,24 @@ int ifd, ofd, rfd;
|
||||
irh += rw;
|
||||
n--;
|
||||
}
|
||||
if (n && FD_ISSET(ofd, &wfds)) {
|
||||
#ifdef USE_POLL
|
||||
if (set[2].revents & POLLOUT)
|
||||
#else
|
||||
if (n && FD_ISSET(ofd, &wfds))
|
||||
#endif
|
||||
{
|
||||
rw = write(ofd, iwt, iwh - iwt);
|
||||
if (rw == -1)
|
||||
return -1;
|
||||
iwt += rw;
|
||||
n--;
|
||||
}
|
||||
if (n && FD_ISSET(rfd, &rfds)) {
|
||||
#ifdef USE_POLL
|
||||
if (set[0].revents & POLLIN)
|
||||
#else
|
||||
if (n && FD_ISSET(rfd, &rfds))
|
||||
#endif
|
||||
{
|
||||
rw = read(rfd, iwh, obuff + RELAY_BUFSZ - iwh);
|
||||
if (rw == -1)
|
||||
return -1;
|
||||
@ -82,7 +120,12 @@ int ifd, ofd, rfd;
|
||||
iwh += rw;
|
||||
n--;
|
||||
}
|
||||
if (n && FD_ISSET(rfd, &wfds)) {
|
||||
#ifdef USE_POLL
|
||||
if (set[0].revents & POLLOUT)
|
||||
#else
|
||||
if (n && FD_ISSET(rfd, &wfds))
|
||||
#endif
|
||||
{
|
||||
rw = write(rfd, irt, irh - irt);
|
||||
if (rw == -1)
|
||||
return -1;
|
||||
|
@ -28,7 +28,7 @@ intests: in1 in2 in3 in4
|
||||
|
||||
logtests: l1
|
||||
|
||||
ipv6: ipv6.1 ipv6.2
|
||||
ipv6: ipv6.1 ipv6.2 ipv6.3
|
||||
|
||||
0:
|
||||
@(cd ..; make ipftest; )
|
||||
@ -60,7 +60,7 @@ in1 in2 in3 in4:
|
||||
l1:
|
||||
@/bin/sh ./logtest $@
|
||||
|
||||
ipv6.1 ipv6.2:
|
||||
ipv6.1 ipv6.2 ipv6.3:
|
||||
@/bin/sh ./dotest6 $@
|
||||
|
||||
clean:
|
||||
@ -70,5 +70,5 @@ clean:
|
||||
/bin/rm -f ni1 ni2 ni3 ni4 ni5
|
||||
/bin/rm -f in1 in2 in3 in4
|
||||
/bin/rm -f l1
|
||||
/bin/rm -f ipv6.1 ipv6.2
|
||||
/bin/rm -f ipv6.1 ipv6.2 ipv6.3
|
||||
/bin/rm -f results/*
|
||||
|
6
contrib/ipfilter/test/expected/ipv6.3
Normal file
6
contrib/ipfilter/test/expected/ipv6.3
Normal file
@ -0,0 +1,6 @@
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
--------
|
@ -3,6 +3,7 @@
|
||||
4500 0028 10ca 4000 ff06 328c 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 76c5 5010 269c 5aa0 0000
|
||||
4500 006f ffde 4000 ef06 5330 96cb e002 c0a8 0103 0015 8032 3786 76c5 bd6b c9c9 5018 269c 967e 0000 3232 302d 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 7520 4e63 4654 5064 2053 6572 7665 7220 2866 7265 6520 6564 7563 6174 696f 6e61 6c20 6c69 6365 6e73 6529 2072 6561 6479 2e0d 0a
|
||||
4500 0028 10cb 4000 ff06 328b 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 770c 5010 269c 5a59 0000
|
||||
ippr_ftp_server_valid:junk after cmd[220-Maintained by RSSS and RSPAS IT Staff (previously known as Coombs Comp]
|
||||
4500 00c7 ffdf 4000 ef06 52d7 96cb e002 c0a8 0103 0015 8032 3786 770c bd6b c9c9 5018 269c 1087 0000 3232 302d 0d0a 3232 302d 4d61 696e 7461 696e 6564 2062 7920 5253 5353 2061 6e64 2052 5350 4153 2049 5420 5374 6166 6620 2870 7265 7669 6f75 736c 7920 6b6e 6f77 6e20 6173 2043 6f6f 6d62 7320 436f 6d70 7574 696e 6720 556e 6974 290d 0a32 3230 2d41 6e79 2070 726f 626c 656d 7320 636f 6e74 6163 7420 6674 706d 6173 7465 7240 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 750d 0a32 3230 2d0d 0a32 3230 200d 0a
|
||||
4500 0028 10cc 4000 ff06 328a 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5010 269c 59ba 0000
|
||||
4500 0038 10cd 4000 ff06 3279 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5018 269c d1c5 0000 5553 4552 2061 6e6f 6e79 6d6f 7573 0d0a
|
||||
|
30
contrib/ipfilter/test/input/ipv6.3
Normal file
30
contrib/ipfilter/test/input/ipv6.3
Normal file
@ -0,0 +1,30 @@
|
||||
[out,gif0]
|
||||
6000 0000 0010 3a40 3ffe 8280 0000 2001
|
||||
0000 0000 0000 4395 3ffe 8280 0000 2001
|
||||
0000 0000 0000 4394 8000 3f77 085c 0038
|
||||
0c06 b73d 1b3d 0d00
|
||||
|
||||
[in,gif0]
|
||||
6000 0000 0010 3a40 3ffe 8280 0000 2001
|
||||
0000 0000 0000 4393 3ffe 8280 0000 2001
|
||||
0000 0000 0000 4395 8100 3e77 085c 0038
|
||||
0c06 b73d 1b3d 0d00
|
||||
|
||||
[in,gif0]
|
||||
6000 0000 0010 3a40 3ffe 8280 0000 2001
|
||||
0000 0000 0000 4394 3ffe 8280 0000 2001
|
||||
0000 0000 0000 4395 8300 3e77 085c 0038
|
||||
0c06 b73d 1b3d 0d00
|
||||
|
||||
[in,gif0]
|
||||
6000 0000 0010 3a40 3ffe 8280 0000 2001
|
||||
0000 0000 0000 4394 3ffe 8280 0000 2001
|
||||
0000 0000 0000 4395 8000 3e77 085c 0038
|
||||
0c06 b73d 1b3d 0d00
|
||||
|
||||
[in,gif0]
|
||||
6000 0000 0010 3a40 3ffe 8280 0000 2001
|
||||
0000 0000 0000 4394 3ffe 8280 0000 2001
|
||||
0000 0000 0000 4395 8100 3e77 085c 0038
|
||||
0c06 b73d 1b3d 0d00
|
||||
|
@ -1,7 +1,7 @@
|
||||
[out,ppp0]
|
||||
4500 002c 10c9 4000 ff06 3289 c0a8 0103
|
||||
96cb e002 8032 0015 bd6b c9c8 0000 0000
|
||||
6002 2238 35f9 0000 0204 05b4 3cb9
|
||||
6002 2238 35f9 0000 0204 05b4
|
||||
|
||||
[in,ppp0]
|
||||
4500 002c ffdd 4000 ef06 5374 96cb e002
|
||||
@ -11,7 +11,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10ca 4000 ff06 328c c0a8 0103
|
||||
96cb e002 8032 0015 bd6b c9c9 3786 76c5
|
||||
5010 269c 9af6 0000 c0a8 0103 0015
|
||||
5010 269c 9af6 0000
|
||||
|
||||
[in,ppp0]
|
||||
4500 006f ffde 4000 ef06 5330 96cb e002
|
||||
@ -25,7 +25,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10cb 4000 ff06 328b c0a8 0103
|
||||
96cb e002 8032 0015 bd6b c9c9 3786 770c
|
||||
5010 269c 9aaf 0000 0111 aa28 c0a8
|
||||
5010 269c 9aaf 0000
|
||||
|
||||
[in,ppp0]
|
||||
4500 00c7 ffdf 4000 ef06 52d7 96cb e002
|
||||
@ -45,7 +45,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10cc 4000 ff06 328a c0a8 0103
|
||||
96cb e002 8032 0015 bd6b c9c9 3786 77ab
|
||||
5010 269c 9a10 0000 c0a8 0103 206c
|
||||
5010 269c 9a10 0000
|
||||
|
||||
[out,ppp0]
|
||||
4500 0038 10cd 4000 ff06 3279 c0a8 0103
|
||||
@ -70,7 +70,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10ce 4000 ff06 3288 c0a8 0103
|
||||
96cb e002 8032 0015 bd6b c9d9 3786 77ef
|
||||
5010 269c 99bc 0000 c0a8 0103 0015
|
||||
5010 269c 99bc 0000
|
||||
|
||||
[out,ppp0]
|
||||
4500 0036 10cf 4000 ff06 3279 c0a8 0103
|
||||
@ -89,7 +89,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10d0 4000 ff06 3286 c0a8 0103
|
||||
96cb e002 8032 0015 bd6b c9e7 3786 7826
|
||||
5010 269c 9977 0000 0000 0800 207a
|
||||
5010 269c 9977 0000
|
||||
|
||||
[in,ppp0]
|
||||
4500 0099 ffe3 4000 ef06 5301 96cb e002
|
||||
@ -106,7 +106,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10d1 4000 ff06 3285 c0a8 0103
|
||||
96cb e002 8032 0015 bd6b c9e7 3786 7897
|
||||
5010 269c 9906 0000 c0a8 0103 0015
|
||||
5010 269c 9906 0000
|
||||
|
||||
[out,ppp0]
|
||||
4500 0030 10d2 4000 ff06 327c c0a8 0103
|
||||
@ -122,7 +122,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10d3 4000 ff06 3283 c0a8 0103
|
||||
96cb e002 8032 0015 bd6b c9ef 3786 78a7
|
||||
5010 269c 98ee 0000 c0a8 0103 0015
|
||||
5010 269c 98ee 0000
|
||||
|
||||
[out,ppp0]
|
||||
4500 0041 10d4 4000 ff06 3269 c0a8 0103
|
||||
@ -162,7 +162,7 @@
|
||||
[out,ppp0]
|
||||
4500 002c 10d7 4000 ff06 327b c0a8 0103
|
||||
96cb e002 8033 0014 bd78 5c12 d9f8 11d5
|
||||
6012 02f8 d734 0000 0204 0584 3cc7
|
||||
6012 02f8 d734 0000 0204 0584
|
||||
|
||||
[in,ppp0]
|
||||
4500 0028 ffe8 4000 ef06 536d 96cb e002
|
||||
@ -180,7 +180,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10d8 4000 ff06 327e c0a8 0103
|
||||
96cb e002 8033 0014 bd78 5c13 d9f8 11d5
|
||||
5010 6348 8e71 0000 c0a8 0103 0015
|
||||
5010 6348 8e71 0000
|
||||
|
||||
[in,ppp0]
|
||||
4500 0063 ffea 4000 ef06 5330 96cb e002
|
||||
@ -194,7 +194,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10d9 4000 ff06 327d c0a8 0103
|
||||
96cb e002 8033 0014 bd78 5c13 d9f8 1210
|
||||
5010 6348 8e36 0000 c0a8 0103 0014
|
||||
5010 6348 8e36 0000
|
||||
|
||||
[in,ppp0]
|
||||
4500 0028 ffeb 4000 ef06 536a 96cb e002
|
||||
@ -204,12 +204,12 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10da 4000 ff06 327c c0a8 0103
|
||||
96cb e002 8033 0014 bd78 5c13 d9f8 1211
|
||||
5010 6348 8e35 0000 c0a8 0103 0014
|
||||
5010 6348 8e35 0000
|
||||
|
||||
[out,ppp0]
|
||||
4500 0028 10db 4000 ff06 327b c0a8 0103
|
||||
96cb e002 8033 0014 bd78 5c13 d9f8 1211
|
||||
5011 6348 8e34 0000 c0a8 0103 0014
|
||||
5011 6348 8e34 0000
|
||||
|
||||
[in,ppp0]
|
||||
4500 0028 ffec 4000 ef06 5369 96cb e002
|
||||
@ -219,7 +219,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10dc 4000 ff06 327a c0a8 0103
|
||||
96cb e002 8032 0015 bd6b ca16 3786 790a
|
||||
5010 269c 9864 0000 c0a8 0103 0014
|
||||
5010 269c 9864 0000
|
||||
|
||||
[in,ppp0]
|
||||
4500 0040 ffed 4000 ef06 5350 96cb e002
|
||||
@ -241,7 +241,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10de 4000 ff06 3278 c0a8 0103
|
||||
96cb e002 8032 0015 bd6b ca1e 3786 7932
|
||||
5010 269c 9834 0000 6720 636f 6d70
|
||||
5010 269c 9834 0000
|
||||
|
||||
[out,ppp0]
|
||||
4500 002e 10df 4000 ff06 3271 c0a8 0103
|
||||
@ -257,7 +257,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10e0 4000 ff06 3276 c0a8 0103
|
||||
96cb e002 8032 0015 bd6b ca24 3786 7940
|
||||
5011 269c 981f 0000 c0a8 0103 0015
|
||||
5011 269c 981f 0000
|
||||
|
||||
[in,ppp0]
|
||||
4500 0028 fff0 4000 ef06 5365 96cb e002
|
||||
@ -267,7 +267,7 @@
|
||||
[out,ppp0]
|
||||
4500 0028 10e1 4000 ff06 3275 c0a8 0103
|
||||
96cb e002 8032 0015 bd6b ca25 3786 7941
|
||||
5010 269c 981e 0000 0663 6f6f 6d62
|
||||
5010 269c 981e 0000
|
||||
|
||||
[in,ppp0]
|
||||
4500 0028 fff1 4000 ef06 5364 96cb e002
|
||||
|
1
contrib/ipfilter/test/regress/ipv6.3
Normal file
1
contrib/ipfilter/test/regress/ipv6.3
Normal file
@ -0,0 +1 @@
|
||||
pass out log quick on gif0 proto ipv6-icmp from any to any icmp-type 128 keep state
|
Loading…
Reference in New Issue
Block a user