This commit was generated by cvs2svn to compensate for changes in r110917,

which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Darren Reed 2003-02-15 06:27:40 +00:00
commit 50d563d31c
48 changed files with 1036 additions and 178 deletions

View File

@ -246,7 +246,7 @@ install:
for i in ip_compat.h ip_fil.h ip_nat.h ip_state.h ip_proxy.h \
ip_frag.h ip_auth.h; do \
/bin/cp $(TOP)/$$i /usr/include/netinet/; \
-$(CHMOD) 444 /usr/include/netinet/$$i; \
$(CHMOD) 444 /usr/include/netinet/$$i; \
done
-if [ -d /lkm -a -f if_ipl.o ] ; then \
cp if_ipl.o /lkm; \

View File

@ -31,6 +31,24 @@ for i in ip_fil.[ch] fil.c ip_nat.[ch] ip_frag.[ch] ip_state.[ch] ip_proxy.[ch]
chmod 644 $ipfdir/$i
done
echo ""
echo -n "Installing into /usr/include/netinet"
for j in auth compat fil frag nat proxy state ; do
i=ip_$j.h
if [ -f "$i" ] ; then
echo -n " $i"
cp $i /usr/include/netinet/$i
chmod 644 /usr/include/netinet/$i
fi
done
for j in ipl.h; do
if [ -f "$j" ] ; then
echo -n " $j"
cp $j /usr/include/netinet/$j
chmod 644 /usr/include/netinet/$j
fi
done
echo
if [ -f /sys/netinet/ip_fil_compat.h ] ; then
echo "Linking /sys/netinet/ip_compat.h to /sys/netinet/ip_fil_compat.h"
rm /sys/netinet/ip_fil_compat.h

View File

@ -5,7 +5,7 @@ To build a kernel with the IP filter, follow these seven steps:
2. do "make install-bsd"
(probably has to be done as root)
3. run "FreeBSD-4/kinstall" as root
3. run "FreeBSD-4.0/kinstall" as root
4. build a new kernel

View File

@ -22,6 +22,52 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
3.4.31 7/12/2002 - Released
Solaris 10 compatibility
fix linking into pfil in NetBSD
fix IRIX 6.2 compatibility
add code to check consistency of fr_checkp/fr_check on non-Solaris
OpenBSD: missing patches for ip6_output.c on OpenBSD 3.2,
make LKM work for 3.2 (OpenBSD LKMs now match NetBSD)
3.4.30 26/11/2002 - Released
attempt to detect using GNU make and abort if so
OpenBSD 3.2 patches from Stefan Hermes von GMX
add MSS clamping code from NetBSD
correctly display ipv6 output with ipfstat for (accounting) rules
fix problems with ioctl handling for /dev/ipauth
set SYN bit in rcmd fake packet to create back channel
make libpcap reader capable of determining in/out (not in libpcap file)
and add more DLT types
do not allow redirects to localhost for Solaris in NAT parser
allow return-rst with auth rules
man page corrections
fix for handling ipv6 icmp errors
fix up ipfs command line option processing
only allow processing a ftp 227 response following a PASV command
NetBSD: use poll() and adapt to new cdevsw mechanism
make flushing for just ipv6 things work
3.4.29 28/8/2002 - Released
Make substantial changes to the FTP proxy to improve reliability, security

View File

@ -3,7 +3,7 @@
#
# See the IPFILTER.LICENCE file for details on licencing.
#
# $Id: Makefile,v 2.11.2.13 2002/03/06 09:43:15 darrenr Exp $
# $Id: Makefile,v 2.11.2.15 2002/12/02 04:22:56 darrenr Exp $
#
BINDEST=/usr/local/bin
SBINDEST=/sbin
@ -91,7 +91,6 @@ all:
@echo "bsd - compile for generic 4.4BSD systems"
@echo "bsdi - compile for BSD/OS"
@echo "irix - compile for SGI IRIX"
@echo "linux - compile for Linux 2.0.31+"
@echo ""
tests:
@ -237,15 +236,15 @@ get:
fi \
done
sunos4 solaris1:
sunos4 solaris1: null
(cd SunOS4; make build TOP=.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
(cd SunOS4; make -f Makefile.ipsend "CC=$(CC)" TOP=.. $(DEST) $(MFLAGS); cd ..)
sunos5 solaris2:
sunos5 solaris2: null
(cd SunOS5/$(CPUDIR); make build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Dsparc -D__sparc__"; cd ..)
(cd SunOS5/$(CPUDIR); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
sunos5x86 solaris2x86:
sunos5x86 solaris2x86: null
(cd SunOS5/$(CPUDIR); make build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Di86pc -Di386 -D__i386__"; cd ..)
(cd SunOS5/$(CPUDIR); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
@ -282,3 +281,10 @@ rcsget:
do-cvs:
find . -type d -name CVS -print | xargs /bin/rm -rf
find . -type f -name .cvsignore -print | xargs /bin/rm -f
null:
-@if [ "`$(MAKE) -v 2>&1 | sed -ne 's/GNU.*/GNU/p'`" = "GNU" ] ; then \
echo 'Do not use GNU make (gmake) to compile IPFilter'; \
exit 1; \
fi
-@echo make ok

450
contrib/ipfilter/bpf.h Normal file
View File

@ -0,0 +1,450 @@
/*-
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* This code is derived from the Stanford/CMU enet packet filter,
* (net/enet.c) distributed as part of 4.3BSD, and code contributed
* to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
* Berkeley Laboratory.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
*
* @(#) $Header: /devel/CVS/IP-Filter/Attic/bpf.h,v 1.1.2.1 2002/11/07 13:18:35 darrenr Exp $ (LBL)
*/
#ifndef BPF_MAJOR_VERSION
#ifdef __cplusplus
extern "C" {
#endif
/* BSD style release date */
#define BPF_RELEASE 199606
typedef int bpf_int32;
typedef u_int bpf_u_int32;
/*
* Alignment macros. BPF_WORDALIGN rounds up to the next
* even multiple of BPF_ALIGNMENT.
*/
#ifndef __NetBSD__
#define BPF_ALIGNMENT sizeof(bpf_int32)
#else
#define BPF_ALIGNMENT sizeof(long)
#endif
#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
#define BPF_MAXINSNS 512
#define BPF_MAXBUFSIZE 0x8000
#define BPF_MINBUFSIZE 32
/*
* Structure for BIOCSETF.
*/
struct bpf_program {
u_int bf_len;
struct bpf_insn *bf_insns;
};
/*
* Struct returned by BIOCGSTATS.
*/
struct bpf_stat {
u_int bs_recv; /* number of packets received */
u_int bs_drop; /* number of packets dropped */
};
/*
* Struct return by BIOCVERSION. This represents the version number of
* the filter language described by the instruction encodings below.
* bpf understands a program iff kernel_major == filter_major &&
* kernel_minor >= filter_minor, that is, if the value returned by the
* running kernel has the same major number and a minor number equal
* equal to or less than the filter being downloaded. Otherwise, the
* results are undefined, meaning an error may be returned or packets
* may be accepted haphazardly.
* It has nothing to do with the source code version.
*/
struct bpf_version {
u_short bv_major;
u_short bv_minor;
};
/* Current version number of filter architecture. */
#define BPF_MAJOR_VERSION 1
#define BPF_MINOR_VERSION 1
/*
* BPF ioctls
*
* The first set is for compatibility with Sun's pcc style
* header files. If your using gcc, we assume that you
* have run fixincludes so the latter set should work.
*/
#if (defined(sun) || defined(ibm032)) && !defined(__GNUC__)
#define BIOCGBLEN _IOR(B,102, u_int)
#define BIOCSBLEN _IOWR(B,102, u_int)
#define BIOCSETF _IOW(B,103, struct bpf_program)
#define BIOCFLUSH _IO(B,104)
#define BIOCPROMISC _IO(B,105)
#define BIOCGDLT _IOR(B,106, u_int)
#define BIOCGETIF _IOR(B,107, struct ifreq)
#define BIOCSETIF _IOW(B,108, struct ifreq)
#define BIOCSRTIMEOUT _IOW(B,109, struct timeval)
#define BIOCGRTIMEOUT _IOR(B,110, struct timeval)
#define BIOCGSTATS _IOR(B,111, struct bpf_stat)
#define BIOCIMMEDIATE _IOW(B,112, u_int)
#define BIOCVERSION _IOR(B,113, struct bpf_version)
#define BIOCSTCPF _IOW(B,114, struct bpf_program)
#define BIOCSUDPF _IOW(B,115, struct bpf_program)
#else
#define BIOCGBLEN _IOR('B',102, u_int)
#define BIOCSBLEN _IOWR('B',102, u_int)
#define BIOCSETF _IOW('B',103, struct bpf_program)
#define BIOCFLUSH _IO('B',104)
#define BIOCPROMISC _IO('B',105)
#define BIOCGDLT _IOR('B',106, u_int)
#define BIOCGETIF _IOR('B',107, struct ifreq)
#define BIOCSETIF _IOW('B',108, struct ifreq)
#define BIOCSRTIMEOUT _IOW('B',109, struct timeval)
#define BIOCGRTIMEOUT _IOR('B',110, struct timeval)
#define BIOCGSTATS _IOR('B',111, struct bpf_stat)
#define BIOCIMMEDIATE _IOW('B',112, u_int)
#define BIOCVERSION _IOR('B',113, struct bpf_version)
#define BIOCSTCPF _IOW('B',114, struct bpf_program)
#define BIOCSUDPF _IOW('B',115, struct bpf_program)
#endif
/*
* Structure prepended to each packet.
*/
struct bpf_hdr {
struct timeval bh_tstamp; /* time stamp */
bpf_u_int32 bh_caplen; /* length of captured portion */
bpf_u_int32 bh_datalen; /* original length of packet */
u_short bh_hdrlen; /* length of bpf header (this struct
plus alignment padding) */
};
/*
* Because the structure above is not a multiple of 4 bytes, some compilers
* will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work.
* Only the kernel needs to know about it; applications use bh_hdrlen.
*/
#if defined(KERNEL) || defined(_KERNEL)
#define SIZEOF_BPF_HDR 18
#endif
/*
* Data-link level type codes.
*/
/*
* These are the types that are the same on all platforms; on other
* platforms, a <net/bpf.h> should be supplied that defines the additional
* DLT_* codes appropriately for that platform (the BSDs, for example,
* should not just pick up this version of "bpf.h"; they should also define
* the additional DLT_* codes used by their kernels, as well as the values
* defined here - and, if the values they use for particular DLT_ types
* differ from those here, they should use their values, not the ones
* here).
*/
#define DLT_NULL 0 /* no link-layer encapsulation */
#define DLT_EN10MB 1 /* Ethernet (10Mb) */
#define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */
#define DLT_AX25 3 /* Amateur Radio AX.25 */
#define DLT_PRONET 4 /* Proteon ProNET Token Ring */
#define DLT_CHAOS 5 /* Chaos */
#define DLT_IEEE802 6 /* IEEE 802 Networks */
#define DLT_ARCNET 7 /* ARCNET */
#define DLT_SLIP 8 /* Serial Line IP */
#define DLT_PPP 9 /* Point-to-point Protocol */
#define DLT_FDDI 10 /* FDDI */
/*
* These are values from the traditional libpcap "bpf.h".
* Ports of this to particular platforms should replace these definitions
* with the ones appropriate to that platform, if the values are
* different on that platform.
*/
#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
#define DLT_RAW 12 /* raw IP */
/*
* These are values from BSD/OS's "bpf.h".
* These are not the same as the values from the traditional libpcap
* "bpf.h"; however, these values shouldn't be generated by any
* OS other than BSD/OS, so the correct values to use here are the
* BSD/OS values.
*
* Platforms that have already assigned these values to other
* DLT_ codes, however, should give these codes the values
* from that platform, so that programs that use these codes will
* continue to compile - even though they won't correctly read
* files of these types.
*/
#ifdef __NetBSD__
#ifndef DLT_SLIP_BSDOS
#define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */
#endif
#else
#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
#endif
#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
/*
* These values are defined by NetBSD; other platforms should refrain from
* using them for other purposes, so that NetBSD savefiles with link
* types of 50 or 51 can be read as this type on all platforms.
*/
#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */
#define DLT_PPP_ETHER 51 /* PPP over Ethernet */
/*
* Values between 100 and 103 are used in capture file headers as
* link-layer types corresponding to DLT_ types that differ
* between platforms; don't use those values for new DLT_ new types.
*/
/*
* This value was defined by libpcap 0.5; platforms that have defined
* it with a different value should define it here with that value -
* a link type of 104 in a save file will be mapped to DLT_C_HDLC,
* whatever value that happens to be, so programs will correctly
* handle files with that link type regardless of the value of
* DLT_C_HDLC.
*
* The name DLT_C_HDLC was used by BSD/OS; we use that name for source
* compatibility with programs written for BSD/OS.
*
* libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
* for source compatibility with programs written for libpcap 0.5.
*/
#define DLT_C_HDLC 104 /* Cisco HDLC */
#define DLT_CHDLC DLT_C_HDLC
#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
/*
* Values between 106 and 107 are used in capture file headers as
* link-layer types corresponding to DLT_ types that might differ
* between platforms; don't use those values for new DLT_ new types.
*/
/*
* OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
* that the AF_ type in the link-layer header is in network byte order.
*
* OpenBSD defines it as 12, but that collides with DLT_RAW, so we
* define it as 108 here. If OpenBSD picks up this file, it should
* define DLT_LOOP as 12 in its version, as per the comment above -
* and should not use 108 as a DLT_ value.
*/
#define DLT_LOOP 108
/*
* Values between 109 and 112 are used in capture file headers as
* link-layer types corresponding to DLT_ types that might differ
* between platforms; don't use those values for new DLT_ types
* other than the corresponding DLT_ types.
*/
/*
* This is for Linux cooked sockets.
*/
#define DLT_LINUX_SLL 113
/*
* Apple LocalTalk hardware.
*/
#define DLT_LTALK 114
/*
* Acorn Econet.
*/
#define DLT_ECONET 115
/*
* Reserved for use with OpenBSD ipfilter.
*/
#define DLT_IPFILTER 116
/*
* Reserved for use in capture-file headers as a link-layer type
* corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD,
* but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it
* in capture-file headers.
*/
#define DLT_PFLOG 117
/*
* Registered for Cisco-internal use.
*/
#define DLT_CISCO_IOS 118
/*
* Reserved for 802.11 cards using the Prism II chips, with a link-layer
* header including Prism monitor mode information plus an 802.11
* header.
*/
#define DLT_PRISM_HEADER 119
/*
* Reserved for Aironet 802.11 cards, with an Aironet link-layer header
* (see Doug Ambrisko's FreeBSD patches).
*/
#define DLT_AIRONET_HEADER 120
/*
* Reserved for Siemens HiPath HDLC.
*/
#define DLT_HHDLC 121
/*
* Reserved for RFC 2625 IP-over-Fibre Channel, as per a request from
* Don Lee <donlee@cray.com>.
*
* This is not for use with raw Fibre Channel, where the link-layer
* header starts with a Fibre Channel frame header; it's for IP-over-FC,
* where the link-layer header starts with an RFC 2625 Network_Header
* field.
*/
#define DLT_IP_OVER_FC 122
/*
* The instruction encodings.
*/
/* instruction classes */
#define BPF_CLASS(code) ((code) & 0x07)
#define BPF_LD 0x00
#define BPF_LDX 0x01
#define BPF_ST 0x02
#define BPF_STX 0x03
#define BPF_ALU 0x04
#define BPF_JMP 0x05
#define BPF_RET 0x06
#define BPF_MISC 0x07
/* ld/ldx fields */
#define BPF_SIZE(code) ((code) & 0x18)
#define BPF_W 0x00
#define BPF_H 0x08
#define BPF_B 0x10
#define BPF_MODE(code) ((code) & 0xe0)
#define BPF_IMM 0x00
#define BPF_ABS 0x20
#define BPF_IND 0x40
#define BPF_MEM 0x60
#define BPF_LEN 0x80
#define BPF_MSH 0xa0
/* alu/jmp fields */
#define BPF_OP(code) ((code) & 0xf0)
#define BPF_ADD 0x00
#define BPF_SUB 0x10
#define BPF_MUL 0x20
#define BPF_DIV 0x30
#define BPF_OR 0x40
#define BPF_AND 0x50
#define BPF_LSH 0x60
#define BPF_RSH 0x70
#define BPF_NEG 0x80
#define BPF_JA 0x00
#define BPF_JEQ 0x10
#define BPF_JGT 0x20
#define BPF_JGE 0x30
#define BPF_JSET 0x40
#define BPF_SRC(code) ((code) & 0x08)
#define BPF_K 0x00
#define BPF_X 0x08
/* ret - BPF_K and BPF_X also apply */
#define BPF_RVAL(code) ((code) & 0x18)
#define BPF_A 0x10
/* misc */
#define BPF_MISCOP(code) ((code) & 0xf8)
#define BPF_TAX 0x00
#define BPF_TXA 0x80
/*
* The instruction data structure.
*/
struct bpf_insn {
u_short code;
u_char jt;
u_char jf;
bpf_int32 k;
};
/*
* Macros for insn array initializers.
*/
#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
#if defined(BSD) && (defined(KERNEL) || defined(_KERNEL))
/*
* Systems based on non-BSD kernels don't have ifnet's (or they don't mean
* anything if it is in <net/if.h>) and won't work like this.
*/
# if __STDC__
extern void bpf_tap(struct ifnet *, u_char *, u_int);
extern void bpf_mtap(struct ifnet *, struct mbuf *);
extern void bpfattach(struct ifnet *, u_int, u_int);
extern void bpfilterattach(int);
# else
extern void bpf_tap();
extern void bpf_mtap();
extern void bpfattach();
extern void bpfilterattach();
# endif /* __STDC__ */
#endif /* BSD && (_KERNEL || KERNEL) */
#if __STDC__ || defined(__cplusplus)
extern int bpf_validate(struct bpf_insn *, int);
extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
#else
extern int bpf_validate();
extern u_int bpf_filter();
#endif
/*
* Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
*/
#define BPF_MEMWORDS 16
#ifdef __cplusplus
}
#endif
#endif

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <sys/types.h>

View File

@ -12,7 +12,7 @@
# endif
# endif
#endif
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -32,8 +32,13 @@
(!defined(__FreeBSD_version) || (__FreeBSD_version < 430000))
# undef STATETOP
# endif
# if defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105000000)
# undef STATETOP
# if defined(__NetBSD_Version__)
# if (__NetBSD_Version__ < 105000000)
# undef STATETOP
# else
# include <poll.h>
# define USE_POLL
# endif
# endif
# if defined(sun)
# if defined(__svr4__) || defined(__SVR4)
@ -94,7 +99,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.36 2002/06/27 14:29:16 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.40 2002/12/06 11:40:20 darrenr Exp $";
#endif
extern char *optarg;
@ -104,7 +109,8 @@ extern int optind;
#define FPRINTF (void)fprintf
#define F_IN 0
#define F_OUT 1
#define F_AC 2
#define F_ACIN 2
#define F_ACOUT 3
static char *filters[4] = { "ipfilter(in)", "ipfilter(out)",
"ipacct(in)", "ipacct(out)" };
@ -773,13 +779,22 @@ struct friostat *fiop;
if (opts & OPT_INACTIVE)
set = 1 - set;
if (opts & OPT_ACCNT) {
i = F_AC;
#ifdef USE_INET6
if ((use_inet6) && (opts & OPT_OUTQUE)) {
i = F_ACOUT;
fp = (struct frentry *)fiop->f_acctout6[set];
} else if ((use_inet6) && (opts & OPT_INQUE)) {
i = F_ACIN;
fp = (struct frentry *)fiop->f_acctin6[set];
} else
#endif
if (opts & OPT_OUTQUE) {
i = F_ACOUT;
fp = (struct frentry *)fiop->f_acctout[set];
i++;
} else if (opts & OPT_INQUE)
} else if (opts & OPT_INQUE) {
i = F_ACIN;
fp = (struct frentry *)fiop->f_acctin[set];
else {
} else {
FPRINTF(stderr, "No -i or -o given with -a\n");
return;
}
@ -807,7 +822,7 @@ struct friostat *fiop;
if (opts & OPT_VERBOSE)
PRINTF("fp %p set %d\n", fp, set);
if (!fp) {
if (fp == NULL) {
FPRINTF(stderr, "empty list for %s%s\n",
(opts & OPT_INACTIVE) ? "inactive " : "", filters[i]);
return;
@ -915,12 +930,16 @@ int topclosed;
ipstate_t *istab[IPSTATE_SIZE], ips;
ips_stat_t ipsst, *ipsstp = &ipsst;
statetop_t *tstable = NULL, *tp;
struct timeval selecttimeout;
char hostnm[HOSTNMLEN];
struct protoent *proto;
fd_set readfd;
int c = 0;
time_t t;
#ifdef USE_POLL
struct pollfd set[1];
#else
struct timeval selecttimeout;
fd_set readfd;
#endif
/* open state device */
if ((sfd = open(IPL_STATE, O_RDONLY)) == -1) {
@ -1188,6 +1207,14 @@ int topclosed;
}
/* wait for key press or a 1 second time out period */
#ifdef USE_POLL
set[0].fd = 0;
set[0].events = POLLIN;
poll(set, 1, refreshtime * 1000);
/* if key pressed, read all waiting keys */
if (set[0].revents & POLLIN)
#else
selecttimeout.tv_sec = refreshtime;
selecttimeout.tv_usec = 0;
FD_ZERO(&readfd);
@ -1195,7 +1222,10 @@ int topclosed;
select(1, &readfd, NULL, NULL, &selecttimeout);
/* if key pressed, read all waiting keys */
if (FD_ISSET(0, &readfd)) {
if (FD_ISSET(0, &readfd))
#endif
{
c = wgetch(stdscr);
if (c == ERR)
continue;

View File

@ -4,7 +4,7 @@
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.4 2002/03/06 09:44:11 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.5 2002/10/03 13:47:19 darrenr Exp $";
#endif
#if defined(KERNEL) && !defined(_KERNEL)
@ -327,15 +327,6 @@ int iplioctl(dev_t dev, int cmd, caddr_t data, int mode)
error = IWCOPYPTR((caddr_t)ipfr_fragstats(), data,
sizeof(ipfrstat_t));
break;
case SIOCAUTHW :
case SIOCAUTHR :
if (!(mode & FWRITE)) {
error = EPERM;
break;
}
case SIOCATHST :
error = fr_auth_ioctl(data, mode, cmd, NULL, NULL);
break;
case SIOCFRSYN :
if (!(mode & FWRITE))
error = EPERM;

View File

@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.20 2002/08/28 12:42:44 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.24 2002/12/06 11:42:22 darrenr Exp $";
#endif
#include <sys/types.h>
@ -88,8 +88,8 @@ int ipldetach()
for (i = IPL_LOGMAX; i >= 0; i--)
ipflog_clear(i);
#endif
i = frflush(IPL_LOGIPF, FR_INQUE|FR_OUTQUE|FR_INACTIVE);
i += frflush(IPL_LOGIPF, FR_INQUE|FR_OUTQUE);
i = frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE);
i += frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE);
ipfr_unload();
fr_stateunload();
ip_natunload();
@ -226,7 +226,16 @@ int *rp;
return error;
}
if (unit == IPL_LOGAUTH) {
error = fr_auth_ioctl((caddr_t)data, mode, cmd, NULL, NULL);
if ((cmd == SIOCADAFR) || (cmd == SIOCRMAFR)) {
if (!(mode & FWRITE)) {
error = EPERM;
} else {
error = frrequest(unit, cmd, (caddr_t)data,
fr_active);
}
} else {
error = fr_auth_ioctl((caddr_t)data, mode, cmd);
}
RWLOCK_EXIT(&ipf_solaris);
return error;
}
@ -316,7 +325,7 @@ int *rp;
error = IRCOPY((caddr_t)data, (caddr_t)&tmp,
sizeof(tmp));
if (!error) {
tmp = frflush(unit, tmp);
tmp = frflush(unit, 4, tmp);
error = IWCOPY((caddr_t)&tmp, (caddr_t)data,
sizeof(tmp));
if (error)
@ -324,6 +333,23 @@ int *rp;
}
}
break;
#ifdef USE_INET6
case SIOCIPFL6 :
if (!(mode & FWRITE))
error = EPERM;
else {
error = IRCOPY((caddr_t)data, (caddr_t)&tmp,
sizeof(tmp));
if (!error) {
tmp = frflush(unit, 6, tmp);
error = IWCOPY((caddr_t)&tmp, (caddr_t)data,
sizeof(tmp));
if (error)
error = EFAULT;
}
}
break;
#endif
case SIOCSTLCK :
error = IRCOPY((caddr_t)data, (caddr_t)&tmp, sizeof(tmp));
if (!error) {
@ -383,6 +409,9 @@ int v;
{
size_t len = strlen(name) + 1; /* includes \0 */
ill_t *il;
#if SOLARIS2 >= 10
ill_walk_context_t ctx;
#endif
int sap;
if (v == 4)
@ -391,7 +420,11 @@ int v;
sap = 0x86dd;
else
return NULL;
#if SOLARIS2 >= 10
for (il = ILL_START_WALK_ALL(&ctx); il; il = ill_next(&ctx, il))
#else
for (il = ill_g_head; il; il = il->ill_next)
#endif
if ((len == il->ill_name_length) && (il->ill_sap == sap) &&
!strncmp(il->ill_name, name, len))
return il;
@ -614,6 +647,9 @@ caddr_t data;
}
if (fg && fg->fg_head)
fg->fg_head->fr_ref--;
if (unit == IPL_LOGAUTH) {
return fr_preauthcmd(req, f, ftail);
}
if (f->fr_grhead)
fr_delgroup(f->fr_grhead, fp->fr_flags,
unit, set);
@ -628,6 +664,9 @@ caddr_t data;
if (f) {
error = EEXIST;
} else {
if (unit == IPL_LOGAUTH) {
return fr_preauthcmd(req, fp, ftail);
}
KMALLOC(f, frentry_t *);
if (f != NULL) {
if (fg && fg->fg_head)

View File

@ -12,7 +12,7 @@
# endif
# endif
#endif
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -50,7 +50,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.17 2002/06/27 14:29:17 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.19 2002/12/06 11:41:13 darrenr Exp $";
#endif
#if SOLARIS
@ -440,9 +440,15 @@ char *arg;
rem = fl;
closedevice();
if (opendevice(IPL_STATE) != -2 &&
ioctl(fd, SIOCIPFFL, &fl) == -1)
perror("ioctl(SIOCIPFFL)");
if (opendevice(IPL_STATE) != -2) {
if (use_inet6) {
if (ioctl(fd, SIOCIPFL6, &fl) == -1)
perror("ioctl(SIOCIPFL6)");
} else {
if (ioctl(fd, SIOCIPFFL, &fl) == -1)
perror("ioctl(SIOCIPFFL)");
}
}
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
printf("remove flags %s (%d)\n", arg, rem);
printf("removed %d filter rules\n", fl);
@ -459,8 +465,15 @@ char *arg;
fl |= (opts & FR_INACTIVE);
rem = fl;
if (opendevice(ipfname) != -2 && ioctl(fd, SIOCIPFFL, &fl) == -1)
perror("ioctl(SIOCIPFFL)");
if (opendevice(ipfname) != -2) {
if (use_inet6) {
if (ioctl(fd, SIOCIPFL6, &fl) == -1)
perror("ioctl(SIOCIPFL6)");
} else {
if (ioctl(fd, SIOCIPFFL, &fl) == -1)
perror("ioctl(SIOCIPFFL)");
}
}
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
printf("remove flags %s%s (%d)\n", (rem & FR_INQUE) ? "I" : "",
(rem & FR_OUTQUE) ? "O" : "", rem);

View File

@ -45,7 +45,7 @@
#include "ipf.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.11 2002/06/04 14:44:05 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.12 2002/09/26 12:25:19 darrenr Exp $";
#endif
#ifndef IPF_SAVEDIR
@ -77,19 +77,25 @@ int setlock __P((int, int));
int writeall __P((char *));
int readall __P((char *));
int writenat __P((int, char *));
char *concat __P((char *, char *));
int opts = 0;
void usage()
{
fprintf(stderr, "usage: ipfs [-nv] -l\n");
fprintf(stderr, "usage: ipfs [-nv] -u\n");
fprintf(stderr, "usage: ipfs [-nv] [-d <dir>] -R\n");
fprintf(stderr, "usage: ipfs [-nv] [-d <dir>] -W\n");
fprintf(stderr, "usage: ipfs [-nNSv] [-f <file>] -r\n");
fprintf(stderr, "usage: ipfs [-nNSv] [-f <file>] -w\n");
fprintf(stderr, "usage: ipfs [-nNSv] -f <filename> -i <if1>,<if2>\n");
fprintf(stderr, "\
usage: ipfs [-nv] -l\n\
usage: ipfs [-nv] -u\n\
usage: ipfs [-nv] [-d <dir>] -R\n\
usage: ipfs [-nv] [-d <dir>] -W\n\
usage: ipfs [-nv] -N [-f <file> | -d <dir>] -r\n\
usage: ipfs [-nv] -S [-f <file> | -d <dir>] -r\n\
usage: ipfs [-nv] -N [-f <file> | -d <dir>] -w\n\
usage: ipfs [-nv] -S [-f <file> | -d <dir>] -w\n\
usage: ipfs [-nv] -N [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
usage: ipfs [-nv] -S [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
");
exit(1);
}
@ -218,7 +224,7 @@ char *argv[];
usage();
break;
case 'f' :
if ((set == 0) && !dirname && !filename)
if ((set == 1) && !dirname && !filename && !(rw & 2))
filename = optarg;
else
usage();
@ -243,12 +249,14 @@ char *argv[];
set = 1;
break;
case 'r' :
if ((ns >= 0) || dirname || (rw != -1))
if (dirname || (rw != -1) || (ns == -1))
usage();
rw = 0;
set = 1;
break;
case 'R' :
if (filename || (ns != -1))
usage();
rw = 2;
set = 1;
break;
@ -274,14 +282,31 @@ char *argv[];
set = 1;
break;
case 'W' :
if (filename || (ns != -1))
usage();
rw = 3;
set = 1;
break;
case '?' :
default :
usage();
}
if (filename == NULL) {
if (ns == 0) {
if (dirname == NULL)
dirname = IPF_SAVEDIR;
if (dirname[strlen(dirname) - 1] != '/')
dirname = concat(dirname, "/");
filename = concat(dirname, IPF_NATFILE);
} else if (ns == 1) {
if (dirname == NULL)
dirname = IPF_SAVEDIR;
if (dirname[strlen(dirname) - 1] != '/')
dirname = concat(dirname, "/");
filename = concat(dirname, IPF_STATEFILE);
}
}
if (ifs) {
if (!filename || ns < 0)
usage();
@ -331,6 +356,20 @@ char *argv[];
}
char *concat(base, append)
char *base, *append;
{
char *str;
str = malloc(strlen(base) + strlen(append) + 1);
if (str != NULL) {
strcpy(str, base);
strcat(str, append);
}
return str;
}
int opendevice(ipfdev)
char *ipfdev;
{

View File

@ -17,7 +17,7 @@ etherfind -n -t
0.32 91 04 131.170.1.10 128.250.133.13
0.33 566 udp 128.250.37.155 128.250.133.3 901 901
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -52,7 +52,7 @@ etherfind -n -t
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2.2.3 2002/06/27 14:29:17 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2.2.4 2002/12/06 11:40:25 darrenr Exp $";
#endif
static int etherf_open __P((char *));

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -43,7 +43,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 2.2.2.5 2002/02/22 15:32:54 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 2.2.2.6 2002/12/06 11:40:25 darrenr Exp $";
#endif
extern int opts;

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -31,13 +31,15 @@
#include <netinet/tcpip.h>
#include "ipf.h"
#include "pcap.h"
#include "bpf.h"
#include "ipt.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 2.2.2.3 2002/02/22 15:32:54 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 2.2.2.5 2002/12/06 11:40:25 darrenr Exp $";
#endif
struct llc {
int lc_type;
int lc_sz; /* LLC header length */
int lc_to; /* LLC Type offset */
int lc_tl; /* LLC Type length */
@ -47,23 +49,48 @@ struct llc {
* While many of these maybe the same, some do have different header formats
* which make this useful.
*/
#define DLT_MAX 14
static struct llc llcs[DLT_MAX+1] = {
{ 0, 0, 0 }, /* DLT_NULL */
{ 14, 12, 2 }, /* DLT_E10MB */
{ 0, 0, 0 }, /* DLT_EN3MB */
{ 0, 0, 0 }, /* DLT_AX25 */
{ 0, 0, 0 }, /* DLT_PRONET */
{ 0, 0, 0 }, /* DLT_CHAOS */
{ 0, 0, 0 }, /* DLT_IEEE802 */
{ 0, 0, 0 }, /* DLT_ARCNET */
{ 0, 0, 0 }, /* DLT_SLIP */
{ 0, 0, 0 }, /* DLT_PPP */
{ 0, 0, 0 }, /* DLT_FDDI */
{ 0, 0, 0 }, /* DLT_ATMRFC1483 */
{ 0, 0, 0 }, /* DLT_LOOP */
{ 0, 0, 0 } /* DLT_ENC */
static struct llc llcs[] = {
{ DLT_NULL, 0, 0, 0 },
{ DLT_EN10MB, 14, 12, 2 },
{ DLT_EN3MB, 0, 0, 0 },
{ DLT_AX25, 0, 0, 0 },
{ DLT_PRONET, 0, 0, 0 },
{ DLT_CHAOS, 0, 0, 0 },
{ DLT_IEEE802, 0, 0, 0 },
{ DLT_ARCNET, 0, 0, 0 },
{ DLT_SLIP, 0, 0, 0 },
{ DLT_PPP, 0, 0, 0 },
{ DLT_FDDI, 0, 0, 0 },
#ifdef DLT_ATMRFC1483
{ DLT_ATMRFC1483, 0, 0, 0 },
#endif
{ DLT_RAW, 0, 0, 0 },
#ifdef DLT_ENC
{ DLT_ENC, 0, 0, 0 },
#endif
#ifdef DLT_SLIP_BSDOS
{ DLT_SLIP_BSDOS, 0, 0, 0 },
#endif
#ifdef DLT_PPP_BSDOS
{ DLT_PPP_BSDOS, 0, 0, 0 },
#endif
#ifdef DLT_HIPPI
{ DLT_HIPPI, 0, 0, 0 },
#endif
#ifdef DLT_HDLC
{ DLT_HDLC, 0, 0, 0 },
#endif
#ifdef DLT_PPP_SERIAL
{ DLT_PPP_SERIAL, 4, 4, 0 },
#endif
#ifdef DLT_PPP_ETHER
{ DLT_PPP_ETHER, 8, 8, 0 },
#endif
#ifdef DLT_ECONET
{ DLT_ECONET, 0, 0, 0 },
#endif
{ -1, -1, -1, -1 }
};
static int pcap_open __P((char *));
@ -73,6 +100,7 @@ static void swap_hdr __P((pcaphdr_t *));
static int pcap_read_rec __P((struct pcap_pkthdr *));
static int pfd = -1, s_type = -1, swapped = 0;
static struct llc *llcp = NULL;
struct ipread pcap = { pcap_open, pcap_close, pcap_readip };
@ -96,7 +124,7 @@ static int pcap_open(fname)
char *fname;
{
pcaphdr_t ph;
int fd;
int fd, i;
if (pfd != -1)
return pfd;
@ -118,7 +146,18 @@ char *fname;
swap_hdr(&ph);
}
if (ph.pc_v_maj != PCAP_VERSION_MAJ || ph.pc_type >= DLT_MAX) {
if (ph.pc_v_maj != PCAP_VERSION_MAJ) {
(void) close(fd);
return -2;
}
for (i = 0; llcs[i].lc_type != -1; i++)
if (llcs[i].lc_type == ph.pc_type) {
llcp = llcs + i;
break;
}
if (llcp == NULL) {
(void) close(fd);
return -2;
}
@ -210,7 +249,9 @@ int cnt, *dir;
char *s, ty[4];
int i, n;
do {
l = llcp;
/* do { */
if ((i = pcap_read_rec(&rec)) <= 0)
return i;
@ -223,12 +264,11 @@ int cnt, *dir;
if (read(pfd, s, i) != i)
return -2;
l = &llcs[s_type];
i -= l->lc_sz;
s += l->lc_to;
bcopy(s, ty, l->lc_tl);
s += l->lc_tl;
} while (ty[0] != 0x8 && ty[1] != 0);
/* } while (ty[0] != 0x8 && ty[1] != 0); */
n = MIN(i, cnt);
bcopy(s, buf, n);
return n;

View File

@ -7,7 +7,7 @@
/*
* Written to comply with the recent RFC 1761 from Sun.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -38,7 +38,7 @@
#include "ipt.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 2.2.2.3 2002/02/22 15:32:54 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 2.2.2.4 2002/12/06 11:40:26 darrenr Exp $";
#endif
struct llc {

View File

@ -26,7 +26,7 @@ tcpdump -nqte
8:0:20:f:65:f7 0:0:c:1:8a:c5 81: 128.250.133.13.23 > 128.250.20.20.2419: tcp 27
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -61,7 +61,7 @@ tcpdump -nqte
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2.2.3 2002/06/27 14:29:17 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2.2.4 2002/12/06 11:40:26 darrenr Exp $";
#endif
static int tcpd_open __P((char *));

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -44,7 +44,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.3.2.7 2002/06/27 14:29:17 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.3.2.8 2002/12/06 11:40:26 darrenr Exp $";
#endif
extern int opts;

View File

@ -5,7 +5,7 @@
*
* Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -60,7 +60,7 @@ extern char *sys_errlist[];
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.21 2002/06/06 10:49:19 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.22 2002/12/06 11:40:26 darrenr Exp $";
#endif

View File

@ -1,7 +1,7 @@
/*
* Based upon 4.4BSD's /usr/sbin/arp
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <unistd.h>

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -29,7 +29,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: arp.c,v 2.1.4.3 2002/02/22 15:32:57 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: arp.c,v 2.1.4.4 2002/12/06 11:40:35 darrenr Exp $";
#endif

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <errno.h>
@ -32,7 +32,7 @@
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995";
static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.4 2002/02/22 15:32:57 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.5 2002/12/06 11:40:35 darrenr Exp $";
#endif
static char *ipbuf = NULL, *ethbuf = NULL;

View File

@ -8,7 +8,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -34,7 +34,7 @@
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1.4.3 2002/02/22 15:32:57 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1.4.4 2002/12/06 11:40:35 darrenr Exp $";
#endif

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <sys/param.h>
@ -25,7 +25,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.3 2002/02/22 15:32:58 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.4 2002/12/06 11:40:35 darrenr Exp $";
#endif

View File

@ -8,7 +8,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -37,7 +37,7 @@
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2.2.3 2002/02/22 15:32:58 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2.2.4 2002/12/06 11:40:35 darrenr Exp $";
#endif

View File

@ -5,9 +5,9 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: lsock.c,v 2.1.4.2 2002/02/22 15:32:58 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: lsock.c,v 2.1.4.3 2002/12/06 11:40:36 darrenr Exp $";
#endif
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>

View File

@ -8,7 +8,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -38,7 +38,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.4 2002/02/22 15:32:58 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.5 2002/12/06 11:40:36 darrenr Exp $";
#endif

View File

@ -4,7 +4,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>

View File

@ -12,7 +12,7 @@
# endif
# endif
#endif
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# define _KMEMUSER
# include <sys/ptimers.h>
#endif
@ -64,7 +64,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.22 2002/06/04 14:52:58 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.24 2002/12/06 11:40:26 darrenr Exp $";
#endif
extern char *optarg;
@ -92,6 +92,7 @@ char *argv[];
{
char *datain, *iface, *ifname, *packet, *logout;
int fd, i, dir, c, loaded, dump, hlen;
struct in_addr src;
struct ifnet *ifp;
struct ipread *r;
u_long buf[2048];
@ -103,6 +104,7 @@ char *argv[];
r = &iptext;
iface = NULL;
logout = NULL;
src.s_addr = 0;
ifname = "anon0";
datain = NULL;
@ -112,7 +114,7 @@ char *argv[];
ipflog_init();
fr_running = 1;
while ((c = getopt(argc, argv, "6bdDEHi:I:l:NoPr:RSTvxX")) != -1)
while ((c = getopt(argc, argv, "6bdDEHi:I:l:NoPr:Rs:STvxX")) != -1)
switch (c)
{
case '6' :
@ -149,6 +151,9 @@ char *argv[];
return -1;
loaded = 1;
break;
case 's' :
src.s_addr = inet_addr(optarg);
break;
case 'v' :
opts |= OPT_VERBOSE;
break;
@ -208,11 +213,21 @@ char *argv[];
ip->ip_off = ntohs(ip->ip_off);
ip->ip_len = ntohs(ip->ip_len);
hlen = ip->ip_hl << 2;
if (src.s_addr != 0) {
if (src.s_addr == ip->ip_src.s_addr)
dir = 1;
else if (src.s_addr == ip->ip_dst.s_addr)
dir = 0;
}
}
#ifdef USE_INET6
else
hlen = sizeof(ip6_t);
#endif
if (opts & OPT_VERBOSE) {
printf("%s on [%s]: ", dir ? "out" : "in",
(iface && *iface) ? iface : "??");
}
packet = (char *)buf;
/* ipfr_slowtimer(); */
i = fr_check(ip, hlen, ifp, dir, (mb_t **)&packet);

View File

@ -8,7 +8,7 @@
* returns 0 on success, -1 on error.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -46,7 +46,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.15 2002/07/27 15:59:37 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.16 2002/12/06 11:40:27 darrenr Exp $";
#endif
#ifdef __sgi

View File

@ -80,12 +80,12 @@ Lock state tables in the kernel.
.B \-r
Read information in from the specified file and load it into the
kernel. This requires the state tables to have already been locked
and does not change the lock once comlete.
and does not change the lock once complete.
.TP
.B \-w
Write information out to the specified file and from the kernel.
This requires the state tables to have already been locked
and does not change the lock once comlete.
and does not change the lock once complete.
.TP
.B \-R
Restores all saved state information, if any, from two files,

View File

@ -7,10 +7,10 @@ The format for files accepted by ipnat is described by the following grammar:
.nf
ipmap :: = mapblock | redir | map .
map ::= mapit ifname ipmask "->" dstipmask [ mapport ] .
map ::= mapit ifname fromto "->" dstipmask [ mapport ] .
mapblock ::= "map-block" ifname ipmask "->" ipmask [ ports ] .
redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport options .
map ::= mapit ifname ipmask "->" dstipmask [ mapport ] mapoptions.
map ::= mapit ifname fromto "->" dstipmask [ mapport ] mapoptions.
mapblock ::= "map-block" ifname ipmask "->" ipmask [ ports ] mapoptions.
redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport rdroptions .
dport ::= "port" portnum [ "-" portnum ] .
ports ::= "ports" numports | "auto" .
@ -20,7 +20,8 @@ fromto ::= "from" object "to" object .
ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask .
dstipmask ::= ipmask | "range" ip "-" ip .
mapport ::= "portmap" tcpudp portspec .
options ::= [ tcpudp ] [ rr ] .
mapoptions ::= [ tcpudp ] [ "frag" ] [ age ] [ clamp ] .
rdroptions ::= [ tcpudp ] [ rr ] [ "frag" ] [ age ] [ clamp ] .
object :: = addr [ port-comp | port-range ] .
addr :: = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
@ -28,8 +29,12 @@ port-comp :: = "port" compare port-num .
port-range :: = "port" port-num range port-num .
rr ::= "round-robin" .
nummask = host-name [ "/" decnumber ] .
tcpudp ::= "tcp" | "udp" | "tcp/udp" .
age ::= "age" decnumber [ "/" decnumber ] .
clamp ::= "mssclamp" decnumber .
tcpudp ::= "tcp/udp" | protocol .
protocol ::= protocol-name | decnumber .
nummask ::= host-name [ "/" decnumber ] .
portspec ::= "auto" | portnumber ":" portnumber .
portnumber ::= number { numbers } .
ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers .
@ -107,6 +112,26 @@ rule. Such a rule might look like the following:
.PP
Only IP address and port numbers can be compared against. This is available
with all NAT rules.
.SH COMMAND QUALIFIERS
At the end of each rule, a number of qualifiers can be used to change how
the rule works. They are as follows:
.TP
protocol
A specific protocol may be given either by its name (as found in
/etc/protocols) or its number. A special case for supporting both
TCP and UDP is allowed with the name \fBtcp/udp\fP.
.TP
.B round-robin
Once a rule with this term has been successfully used, it is put at the
bottom of the list of those available so that each one will get used, in
turn, in a list of matching left hand sides.
.TP
.B frag
This qualifier is currently has no impact on NAT operation.
.TP
.B age
If more refined timeouts are required than those available globally for
NAT settings, this allows you to set them for \fBnon-TCP\fP use.
.SH TRANSLATION
.PP
To the right of the "->" is the address and port specificaton which will be

View File

@ -29,7 +29,7 @@ active NAT mappings)
Show the list of current NAT table entry mappings.
.TP
.B \-n
This flag (no-change) prevents \fBipf\fP from actually making any ioctl
This flag (no-change) prevents \fBipnat\fP from actually making any ioctl
calls or doing anything which would alter the currently running kernel.
.TP
.B \-s

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#if (SOLARIS2 >= 7)
@ -53,7 +53,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)misc.c 1.3 2/4/96 (C) 1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: misc.c,v 2.2.2.8 2002/04/26 10:24:24 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: misc.c,v 2.2.2.9 2002/12/06 11:40:27 darrenr Exp $";
#endif
extern int opts;

View File

@ -274,10 +274,10 @@ ipfilterattach(void)
static void
nifattach()
{
nif_t *nif, *qf2;
struct ifnet *ifp;
struct frentry *f;
ipnat_t *np;
nif_t *nif;
MUTEX_ENTER(&ipfi_mutex); /* sets interrupt priority level to splhi */
@ -430,8 +430,8 @@ ipfsync(void)
static void
nifdetach()
{
nif_t *nif, *qf2, **qp;
struct ifnet *ifp;
nif_t *nif, **qp;
MUTEX_ENTER(&ipfi_mutex); /* sets interrupt priority level to splhi */
/*

View File

@ -61,7 +61,7 @@
extern int lkmenodev __P((void));
#if NetBSD >= 199706
#if (NetBSD >= 199706) || (defined(OpenBSD) && (OpenBSD >= 200211))
int if_ipl_lkmentry __P((struct lkm_table *, int, int));
#else
#if defined(OpenBSD)
@ -80,6 +80,9 @@ static char *ipf_devfiles[] = { IPL_NAME, IPL_NAT, IPL_STATE, IPL_AUTH,
#if (defined(NetBSD1_0) && (NetBSD1_0 > 1)) || \
(defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199511))
# if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
extern const struct cdevsw ipl_cdevsw;
# else
struct cdevsw ipldevsw =
{
iplopen, /* open */
@ -93,6 +96,7 @@ struct cdevsw ipldevsw =
0, /* mmap */
NULL /* strategy */
};
# endif
#else
struct cdevsw ipldevsw =
{
@ -113,14 +117,18 @@ struct cdevsw ipldevsw =
#endif
int ipl_major = 0;
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
MOD_DEV(IPL_VERSION, "ipl", NULL, -1, &ipl_cdevsw, -1);
#else
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
#endif
extern int vd_unuseddev __P((void));
extern struct cdevsw cdevsw[];
extern int nchrdev;
#if NetBSD >= 199706
#if (NetBSD >= 199706) || (defined(OpenBSD) && (OpenBSD >= 200211))
int if_ipl_lkmentry(lkmtp, cmd, ver)
#else
#if defined(OpenBSD)
@ -143,9 +151,11 @@ static int iplaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int i;
struct lkm_dev *args = lkmtp->private.lkm_dev;
int err = 0;
#if !defined(__NetBSD__) || (__NetBSD_Version__ < 106080000)
int i;
#endif
switch (cmd)
{
@ -153,6 +163,7 @@ int cmd;
if (lkmexists(lkmtp))
return EEXIST;
#if !defined(__NetBSD__) || (__NetBSD_Version__ < 106080000)
for (i = 0; i < nchrdev; i++)
if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
cdevsw[i].d_open == iplopen)
@ -164,9 +175,22 @@ int cmd;
ipl_major = i;
args->lkm_offset = i; /* slot in cdevsw[] */
#else
err = devsw_attach(args->lkm_devname,
args->lkm_bdev, &args->lkm_bdevmaj,
args->lkm_cdev, &args->lkm_cdevmaj);
if (err != 0)
return (err);
ipl_major = args->lkm_cdevmaj;
#endif
printf("IP Filter: loaded into slot %d\n", ipl_major);
return ipl_load();
case LKM_E_UNLOAD :
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
devsw_detach(args->lkm_bdev, args->lkm_cdev);
args->lkm_bdevmaj = -1;
args->lkm_cdevmaj = -1;
#endif
err = ipl_unload();
if (!err)
printf("IP Filter: unloaded from slot %d\n",
@ -213,7 +237,11 @@ static int ipl_unload()
* Unloading - remove the filter rule check from the IP
* input/output stream.
*/
#if defined(__NetBSD__)
error = ipl_disable();
#else
error = ipldetach();
#endif
if (!error)
error = ipl_remove();

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -12,9 +12,9 @@
#include <errno.h>
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
#include <strings.h>
# include <strings.h>
#else
#include <sys/byteorder.h>
# include <sys/byteorder.h>
#endif
#include <sys/time.h>
#include <sys/param.h>
@ -56,7 +56,7 @@ extern char *sys_errlist[];
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.24 2002/04/24 17:30:51 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.27 2002/12/06 11:40:27 darrenr Exp $";
#endif
@ -385,6 +385,13 @@ int linenum;
}
if (hostnum((u_32_t *)&ipn.in_inip, *cpp, linenum) == -1)
return NULL;
#if SOLARIS
if (ntohl(ipn.in_inip) == INADDR_LOOPBACK) {
fprintf(stderr,
"localhost as destination not supported\n");
return NULL;
}
#endif
} else {
if (!strcmp(*cpp, ipn.in_ifname))
*cpp = "0";
@ -525,6 +532,19 @@ int linenum;
cpp++;
}
if (*cpp && !strcasecmp(*cpp, "mssclamp")) {
cpp++;
if (*cpp) {
ipn.in_mssclamp = atoi(*cpp);
cpp++;
} else {
fprintf(stderr,
"%d: mssclamp with no parameters\n",
linenum);
return NULL;
}
}
if (*cpp) {
fprintf(stderr,
"%d: extra junk at the end of the line: %s\n",
@ -569,14 +589,7 @@ int linenum;
if (!*cpp)
return &ipn;
if (ipn.in_redir == NAT_BIMAP) {
fprintf(stderr,
"%d: extra words at the end of bimap line: %s\n",
linenum, *cpp);
return NULL;
}
if (!strcasecmp(*cpp, "proxy")) {
if (ipn.in_redir != NAT_BIMAP && !strcasecmp(*cpp, "proxy")) {
if (ipn.in_redir == NAT_BIMAP) {
fprintf(stderr, "%d: cannot use proxy with bimap\n",
linenum);
@ -631,7 +644,7 @@ int linenum;
(void) strncpy(ipn.in_plabel, *cpp, sizeof(ipn.in_plabel));
cpp++;
} else if (!strcasecmp(*cpp, "portmap")) {
} else if (ipn.in_redir != NAT_BIMAP && !strcasecmp(*cpp, "portmap")) {
if (ipn.in_redir == NAT_BIMAP) {
fprintf(stderr, "%d: cannot use portmap with bimap\n",
linenum);
@ -711,6 +724,18 @@ int linenum;
cpp++;
}
if (*cpp && !strcasecmp(*cpp, "mssclamp")) {
cpp++;
if (*cpp) {
ipn.in_mssclamp = atoi(*cpp);
cpp++;
} else {
fprintf(stderr, "%d: mssclamp with no parameters\n",
linenum);
return NULL;
}
}
if (*cpp) {
fprintf(stderr, "%d: extra junk at the end of the line: %s\n",
linenum, *cpp);

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -28,7 +28,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)opt.c 1.8 4/10/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: opt.c,v 2.2.2.2 2002/02/22 15:32:56 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: opt.c,v 2.2.2.3 2002/12/06 11:40:27 darrenr Exp $";
#endif
extern int opts;

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <sys/types.h>
@ -158,7 +158,11 @@ int linenum;
} else if (!strcasecmp("nomatch", *cpp)) {
fil.fr_flags |= FR_NOMATCH;
} else if (!strcasecmp("auth", *cpp)) {
fil.fr_flags |= FR_AUTH;
fil.fr_flags |= FR_AUTH;
if (!strncasecmp(*(cpp+1), "return-rst", 10)) {
fil.fr_flags |= FR_RETRST;
cpp++;
}
} else if (!strcasecmp("preauth", *cpp)) {
fil.fr_flags |= FR_PREAUTH;
} else if (!strcasecmp("skip", *cpp)) {
@ -1027,7 +1031,7 @@ int linenum;
}
} else if (fp->fr_proto == IPPROTO_ICMPV6) {
fprintf(stderr, "%d: Unknown ICMPv6 type (%s) specified, %s",
linenum, **cp, "(use numeric value instead\n");
linenum, **cp, "(use numeric value instead)\n");
return -1;
} else {
for (t = icmptypes, i = 0; ; t++, i++) {
@ -1214,9 +1218,11 @@ struct frentry *fp;
printlog(fp);
} else if (fp->fr_flags & FR_ACCOUNT)
printf("count");
else if (fp->fr_flags & FR_AUTH)
else if (fp->fr_flags & FR_AUTH) {
printf("auth");
else if (fp->fr_flags & FR_PREAUTH)
if ((fp->fr_flags & FR_RETMASK) == FR_RETRST)
printf(" return-rst");
} else if (fp->fr_flags & FR_PREAUTH)
printf("preauth");
else if (fp->fr_skip)
printf("skip %hu", fp->fr_skip);

View File

@ -5,7 +5,7 @@
*
* Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@ -58,7 +58,7 @@ extern char *sys_errlist[];
#endif
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.10 2002/08/28 12:45:51 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.13 2002/12/06 11:40:27 darrenr Exp $";
#endif
@ -145,14 +145,18 @@ int opts;
ftp.ftp_side[0].ftps_buf[FTP_BUFSZ - 1] = '\0';
ftp.ftp_side[1].ftps_buf[FTP_BUFSZ - 1] = '\0';
printf("\tClient:\n");
printf("\t\tseq %x len %d junk %d cmds %d\n",
ftp.ftp_side[0].ftps_seq, ftp.ftp_side[0].ftps_len,
printf("\t\tseq %08x%08x len %d junk %d cmds %d\n",
ftp.ftp_side[0].ftps_seq[1],
ftp.ftp_side[0].ftps_seq[0],
ftp.ftp_side[0].ftps_len,
ftp.ftp_side[0].ftps_junk, ftp.ftp_side[0].ftps_cmds);
printf("\t\tbuf [");
printbuf(ftp.ftp_side[0].ftps_buf, FTP_BUFSZ, 1);
printf("]\n\tServer:\n");
printf("\t\tseq %x len %d junk %d cmds %d\n",
ftp.ftp_side[1].ftps_seq, ftp.ftp_side[1].ftps_len,
printf("\t\tseq %08x%08x len %d junk %d cmds %d\n",
ftp.ftp_side[1].ftps_seq[1],
ftp.ftp_side[1].ftps_seq[0],
ftp.ftp_side[1].ftps_len,
ftp.ftp_side[1].ftps_junk, ftp.ftp_side[1].ftps_cmds);
printf("\t\tbuf [");
printbuf(ftp.ftp_side[1].ftps_buf, FTP_BUFSZ, 1);
@ -387,6 +391,8 @@ int opts;
printf(" frag");
if (np->in_age[0])
printf(" age %d/%d", np->in_age[0], np->in_age[1]);
if (np->in_mssclamp)
printf(" mssclamp %u", np->in_mssclamp);
printf("\n");
if (opts & OPT_DEBUG)
printf("\tspc %lu flg %#x max %u use %d\n",

View File

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <sys/types.h>

View File

@ -16,6 +16,10 @@
#include <netinet/in.h>
#include <net/if.h>
#include <sys/socket.h>
#if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 105000000)
# include <poll.h>
# define USE_POLL
#endif
#include "ip_nat.h"
#define RELAY_BUFSZ 8192
@ -26,7 +30,11 @@ char obuff[RELAY_BUFSZ];
int relay(ifd, ofd, rfd)
int ifd, ofd, rfd;
{
#ifdef USE_POLL
struct pollfd set[3];
#else
fd_set rfds, wfds;
#endif
char *irh, *irt, *rrh, *rrt;
char *iwh, *iwt, *rwh, *rwt;
int nfd, n, rw;
@ -39,7 +47,21 @@ int ifd, ofd, rfd;
if (nfd < rfd)
nfd = rfd;
#ifdef USE_POLL
set[0].fd = rfd;
set[1].fd = ifd;
set[2].fd = ofd;
#endif
while (1) {
#ifdef USE_POLL
set[0].events = (iwh < (obuff + RELAY_BUFSZ) ? POLLIN : 0) |
(irh > irt ? POLLOUT : 0);
set[1].events = (irh < (ibuff + RELAY_BUFSZ) ? POLLIN : 0);
set[2].events = (iwh > iwt ? POLLOUT : 0);
switch ((n = poll(set, 3, INFTIM)))
#else
FD_ZERO(&rfds);
FD_ZERO(&wfds);
if (irh > irt)
@ -52,12 +74,18 @@ int ifd, ofd, rfd;
FD_SET(rfd, &rfds);
switch ((n = select(nfd + 1, &rfds, &wfds, NULL, NULL)))
#endif
{
case -1 :
case 0 :
return -1;
default :
if (FD_ISSET(ifd, &rfds)) {
#ifdef USE_POLL
if (set[1].revents & POLLIN)
#else
if (FD_ISSET(ifd, &rfds))
#endif
{
rw = read(ifd, irh, ibuff + RELAY_BUFSZ - irh);
if (rw == -1)
return -1;
@ -66,14 +94,24 @@ int ifd, ofd, rfd;
irh += rw;
n--;
}
if (n && FD_ISSET(ofd, &wfds)) {
#ifdef USE_POLL
if (set[2].revents & POLLOUT)
#else
if (n && FD_ISSET(ofd, &wfds))
#endif
{
rw = write(ofd, iwt, iwh - iwt);
if (rw == -1)
return -1;
iwt += rw;
n--;
}
if (n && FD_ISSET(rfd, &rfds)) {
#ifdef USE_POLL
if (set[0].revents & POLLIN)
#else
if (n && FD_ISSET(rfd, &rfds))
#endif
{
rw = read(rfd, iwh, obuff + RELAY_BUFSZ - iwh);
if (rw == -1)
return -1;
@ -82,7 +120,12 @@ int ifd, ofd, rfd;
iwh += rw;
n--;
}
if (n && FD_ISSET(rfd, &wfds)) {
#ifdef USE_POLL
if (set[0].revents & POLLOUT)
#else
if (n && FD_ISSET(rfd, &wfds))
#endif
{
rw = write(rfd, irt, irh - irt);
if (rw == -1)
return -1;

View File

@ -28,7 +28,7 @@ intests: in1 in2 in3 in4
logtests: l1
ipv6: ipv6.1 ipv6.2
ipv6: ipv6.1 ipv6.2 ipv6.3
0:
@(cd ..; make ipftest; )
@ -60,7 +60,7 @@ in1 in2 in3 in4:
l1:
@/bin/sh ./logtest $@
ipv6.1 ipv6.2:
ipv6.1 ipv6.2 ipv6.3:
@/bin/sh ./dotest6 $@
clean:
@ -70,5 +70,5 @@ clean:
/bin/rm -f ni1 ni2 ni3 ni4 ni5
/bin/rm -f in1 in2 in3 in4
/bin/rm -f l1
/bin/rm -f ipv6.1 ipv6.2
/bin/rm -f ipv6.1 ipv6.2 ipv6.3
/bin/rm -f results/*

View File

@ -0,0 +1,6 @@
pass
nomatch
nomatch
nomatch
pass
--------

View File

@ -3,6 +3,7 @@
4500 0028 10ca 4000 ff06 328c 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 76c5 5010 269c 5aa0 0000
4500 006f ffde 4000 ef06 5330 96cb e002 c0a8 0103 0015 8032 3786 76c5 bd6b c9c9 5018 269c 967e 0000 3232 302d 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 7520 4e63 4654 5064 2053 6572 7665 7220 2866 7265 6520 6564 7563 6174 696f 6e61 6c20 6c69 6365 6e73 6529 2072 6561 6479 2e0d 0a
4500 0028 10cb 4000 ff06 328b 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 770c 5010 269c 5a59 0000
ippr_ftp_server_valid:junk after cmd[220-Maintained by RSSS and RSPAS IT Staff (previously known as Coombs Comp]
4500 00c7 ffdf 4000 ef06 52d7 96cb e002 c0a8 0103 0015 8032 3786 770c bd6b c9c9 5018 269c 1087 0000 3232 302d 0d0a 3232 302d 4d61 696e 7461 696e 6564 2062 7920 5253 5353 2061 6e64 2052 5350 4153 2049 5420 5374 6166 6620 2870 7265 7669 6f75 736c 7920 6b6e 6f77 6e20 6173 2043 6f6f 6d62 7320 436f 6d70 7574 696e 6720 556e 6974 290d 0a32 3230 2d41 6e79 2070 726f 626c 656d 7320 636f 6e74 6163 7420 6674 706d 6173 7465 7240 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 750d 0a32 3230 2d0d 0a32 3230 200d 0a
4500 0028 10cc 4000 ff06 328a 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5010 269c 59ba 0000
4500 0038 10cd 4000 ff06 3279 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5018 269c d1c5 0000 5553 4552 2061 6e6f 6e79 6d6f 7573 0d0a

View File

@ -0,0 +1,30 @@
[out,gif0]
6000 0000 0010 3a40 3ffe 8280 0000 2001
0000 0000 0000 4395 3ffe 8280 0000 2001
0000 0000 0000 4394 8000 3f77 085c 0038
0c06 b73d 1b3d 0d00
[in,gif0]
6000 0000 0010 3a40 3ffe 8280 0000 2001
0000 0000 0000 4393 3ffe 8280 0000 2001
0000 0000 0000 4395 8100 3e77 085c 0038
0c06 b73d 1b3d 0d00
[in,gif0]
6000 0000 0010 3a40 3ffe 8280 0000 2001
0000 0000 0000 4394 3ffe 8280 0000 2001
0000 0000 0000 4395 8300 3e77 085c 0038
0c06 b73d 1b3d 0d00
[in,gif0]
6000 0000 0010 3a40 3ffe 8280 0000 2001
0000 0000 0000 4394 3ffe 8280 0000 2001
0000 0000 0000 4395 8000 3e77 085c 0038
0c06 b73d 1b3d 0d00
[in,gif0]
6000 0000 0010 3a40 3ffe 8280 0000 2001
0000 0000 0000 4394 3ffe 8280 0000 2001
0000 0000 0000 4395 8100 3e77 085c 0038
0c06 b73d 1b3d 0d00

View File

@ -1,7 +1,7 @@
[out,ppp0]
4500 002c 10c9 4000 ff06 3289 c0a8 0103
96cb e002 8032 0015 bd6b c9c8 0000 0000
6002 2238 35f9 0000 0204 05b4 3cb9
6002 2238 35f9 0000 0204 05b4
[in,ppp0]
4500 002c ffdd 4000 ef06 5374 96cb e002
@ -11,7 +11,7 @@
[out,ppp0]
4500 0028 10ca 4000 ff06 328c c0a8 0103
96cb e002 8032 0015 bd6b c9c9 3786 76c5
5010 269c 9af6 0000 c0a8 0103 0015
5010 269c 9af6 0000
[in,ppp0]
4500 006f ffde 4000 ef06 5330 96cb e002
@ -25,7 +25,7 @@
[out,ppp0]
4500 0028 10cb 4000 ff06 328b c0a8 0103
96cb e002 8032 0015 bd6b c9c9 3786 770c
5010 269c 9aaf 0000 0111 aa28 c0a8
5010 269c 9aaf 0000
[in,ppp0]
4500 00c7 ffdf 4000 ef06 52d7 96cb e002
@ -45,7 +45,7 @@
[out,ppp0]
4500 0028 10cc 4000 ff06 328a c0a8 0103
96cb e002 8032 0015 bd6b c9c9 3786 77ab
5010 269c 9a10 0000 c0a8 0103 206c
5010 269c 9a10 0000
[out,ppp0]
4500 0038 10cd 4000 ff06 3279 c0a8 0103
@ -70,7 +70,7 @@
[out,ppp0]
4500 0028 10ce 4000 ff06 3288 c0a8 0103
96cb e002 8032 0015 bd6b c9d9 3786 77ef
5010 269c 99bc 0000 c0a8 0103 0015
5010 269c 99bc 0000
[out,ppp0]
4500 0036 10cf 4000 ff06 3279 c0a8 0103
@ -89,7 +89,7 @@
[out,ppp0]
4500 0028 10d0 4000 ff06 3286 c0a8 0103
96cb e002 8032 0015 bd6b c9e7 3786 7826
5010 269c 9977 0000 0000 0800 207a
5010 269c 9977 0000
[in,ppp0]
4500 0099 ffe3 4000 ef06 5301 96cb e002
@ -106,7 +106,7 @@
[out,ppp0]
4500 0028 10d1 4000 ff06 3285 c0a8 0103
96cb e002 8032 0015 bd6b c9e7 3786 7897
5010 269c 9906 0000 c0a8 0103 0015
5010 269c 9906 0000
[out,ppp0]
4500 0030 10d2 4000 ff06 327c c0a8 0103
@ -122,7 +122,7 @@
[out,ppp0]
4500 0028 10d3 4000 ff06 3283 c0a8 0103
96cb e002 8032 0015 bd6b c9ef 3786 78a7
5010 269c 98ee 0000 c0a8 0103 0015
5010 269c 98ee 0000
[out,ppp0]
4500 0041 10d4 4000 ff06 3269 c0a8 0103
@ -162,7 +162,7 @@
[out,ppp0]
4500 002c 10d7 4000 ff06 327b c0a8 0103
96cb e002 8033 0014 bd78 5c12 d9f8 11d5
6012 02f8 d734 0000 0204 0584 3cc7
6012 02f8 d734 0000 0204 0584
[in,ppp0]
4500 0028 ffe8 4000 ef06 536d 96cb e002
@ -180,7 +180,7 @@
[out,ppp0]
4500 0028 10d8 4000 ff06 327e c0a8 0103
96cb e002 8033 0014 bd78 5c13 d9f8 11d5
5010 6348 8e71 0000 c0a8 0103 0015
5010 6348 8e71 0000
[in,ppp0]
4500 0063 ffea 4000 ef06 5330 96cb e002
@ -194,7 +194,7 @@
[out,ppp0]
4500 0028 10d9 4000 ff06 327d c0a8 0103
96cb e002 8033 0014 bd78 5c13 d9f8 1210
5010 6348 8e36 0000 c0a8 0103 0014
5010 6348 8e36 0000
[in,ppp0]
4500 0028 ffeb 4000 ef06 536a 96cb e002
@ -204,12 +204,12 @@
[out,ppp0]
4500 0028 10da 4000 ff06 327c c0a8 0103
96cb e002 8033 0014 bd78 5c13 d9f8 1211
5010 6348 8e35 0000 c0a8 0103 0014
5010 6348 8e35 0000
[out,ppp0]
4500 0028 10db 4000 ff06 327b c0a8 0103
96cb e002 8033 0014 bd78 5c13 d9f8 1211
5011 6348 8e34 0000 c0a8 0103 0014
5011 6348 8e34 0000
[in,ppp0]
4500 0028 ffec 4000 ef06 5369 96cb e002
@ -219,7 +219,7 @@
[out,ppp0]
4500 0028 10dc 4000 ff06 327a c0a8 0103
96cb e002 8032 0015 bd6b ca16 3786 790a
5010 269c 9864 0000 c0a8 0103 0014
5010 269c 9864 0000
[in,ppp0]
4500 0040 ffed 4000 ef06 5350 96cb e002
@ -241,7 +241,7 @@
[out,ppp0]
4500 0028 10de 4000 ff06 3278 c0a8 0103
96cb e002 8032 0015 bd6b ca1e 3786 7932
5010 269c 9834 0000 6720 636f 6d70
5010 269c 9834 0000
[out,ppp0]
4500 002e 10df 4000 ff06 3271 c0a8 0103
@ -257,7 +257,7 @@
[out,ppp0]
4500 0028 10e0 4000 ff06 3276 c0a8 0103
96cb e002 8032 0015 bd6b ca24 3786 7940
5011 269c 981f 0000 c0a8 0103 0015
5011 269c 981f 0000
[in,ppp0]
4500 0028 fff0 4000 ef06 5365 96cb e002
@ -267,7 +267,7 @@
[out,ppp0]
4500 0028 10e1 4000 ff06 3275 c0a8 0103
96cb e002 8032 0015 bd6b ca25 3786 7941
5010 269c 981e 0000 0663 6f6f 6d62
5010 269c 981e 0000
[in,ppp0]
4500 0028 fff1 4000 ef06 5364 96cb e002

View File

@ -0,0 +1 @@
pass out log quick on gif0 proto ipv6-icmp from any to any icmp-type 128 keep state