d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ipfilter: Remove remaining unused bits

Browse Source 
Remove the remaining unused source files. These were never used.

This is the last of a three commit series to move ipfilter.

Discussed with:		glebius
Reviewed by:		glebius, kp (for #network)
MFC after:		1 month
Differential Revision:	https://reviews.freebsd.org/D33510
This commit is contained in:
Cy Schubert 2021-12-15 20:52:48 -08:00
parent 41edb306f0
commit 5ee61c7daa
25 changed files with 0 additions and 11070 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
contrib/ipfilter/BugReport
View File

@ -1,12 +0,0 @@
Please submit this information at SourceForge using this URL:
http://sourceforge.net/tracker/?func=add&group_id=169098&atid=849053
Please also send an email to darrenr@reed.wattle.id.au.
Some information that I generally find important:
--------------------------
* IP Filter Version
* Operating System and its Version
* Configuration: (LKM or compiled-into-kernel)
* Description of problem
* How to repeat

1830
contrib/ipfilter/HISTORY
View File

File diff suppressed because it is too large Load Diff

16
contrib/ipfilter/LICENCE
View File

@ -1,16 +0,0 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
*
* The author accepts no responsibility for the use of this software and
* provides it on an ``as is'' basis without express or implied warranty.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
* I hate legaleese, don't you ?
*/

410
contrib/ipfilter/Makefile
View File

@ -1,410 +0,0 @@
#
# Copyright (C) 2012 by Darren Reed.
#
# Redistribution and use in source and binary forms are permitted
# provided that this notice is preserved and due credit is given
# to the original author and the contributors.
#
# $FreeBSD$
# Id: Makefile,v 2.76.2.24 2007/09/26 10:04:03 darrenr Exp $
#
SHELL=/bin/sh
BINDEST=/usr/local/bin
SBINDEST=/sbin
MANDIR=/usr/local/man
#To test prototyping
CC=gcc -Wstrict-prototypes -Wmissing-prototypes -Wunused -Wuninitialized
#CC=gcc
#CC=cc -Dconst=
DEBUG=-g
# -O
CFLAGS=-I$$(TOP) -D_BSD_SOURCE
CPU=`uname -m`
CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`
OBJ=.
#
# To enable this to work as a Loadable Kernel Module...
#
IPFLKM=-DIPFILTER_LKM
#
# To enable logging of blocked/passed packets...
#
IPFLOG=-DIPFILTER_LOG
#
# To enable loading filter rules compiled to C code...
#
#COMPIPF=-DIPFILTER_COMPILED
#
# To enable IPFilter compatibility with older CLI utilities
#
#COMPATIPF=-DIPFILTER_COMPAT
#
# To enable synchronisation between IPFilter hosts
#
#SYNC=-DIPFILTER_SYNC
#
# The facility you wish to log messages from ipmon to syslogd with.
#
LOGFAC=-DLOGFAC=LOG_SECURITY
#
# To enable rules to be written with BPF syntax, uncomment these two lines.
#
# WARNING: If you're building a commercial product based on IPFilter, using
# this options *may* infringe at least one patent held by CheckPoint
# (5,606,668.)
#
#IPFBPF=-DIPFILTER_BPF -I/usr/local/include
#LIBBPF=-L/usr/local/lib -lpcap
#
# HP-UX and Solaris require this uncommented for BPF.
#
#BPFILTER=bpf_filter.o
#
# LINUXKERNEL is the path to the top of your Linux kernel source tree.
# By default IPFilter looks for /usr/src/linux, but you may have to change
# it to /usr/src/linux-2.4 or similar.
#
LINUXKERNEL=/usr/src/kernels/2.6.29.5-191.fc11.i586
LINUX=`uname -r | awk -F. ' { printf"%d",$$1;for(i=1;i<NF&&i<3;i++){printf("%02d",$$(i+1));}}'`
#
#
#
#BUILDROOT=/usr/src/redhat/BUILD/ipfilter
BUILDROOT=${HOME}/rpmbuild/BUILDROOT/ipfilter-4.1.32-1.i386
#
# All of the compile-time options are here, used for compiling the userland
# tools for regression testing. Well, all except for IPFILTER_LKM, of course.
#
ALLOPTS=-DIPFILTER_LOG -DIPFILTER_LOOKUP \
-DIPFILTER_SYNC -DIPFILTER_CKSUM
#
# Uncomment the next 3 lines if you want to view the state table a la top(1)
# (requires that you have installed ncurses).
#STATETOP_CFLAGS=-DSTATETOP
#
# Where to find the ncurses include files (if not in default path),
#
#STATETOP_INC=
#STATETOP_INC=-I/usr/local/include
#
# How to link the ncurses library
#
#STATETOP_LIB=-lncurses
#STATETOP_LIB=-L/usr/local/lib -lncurses
#
# Uncomment this when building IPv6 capability.
#
INET6=-DUSE_INET6
#
# For packets which don't match any pass rules or any block rules, set either
# FR_PASS or FR_BLOCK (respectively). It defaults to FR_PASS if left
# undefined. This is ignored for ipftest, which can thus return three
# results: pass, block and nomatch. This is the sort of "block unless
# explicitly allowed" type #define switch.
#
POLICY=-DIPF_DEFAULT_PASS=FR_PASS
#
MFLAGS1='CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2) $(SGIREV) $(INET6)' \
"IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
"LIBBPF=$(LIBBPF)" "CPUDIR=$(CPUDIR)" "IPFBPF=$(IPFBPF)" \
'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' "BPFILTER=$(BPFILTER)" \
'STATETOP_INC=$(STATETOP_INC)' 'STATETOP_LIB=$(STATETOP_LIB)' \
"BITS=$(BITS)" "OBJ=$(OBJ)" "LOOKUP=$(LOOKUP)" "COMPIPF=$(COMPIPF)" \
"COMPATIPF=$(COMPATIPF)" \
'SYNC=$(SYNC)' 'ALLOPTS=$(ALLOPTS)' 'LIBBPF=$(LIBBPF)'
MFLAGS=$(MFLAGS1) "IPFLKM=$(IPFLKM)"
MACHASSERT=`/bin/ls -1 /usr/sys/*/mach_assert.h | head -1`
#
SHELL=/bin/sh
#
########## ########## ########## ########## ########## ########## ##########
#
CP=/bin/cp
RM=/bin/rm
CHMOD=/bin/chmod
INSTALL=install
#
all:
@echo "Chose one of the following targets for making IP filter:"
@echo ""
@echo "solaris - auto-selects SunOS4.1.x/Solaris 2.3-6/Solaris2.4-6x86"
@echo "netbsd - compile for NetBSD"
@echo "openbsd - compile for OpenBSD"
@echo "freebsd20 - compile for FreeBSD 2.0, 2.1 or earlier"
@echo "freebsd22 - compile for FreeBSD-2.2 or greater"
@echo "freebsd - compile for all other versions of FreeBSD"
@echo "bsd - compile for generic 4.4BSD systems"
@echo "bsdi - compile for BSD/OS"
@echo "irix - compile for SGI IRIX"
@echo "hpux - compile for HP-UX 11.00"
@echo "osf - compile for OSF/Tru64 5.1"
@echo ""
tests:
@if [ -d test ]; then (cd test; make) \
else echo test directory not present, sorry; fi
retest:
@if [ -d test ]; then (cd test; make clean && make) \
else echo test directory not present, sorry; fi
include:
-mkdir -p net netinet
if [ ! -f netinet/done ] ; then \
(cd netinet; ln -s ../*.h .; ln -s ../ip_*_pxy.c .;); \
(cd netinet; ln -s ../ipsend/tcpip.h tcpip.h); \
touch netinet/done; \
fi
-(cd netinet; ln -s ../ip_rules.h ip_rules.h)
sunos solaris: include
MAKE="$(MAKE)" MAKEFLAGS="$(MAKEFLAGS)" BPFILTER=$(BPFILTER) \
CC="$(CC)" DEBUG="$(DEBUG)" ./buildsunos
freebsd:
make freebsd`uname -r|cut -c1`
freebsd22: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
-rm -f BSD/$(CPUDIR)/ioconf.h
-if [ x$(IPFILKERN) != x ] ; then \
if [ -f /sys/compile/$(IPFILKERN)/ioconf.h ] ; then \
ln -s /sys/compile/$(IPFILKERN)/ioconf.h BSD/$$y; \
else \
ln -s /sys/$(IPFILKERN)/ioconf.h BSD/$$y; \
fi \
else \
x=`uname -v|sed -e 's@^.*:\(/[^: ]*\).*$$@\1/ioconf.h@'`; \
y=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`; \
if [ ! -f $$x ] ; then \
echo -n "Can't find ioconf.h at $$x "; \
exit 1;\
else \
ln -s $$x BSD/$$y ; \
fi \
fi
make freebsd20
freebsd5 freebsd6 freebsd7 freebsd8: include
if [ x$(INET6) = x ] ; then \
echo "#undef INET6" > opt_inet6.h; \
else \
echo "#define INET6" > opt_inet6.h; \
fi
if [ "x$(IPFBPF)" = "x" ] ; then \
echo "#undef NBPF" > opt_bpf.h; \
echo "#undef NBPFILTER" > opt_bpf.h; \
echo "#undef DEV_BPF" > opt_bpf.h; \
else \
echo "#define NBPF" > opt_bpf.h; \
echo "#define NBPFILTER" > opt_bpf.h; \
echo "#define DEV_BPF" > opt_bpf.h; \
fi
if [ x$(ENABLE_PFIL) = x ] ; then \
echo "#undef PFIL_HOOKS" > opt_pfil.h; \
else \
echo "#define PFIL_HOOKS" > opt_pfil.h; \
fi
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko.5" "LKMR=ipfrule.ko.5" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..)
# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
freebsd4 : include
if [ x$(INET6) = x ] ; then \
echo "#undef INET6" > opt_inet6.h; \
else \
echo "#define INET6" > opt_inet6.h; \
fi
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko" "LKMR=ipfrule.ko" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
freebsd3 freebsd30: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS1) "ML=mlf_ipl.c" "MLR=mlf_rule.o" LKM= LKMR=; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
netbsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
@if [ ! -d /sys -o ! -d /sys/arch ] ; then \
echo "*****************************************************"; \
echo "* *"; \
echo "* Please extract source code to create /sys and *";\
echo "* /sys/arch and run 'config GENERIC' *"; \
echo "* *"; \
echo "*****************************************************"; \
exit 1; \
fi
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" LKMR= "MLR=mln_rule.o"; cd ..)
# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
openbsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mlo_ipl.c" LKMR= "MLR=mlo_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
freebsd20 freebsd21: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlf_ipl.c" "MLR=mlf_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
osf tru64: null include
make setup "TARGOS=OSF" "CPUDIR=`OSF/cpurev`"
(cd OSF/`OSF/cpurev`; make build TRU64=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "MACHASSERT=$(MACHASSERT)" "OSREV=`../cpurev`"; cd ..)
(cd OSF/`OSF/cpurev`; make -f Makefile.ipsend build TRU64=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..)
aix: null include
make setup "TARGOS=AIX" "CPUDIR=`AIX/cpurev`"
(cd AIX/`AIX/cpurev`; make build AIX=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "OSREV=`../cpurev`" BITS=`../bootbits.sh`; cd ..)
# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend build AIX=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..)
bsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" "MLR=mln_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
bsdi bsdos: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build "CC=$(CC)" TOP=../.. $(MFLAGS) LKM= LKMR= ; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build "CC=$(CC)" TOP=../.. $(MFLAGS); cd ..)
irix IRIX: include
make setup TARGOS=IRIX CPUDIR=`IRIX/cpurev`
if [ "x${SGIREV}" = "x" ] ; then \
make irix "SGIREV=-D_KMEMUSER -DIRIX=`IRIX/getrev`"; \
else \
(cd IRIX/`IRIX/cpurev`; smake -l -J 1 build TOP=../.. $(DEST) $(MFLAGS) IRIX=`../getrev` SGI=$$(IRIX) CPUDIR=`../cpurev`; cd ..); \
(cd IRIX/`IRIX/cpurev`; make -f Makefile.ipsend build TOP=../.. $(DEST) $(MFLAGS) IRIX=`../getrev` SGI=$$(IRIX) CPUDIR=`../cpurev`; cd ..); \
fi
setup:
-if [ ! -d $(TARGOS)/$(CPUDIR) ] ; then mkdir $(TARGOS)/$(CPUDIR); fi
-rm -f $(TARGOS)/$(CPUDIR)/Makefile $(TARGOS)/$(CPUDIR)/Makefile.ipsend
-ln -s ../Makefile $(TARGOS)/$(CPUDIR)/Makefile
-ln -s ../Makefile.ipsend $(TARGOS)/$(CPUDIR)/Makefile.ipsend
-if [ -f $(TARGOS)/Makefile.common ] ; then \
rm -f $(TARGOS)/$(CPUDIR)/Makefile.common; \
ln -s ../Makefile.common $(TARGOS)/$(CPUDIR)/Makefile.common;\
fi
clean: clean-include
/bin/rm -rf h y.output
${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl ipflkm \
vnode_if.h $(LKM) *~
/bin/rm -rf sparcv7 sparcv9 mdbgen_build
(cd SunOS4; $(MAKE) TOP=.. clean)
-(cd SunOS5; $(MAKE) TOP=.. clean)
(cd BSD; $(MAKE) TOP=.. clean)
(cd HPUX; $(MAKE) BITS=32 TOP=.. clean)
(cd Linux; $(MAKE) TOP=.. clean)
(cd OSF; $(MAKE) TOP=.. clean)
(cd AIX; $(MAKE) TOP=.. clean)
if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; $(MAKE) clean); fi
[ -d test ] && (cd test; $(MAKE) clean)
(cd ipsend; $(MAKE) clean)
clean-include:
sh -c 'if [ -d netinet ] ; then cd netinet; for i in *; do if [ -h $$i ] ; then /bin/rm -f $$i; fi; done fi'
sh -c 'if [ -d net ] ; then cd net; for i in *; do if [ -h $$i ] ; then /bin/rm -f $$i; fi; done fi'
${RM} -f netinet/done net/done
clean-bsd: clean-include
(cd BSD; make TOP=.. clean)
clean-hpux: clean-include
(cd HPUX; $(MAKE) BITS=32 clean)
clean-osf: clean-include
(cd OSF; make clean)
clean-aix: clean-include
(cd AIX; make clean)
clean-linux: clean-include
(cd Linux; make clean)
clean-sunos4: clean-include
(cd SunOS4; make clean)
clean-sunos5: clean-include
(cd SunOS5; $(MAKE) clean)
/bin/rm -rf sparcv?
clean-irix: clean-include
(cd IRIX; $(MAKE) clean)
h/xti.h:
mkdir -p h
ln -s /usr/include/sys/xti.h h
hpux: include h/xti.h
make setup CPUDIR=`HPUX/cpurev` TARGOS=HPUX
(cd HPUX/`HPUX/cpurev`; $(MAKE) build TOP=../.. $(DEST) $(MFLAGS) "BITS=`getconf KERNEL_BITS`" `../makeargs`; cd ..)
(cd HPUX/`HPUX/cpurev`; $(MAKE) -f Makefile.ipsend build TOP=../.. $(DEST) $(MFLAGS) "BITS=`getconf KERNEL_BITS`" `../makeargs`; cd ..)
sunos4 solaris1:
(cd SunOS4; make build TOP=.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
(cd SunOS4; make -f Makefile.ipsend build "CC=$(CC)" TOP=.. $(DEST) $(MFLAGS); cd ..)
sunos5 solaris2: null
(cd SunOS5/$(CPUDIR); $(MAKE) build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" INSTANCE=$(INSTANCE); cd ..)
(cd SunOS5/$(CPUDIR); $(MAKE) -f Makefile.ipsend build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
linux: include
(cd Linux; make build LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) LINUXKERNEL=$(LINUXKERNEL); cd ..)
(cd Linux; make ipflkm LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) LINUXKERNEL=$(LINUXKERNEL) WORKDIR=`pwd`; cd ..)
# (cd Linux; make -f Makefile.ipsend build LINUX=$(LINUX) TOP=.. "CC=$(CC)" $(MFLAGS); cd ..)
install-linux: linux
(cd Linux/; make LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) ROOTDIR=$(BUILDROOT) install ; cd ..)
install-bsd:
(cd BSD/$(CPUDIR); make install "TOP=../.." $(MFLAGS); cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..)
install-sunos4: solaris
(cd SunOS4; $(MAKE) CPU=$(CPU) TOP=.. install)
install-sunos5: solaris null
(cd SunOS5; $(MAKE) TOP=.. install)
install-aix:
(cd AIX/`AIX/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..)
# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..)
install-hpux: hpux
(cd HPUX/`HPUX/cpurev`; $(MAKE) CPU=$(CPU) TOP=../.. "BITS=`getconf KERNEL_BITS`" install)
install-irix: irix
(cd IRIX; smake install CPU=$(CPU) TOP=.. $(DEST) $(MFLAGS) CPUDIR=`./cpurev`)
install-osf install-tru64:
(cd OSF/`OSF/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..)
do-cvs:
find . -type d -name CVS -print | xargs /bin/rm -rf
find . -type f -name .cvsignore -print | xargs /bin/rm -f
/bin/rm -f ip_msnrpc_pxy.c ip_sunrpc_pxy.c
ip_rules.c ip_rules.h: rules/ip_rules tools/ipfcomp.c
-./ipf -n -cc -f rules/ip_rules 2>/dev/null 1>&2
null:
@if [ "`$(MAKE) -v 2>&1 | sed -ne 's/GNU.*/GNU/p'`" = "GNU" ] ; then \
echo 'Do not use GNU make (gmake) to compile IPFilter'; \
exit 1; \
fi
-@echo make ok
mdb:
/bin/rm -rf mdbgen_build
mdbgen -D_KERNEL -DIPFILTER_LOG -DIPFILTER_LOOKUP -DSUNDDI \
-DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \
-I/home/dr146992/pfil -I/home/dr146992/ipf -f \
/usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h

104
contrib/ipfilter/NAT.FreeBSD
View File

@ -1,104 +0,0 @@
These are Instructions for Configuring A FreeBSD Box For NAT
After you have installed IpFilter.
You will need to change three files:
/etc/rc.local
/etc/rc.conf
/etc/natrules
You will have to:
1) Load the kernel module
2) Make the ipnat rules
3) Load the ipnat rules
4) Enable routing between interfaces
5) Add static routes for the subnet ranges
6) Configure your network interfaces
7) reboot the computer for the changes to take effect.
The FAQ was written by Chris Coleman <chris@@bbcc.ctc.edu>
This was tested using ipfilter 3.1.4 and FreeBSD 2.1.6-RELEASE
_________________________________________________________
1) Loading the Kernel Module
If you are using a Kernal Loadable Module you need to edit your
/etc/rc.local file and load the module at boot time.
use the line:
modload /lkm/if_ipl.o
If you are not loading a kernel module, skip this step.
_________________________________________________________
2) Setting up the NAT Rules
Make a file called /etc/natrules
put in the rules that you need for your system.
If you want to use the whole 10 Network. Try:
map fpx0 10.0.0.0/8 -> 208.8.0.1/32 portmap tcp/udp 10000:65000
_________________________________________________________
Here is an explaination of each part of the command:
map starts the command.
fpx0 is the interface with the real internet address.
10.0.0.0 is the subnet you want to use.
/8 is the subnet mask. ie 255.0.0.0
208.8.0.1 is the real ip address that you use.
/32 is the subnet mask 255.255.255.255, ie only use this ip address.
portmap tcp/udp 10000:65000
tells it to use the ports to redirect the tcp/udp calls through
The one line should work for the whole network.
_________________________________________________________
3) Loading the NAT Rules:
The NAT Rules will need to be loaded every time the computer
reboots.
In your /etc/rc.local put the line:
ipnat -f /etc/natrules
To check and see if it is loaded, as root type
ipnat -ls
_________________________________________________________
4) Enable Routing between interfaces.
Tell the kernel to route these addresses.
in the rc.local file put the line:
sysctl -w net.inet.ip.forwarding=1
_________________________________________________________
5) Static Routes to Subnet Ranges
Now you have to add a static routes for the subnet ranges.
Edit your /etc/sysconfig to add them at bootup.
static_routes="foo"
route_foo="10.0.0.0 -netmask 0xf0000000 -interface 10.0.0.1"
_________________________________________________________
6) Make sure that you have your interfaces configured.
I have two Intel Ether Express Pro B cards.
One is on 208.8.0.1 The other is on 10.0.0.1
You need to configure these in the /etc/sysconfig
network_interfaces="fxp0 fxp1"
ifconfig_fxp0="inet 208.8.0.1 netmask 255.255.255.0"
ifconfig_fxp1="inet 10.0.0.1 netmask 255.0.0.0"
_________________________________________________________

101
contrib/ipfilter/README
View File

@ -1,101 +0,0 @@
IP Filter - What's this about ?
============================
Web site: http://coombs.anu.edu.au/~avalon/ip-filter.html
How-to: http://www.obfuscation.org/ipf/ipf-howto.txt
The idea behind this package is allow those who use Unix workstations as
routers (a common occurance in Universities it appears) to apply packet
filtering to packets going in and out of them. This package has been
tested on all versions of SunOS 4.1 and Solaris 2.4/2.5, running on Sparcs.
It is also quite possible for this small kernel extension to be installed
and used effectively on Sun workstations which don't route IP, just for
added security. It can also be integrated with the multicast patches.
It has also been tested successfully on all of the modern free BSDs as
well as BSDI, and SGI's IRIX 6.2.
The filter keeps a rule list for both inbound and outbound sides of
the IP packet queue and a check is made as early as possible, aiming to
stop the packet before it even gets as far as being checked for source
route options. In the file "BNF", a set of rules for constructing filter
rules understood by this package is given. The files in the directory
"rules", "example.1" ... "example.sr" show example rules you might apply.
In practise, I've successfully isolated a workstation from all
machines except the NFS file servers on its local subnets (yeah, ok, so
this doesn't really increase security, because of NFS, but you get the
drift on how it can be applied and used). I've also successfully
setup and maintained my own firewalls using it with TIS's Firewall Toolkit,
including using it on an mbone router.
When using it with multicast IP, the calls to fr_check() should be
before the packet is unwrapped and after it is encapsulated. So the
filter routines will see the packet as a UDP packet, protocol XYZ.
Whether this is better or worse than having it filter on class D addresses
is debateable, but the idea behind this package is to be able to
discriminate between packets as they are on the 'wire', before they
get routed anywhere, etc.
It is worth noting, that it is possible, using a small MTU and
generating tiny fragmented IP packets to generate a TCP packet which
doesn't contain enough information to filter on the "flags". Filtering
on these types of packets is possible, but under the more general case
of the packets being "short". ICMP and UDP packets which are too small
(they don't contain a complete header) are dropped and logged, no questions
asked. When filtering on fragmented packets, the last fragment will get
through for TCP/UDP/ICMP packets.
Bugs/Problems
-------------
If you have a problem with IP Filter on your operating system, please email
a copy of the file "BugReport" with the details of your setup as required
and email to darrenr@pobox.com.
Some general notes.
-------------------
To add/delete a rule from memory, access to the device in /dev is needed,
allowing non-root maintenaince. The filter list in kernel memory is built
from the kernel's heap. Each packet coming *in* or *out* is checked against
the appropriate list, rejects dropped, others passed through. Thus this will
work on an individual host, not just gateways. Presently there is only one
list for all interfaces, the changes required to make it a per-interface list
require more .o replacements for the kernel. When checking a packet, the
packet is compared to the entire list from top to bottom, the last matching
line being effective.
What does what ?
----------------
if_fil.o (Loadable kernel module)
- additional kernel routines to check an access list as to whether
or not to drop or pass a packet. It currently defaults to pass
on all packets.
ipfstat
- digs through your kernel (need to check #define VMUNIX in fils.c)
and /dev/kmem for the access filter list and mini stats table.
Obviously needs to be run priviledged if required.
ipf
- reads the files passed as parameters as input files containing new
filter rules to add/delete to the kernel list. The lines are
inserted in order; the first line is inserted first, and ends up
first on the list. Subsequent invocations append to the list
unless specified otherwise.
ipftest
- test the ruleset given by filename. Reads in the ruleset and then
waits for stdin.
See the man pages (ipf.1, ipftest.1, ipfstat.8) for more detailed
information on what the above do.
mkfilters
- suggests a set of filter rules to employ and suggests how to add
routes to back these up.
BNF
- BNF rule set for the filter rules
Darren Reed
darrenr@pobox.com
http://coombs.anu.edu.au/~avalon/ip-filter.html

57
contrib/ipfilter/STYLE.TXT
View File

@ -1,57 +0,0 @@
Over time, I am moving all of the IPFilter code to what I consider a better
coding style than it had before. If you submit patches, I expect them to
conform as appropriate.
Function Comments
=================
Preceeding each and every function, a comment block like this should
be present:
/* ------------------------------------------------------------------------ */
/* Function: function-name */
/* Returns: return-type */
/* Parameters: param1(I) - param1 is an input parameter */
/* p2(O) - p2 is an output parameter passed as an arg */
/* par3(IO) - par3 is a parameter which is both input and */
/* output. Pointers to things which are used and */
/* then get a result stored in them qualify here. */
/* */
/* Description about what the function does. This comment should explain */
/* any gotchas or algorithms that are used which aren't obvious to the */
/* casual reader. It should not be an excuse to not use comments inside */
/* the function. */
/* ------------------------------------------------------------------------ */
Tab spacing
===========
Tabs are to be at 8 characters.
Conditions
==========
All expressions which evaluate to a boolean for a test condition, such as
in an if()/while() statement must involve a boolean operation. Since C
has no native boolean type, this means that one of <,>,<=,>=,==,!= must
be present. Implied boolean evaluations are out.
In code, the following is banned:
if (x)
if (!x)
while ((a = b))
and should be replaced by:
if (x != 0)
if (x == 0)
while ((a = b) != 0)
If pointers are involved, always compare with NULL, ie.:
if (x != NULL)
if (x == NULL)
while ((a = b) != NULL)

83
contrib/ipfilter/WhatsNew50.txt
View File

@ -1,83 +0,0 @@
What's new in 5.1
=================
General
-------
* all of the tuneables can now be set at any time, not just whilst disabled
or prior to loading rules;
* group identifiers may now be a number or name (universal);
* man pages rewritten
* tunables can now be set via ipf.conf;
Logging
-------
* ipmon.conf can now be used to generate SNMPv1 and SNMPv2 traps using
information from log entries from the kernel;
NAT changes
-----------
* DNS proxy for the kernel that can block queries based on domain names;
* FTP proxy can be configured to limit data connections to one or many
connections per client;
* NAT on IPv6 is now supported;
* rewrite command allows changing both the source and destination address
in a single NAT rule;
* simple encapsulation can now be configured with ipnat.conf,
* TFTP proxy now included;
Packet Filtering
----------------
* acceptance of ICMP packets for "keep state" rules can be refined through
the use of filtering rules;
* alternative form for writing rules using simple filtering expressions;
* CIPSO headers now recognised and analysed for filtering on DOI;
* comments can now be a part of a rule and loaded into the kernel and
thus displayed with ipfstat;
* decapsulation rules allow filtering on inner headers, providing they
are not encrypted;
* interface names, aside from that the packet is on, can be present in
filter rules;
* internally now a single list of filter rules, there is no longer an
IPv4 and IPv6 list;
* rules can now be added with an expiration time, allowing for their
automatic removal after some period of time;
* single file, ipf.conf, can now be used for both IPv4 and IPv6 rules;
* stateful filtering now allows for limits to be placed on the number
of distinct hosts allowed per rule;
Pools
-----
* addresses added to a pool via the command line (only!) can be given
an expiration timeout;
* destination lists are a new type of address pool, primarily for use with
NAT rdr rules, supporting newer algorithms for target selection;
* raw whois information saved to a file can be used to populate a pool;
Solaris
-------
* support for use in zones with exclusive IP instances fully supported.
Tools
-----
* use of matching expressions allows for refining what is displayed or
flushed;

3
contrib/ipfilter/Y2K
View File

@ -1,3 +0,0 @@
IP Filter is Year 2000 (Y2K) Compliant.
Darren

267
contrib/ipfilter/arc4random.c
View File

@ -1,267 +0,0 @@
/*-
* THE BEER-WARE LICENSE
*
* <dan@FreeBSD.ORG> wrote this file. As long as you retain this notice you
* can do whatever you want with this stuff. If we meet some day, and you
* think this stuff is worth it, you can buy me a beer in return.
*
* Dan Moschuk
*/
#if !defined(SOLARIS2)
# include <sys/cdefs.h>
#endif
#include <sys/types.h>
#include <sys/param.h>
#ifdef __FreeBSD__
# include <sys/kernel.h>
#endif
# include <sys/random.h>
#ifdef __FreeBSD__
# include <sys/libkern.h>
#endif
#include <sys/lock.h>
# include <sys/mutex.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include "netinet/ip_compat.h"
#ifdef HAS_SYS_MD5_H
# include <sys/md5.h>
#else
# include "md5.h"
#endif
#ifdef NEED_LOCAL_RAND
#if !defined(__GNUC__)
# define __inline
#endif
#define ARC4_RESEED_BYTES 65536
#define ARC4_RESEED_SECONDS 300
#define ARC4_KEYBYTES (256 / 8)
static u_int8_t arc4_i, arc4_j;
static int arc4_numruns = 0;
static u_int8_t arc4_sbox[256];
static time_t arc4_t_reseed;
static ipfmutex_t arc4_mtx;
static MD5_CTX md5ctx;
static u_int8_t arc4_randbyte(void);
static int ipf_read_random(void *dest, int length);
static __inline void
arc4_swap(u_int8_t *a, u_int8_t *b)
{
u_int8_t c;
c = *a;
*a = *b;
*b = c;
}
/*
* Stir our S-box.
*/
static void
arc4_randomstir (void)
{
u_int8_t key[256];
int r, n;
struct timeval tv_now;
/*
* XXX read_random() returns unsafe numbers if the entropy
* device is not loaded -- MarkM.
*/
r = ipf_read_random(key, ARC4_KEYBYTES);
GETKTIME(&tv_now);
MUTEX_ENTER(&arc4_mtx);
/* If r == 0 || -1, just use what was on the stack. */
if (r > 0) {
for (n = r; n < sizeof(key); n++)
key[n] = key[n % r];
}
for (n = 0; n < 256; n++) {
arc4_j = (arc4_j + arc4_sbox[n] + key[n]) % 256;
arc4_swap(&arc4_sbox[n], &arc4_sbox[arc4_j]);
}
/* Reset for next reseed cycle. */
arc4_t_reseed = tv_now.tv_sec + ARC4_RESEED_SECONDS;
arc4_numruns = 0;
/*
* Throw away the first N words of output, as suggested in the
* paper "Weaknesses in the Key Scheduling Algorithm of RC4"
* by Fluher, Mantin, and Shamir. (N = 768 in our case.)
*/
for (n = 0; n < 768*4; n++)
arc4_randbyte();
MUTEX_EXIT(&arc4_mtx);
}
/*
* Initialize our S-box to its beginning defaults.
*/
static void
arc4_init(void)
{
int n;
MD5Init(&md5ctx);
MUTEX_INIT(&arc4_mtx, "arc4_mtx");
arc4_i = arc4_j = 0;
for (n = 0; n < 256; n++)
arc4_sbox[n] = (u_int8_t) n;
arc4_t_reseed = 0;
}
/*
* Generate a random byte.
*/
static u_int8_t
arc4_randbyte(void)
{
u_int8_t arc4_t;
arc4_i = (arc4_i + 1) % 256;
arc4_j = (arc4_j + arc4_sbox[arc4_i]) % 256;
arc4_swap(&arc4_sbox[arc4_i], &arc4_sbox[arc4_j]);
arc4_t = (arc4_sbox[arc4_i] + arc4_sbox[arc4_j]) % 256;
return arc4_sbox[arc4_t];
}
/*
* MPSAFE
*/
void
arc4rand(void *ptr, u_int len, int reseed)
{
u_int8_t *p;
struct timeval tv;
GETKTIME(&tv);
if (reseed ||
(arc4_numruns > ARC4_RESEED_BYTES) ||
(tv.tv_sec > arc4_t_reseed))
arc4_randomstir();
MUTEX_ENTER(&arc4_mtx);
arc4_numruns += len;
p = ptr;
while (len--)
*p++ = arc4_randbyte();
MUTEX_EXIT(&arc4_mtx);
}
uint32_t
ipf_random(void)
{
uint32_t ret;
arc4rand(&ret, sizeof ret, 0);
return ret;
}
static u_char pot[ARC4_RESEED_BYTES];
static u_char *pothead = pot, *pottail = pot;
static int inpot = 0;
/*
* This is not very strong, and this is understood, but the aim isn't to
* be cryptographically strong - it is just to make up something that is
* pseudo random.
*/
void
ipf_rand_push(void *src, int length)
{
static int arc4_inited = 0;
u_char *nsrc;
int mylen;
if (arc4_inited == 0) {
arc4_init();
arc4_inited = 1;
}
if (length < 64) {
MD5Update(&md5ctx, src, length);
return;
}
nsrc = src;
mylen = length;
#if defined(_SYS_MD5_H) && defined(SOLARIS2)
# define buf buf_un.buf8
#endif
MUTEX_ENTER(&arc4_mtx);
while ((mylen > 64) && (sizeof(pot) - inpot > sizeof(md5ctx.buf))) {
MD5Update(&md5ctx, nsrc, 64);
mylen -= 64;
nsrc += 64;
if (pottail + sizeof(md5ctx.buf) > pot + sizeof(pot)) {
int left, numbytes;
numbytes = pot + sizeof(pot) - pottail;
bcopy(md5ctx.buf, pottail, numbytes);
left = sizeof(md5ctx.buf) - numbytes;
pottail = pot;
bcopy(md5ctx.buf + sizeof(md5ctx.buf) - left,
pottail, left);
pottail += left;
} else {
bcopy(md5ctx.buf, pottail, sizeof(md5ctx.buf));
pottail += sizeof(md5ctx.buf);
}
inpot += 64;
}
MUTEX_EXIT(&arc4_mtx);
#if defined(_SYS_MD5_H) && defined(SOLARIS2)
# undef buf
#endif
}
static int
ipf_read_random(void *dest, int length)
{
if (length > inpot)
return 0;
MUTEX_ENTER(&arc4_mtx);
if (pothead + length > pot + sizeof(pot)) {
int left, numbytes;
left = length;
numbytes = pot + sizeof(pot) - pothead;
bcopy(pothead, dest, numbytes);
left -= numbytes;
pothead = pot;
bcopy(pothead, dest + length - left, left);
pothead += left;
} else {
bcopy(pothead, dest, length);
pothead += length;
}
inpot -= length;
if (inpot == 0)
pothead = pottail = pot;
MUTEX_EXIT(&arc4_mtx);
return length;
}
#endif /* NEED_LOCAL_RAND */

4811
contrib/ipfilter/ip_fil_compat.c
View File

File diff suppressed because it is too large Load Diff

364
contrib/ipfilter/ipf_rb.h
View File

@ -1,364 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
typedef enum rbcolour_e {
C_BLACK = 0,
C_RED = 1
} rbcolour_t;
#define RBI_LINK(_n, _t) \
struct _n##_rb_link { \
struct _t *left; \
struct _t *right; \
struct _t *parent; \
rbcolour_t colour; \
}
#define RBI_HEAD(_n, _t) \
struct _n##_rb_head { \
struct _t top; \
int count; \
int (* compare)(struct _t *, struct _t *); \
}
#define RBI_CODE(_n, _t, _f, _cmp) \
\
typedef void (*_n##_rb_walker_t)(_t *, void *); \
\
_t * _n##_rb_delete(struct _n##_rb_head *, _t *); \
void _n##_rb_init(struct _n##_rb_head *); \
void _n##_rb_insert(struct _n##_rb_head *, _t *); \
_t * _n##_rb_search(struct _n##_rb_head *, void *); \
void _n##_rb_walktree(struct _n##_rb_head *, _n##_rb_walker_t, void *);\
\
static void \
rotate_left(struct _n##_rb_head *head, _t *node) \
{ \
_t *parent, *tmp1, *tmp2; \
\
parent = node->_f.parent; \
tmp1 = node->_f.right; \
tmp2 = tmp1->_f.left; \
node->_f.right = tmp2; \
if (tmp2 != & _n##_rb_zero) \
tmp2->_f.parent = node; \
if (parent == & _n##_rb_zero) \
head->top._f.right = tmp1; \
else if (parent->_f.right == node) \
parent->_f.right = tmp1; \
else \
parent->_f.left = tmp1; \
tmp1->_f.left = node; \
tmp1->_f.parent = parent; \
node->_f.parent = tmp1; \
} \
\
static void \
rotate_right(struct _n##_rb_head *head, _t *node) \
{ \
_t *parent, *tmp1, *tmp2; \
\
parent = node->_f.parent; \
tmp1 = node->_f.left; \
tmp2 = tmp1->_f.right; \
node->_f.left = tmp2; \
if (tmp2 != &_n##_rb_zero) \
tmp2->_f.parent = node; \
if (parent == &_n##_rb_zero) \
head->top._f.right = tmp1; \
else if (parent->_f.right == node) \
parent->_f.right = tmp1; \
else \
parent->_f.left = tmp1; \
tmp1->_f.right = node; \
tmp1->_f.parent = parent; \
node->_f.parent = tmp1; \
} \
\
void \
_n##_rb_insert(struct _n##_rb_head *head, _t *node) \
{ \
_t *n, *parent, **p, *tmp1, *gparent; \
\
parent = &head->top; \
node->_f.left = &_n##_rb_zero; \
node->_f.right = &_n##_rb_zero; \
p = &head->top._f.right; \
while ((n = *p) != &_n##_rb_zero) { \
if (_cmp(node, n) < 0) \
p = &n->_f.left; \
else \
p = &n->_f.right; \
parent = n; \
} \
*p = node; \
node->_f.colour = C_RED; \
node->_f.parent = parent; \
\
while ((node != &_n##_rb_zero) && (parent->_f.colour == C_RED)){\
gparent = parent->_f.parent; \
if (parent == gparent->_f.left) { \
tmp1 = gparent->_f.right; \
if (tmp1->_f.colour == C_RED) { \
parent->_f.colour = C_BLACK; \
tmp1->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
node = gparent; \
} else { \
if (node == parent->_f.right) { \
node = parent; \
rotate_left(head, node); \
parent = node->_f.parent; \
} \
parent->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
rotate_right(head, gparent); \
} \
} else { \
tmp1 = gparent->_f.left; \
if (tmp1->_f.colour == C_RED) { \
parent->_f.colour = C_BLACK; \
tmp1->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
node = gparent; \
} else { \
if (node == parent->_f.left) { \
node = parent; \
rotate_right(head, node); \
parent = node->_f.parent; \
} \
parent->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
rotate_left(head, parent->_f.parent); \
} \
} \
parent = node->_f.parent; \
} \
head->top._f.right->_f.colour = C_BLACK; \
head->count++; \
} \
\
static void \
deleteblack(struct _n##_rb_head *head, _t *parent, _t *node) \
{ \
_t *tmp; \
\
while ((node == &_n##_rb_zero || node->_f.colour == C_BLACK) && \
node != &head->top) { \
if (parent->_f.left == node) { \
tmp = parent->_f.right; \
if (tmp->_f.colour == C_RED) { \
tmp->_f.colour = C_BLACK; \
parent->_f.colour = C_RED; \
rotate_left(head, parent); \
tmp = parent->_f.right; \
} \
if ((tmp->_f.left == &_n##_rb_zero || \
tmp->_f.left->_f.colour == C_BLACK) && \
(tmp->_f.right == &_n##_rb_zero || \
tmp->_f.right->_f.colour == C_BLACK)) { \
tmp->_f.colour = C_RED; \
node = parent; \
parent = node->_f.parent; \
} else { \
if (tmp->_f.right == &_n##_rb_zero || \
tmp->_f.right->_f.colour == C_BLACK) {\
_t *tmp2 = tmp->_f.left; \
\
if (tmp2 != &_n##_rb_zero) \
tmp2->_f.colour = C_BLACK;\
tmp->_f.colour = C_RED; \
rotate_right(head, tmp); \
tmp = parent->_f.right; \
} \
tmp->_f.colour = parent->_f.colour; \
parent->_f.colour = C_BLACK; \
if (tmp->_f.right != &_n##_rb_zero) \
tmp->_f.right->_f.colour = C_BLACK;\
rotate_left(head, parent); \
node = head->top._f.right; \
} \
} else { \
tmp = parent->_f.left; \
if (tmp->_f.colour == C_RED) { \
tmp->_f.colour = C_BLACK; \
parent->_f.colour = C_RED; \
rotate_right(head, parent); \
tmp = parent->_f.left; \
} \
if ((tmp->_f.left == &_n##_rb_zero || \
tmp->_f.left->_f.colour == C_BLACK) && \
(tmp->_f.right == &_n##_rb_zero || \
tmp->_f.right->_f.colour == C_BLACK)) { \
tmp->_f.colour = C_RED; \
node = parent; \
parent = node->_f.parent; \
} else { \
if (tmp->_f.left == &_n##_rb_zero || \
tmp->_f.left->_f.colour == C_BLACK) {\
_t *tmp2 = tmp->_f.right; \
\
if (tmp2 != &_n##_rb_zero) \
tmp2->_f.colour = C_BLACK;\
tmp->_f.colour = C_RED; \
rotate_left(head, tmp); \
tmp = parent->_f.left; \
} \
tmp->_f.colour = parent->_f.colour; \
parent->_f.colour = C_BLACK; \
if (tmp->_f.left != &_n##_rb_zero) \
tmp->_f.left->_f.colour = C_BLACK;\
rotate_right(head, parent); \
node = head->top._f.right; \
break; \
} \
} \
} \
if (node != &_n##_rb_zero) \
node->_f.colour = C_BLACK; \
} \
\
_t * \
_n##_rb_delete(struct _n##_rb_head *head, _t *node) \
{ \
_t *child, *parent, *old = node, *left; \
rbcolour_t color; \
\
if (node->_f.left == &_n##_rb_zero) { \
child = node->_f.right; \
} else if (node->_f.right == &_n##_rb_zero) { \
child = node->_f.left; \
} else { \
node = node->_f.right; \
while ((left = node->_f.left) != &_n##_rb_zero) \
node = left; \
child = node->_f.right; \
parent = node->_f.parent; \
color = node->_f.colour; \
if (child != &_n##_rb_zero) \
child->_f.parent = parent; \
if (parent != &_n##_rb_zero) { \
if (parent->_f.left == node) \
parent->_f.left = child; \
else \
parent->_f.right = child; \
} else { \
head->top._f.right = child; \
} \
if (node->_f.parent == old) \
parent = node; \
*node = *old; \
if (old->_f.parent != &_n##_rb_zero) { \
if (old->_f.parent->_f.left == old) \
old->_f.parent->_f.left = node; \
else \
old->_f.parent->_f.right = node; \
} else { \
head->top._f.right = child; \
} \
old->_f.left->_f.parent = node; \
if (old->_f.right != &_n##_rb_zero) \
old->_f.right->_f.parent = node; \
if (parent != &_n##_rb_zero) { \
left = parent; \
} \
goto colour; \
} \
parent = node->_f.parent; \
color= node->_f.colour; \
if (child != &_n##_rb_zero) \
child->_f.parent = parent; \
if (parent != &_n##_rb_zero) { \
if (parent->_f.left == node) \
parent->_f.left = child; \
else \
parent->_f.right = child; \
} else { \
head->top._f.right = child; \
} \
colour: \
if (color == C_BLACK) \
deleteblack(head, parent, node); \
head->count--; \
return old; \
} \
\
void \
_n##_rb_init(struct _n##_rb_head *head) \
{ \
memset(head, 0, sizeof(*head)); \
memset(&_n##_rb_zero, 0, sizeof(_n##_rb_zero)); \
head->top._f.left = &_n##_rb_zero; \
head->top._f.right = &_n##_rb_zero; \
head->top._f.parent = &head->top; \
_n##_rb_zero._f.left = &_n##_rb_zero; \
_n##_rb_zero._f.right = &_n##_rb_zero; \
_n##_rb_zero._f.parent = &_n##_rb_zero; \
} \
\
void \
_n##_rb_walktree(struct _n##_rb_head *head, _n##_rb_walker_t func, void *arg)\
{ \
_t *prev; \
_t *next; \
_t *node = head->top._f.right; \
_t *base; \
\
while (node != &_n##_rb_zero) \
node = node->_f.left; \
\
for (;;) { \
base = node; \
prev = node; \
while ((node->_f.parent->_f.right == node) && \
(node != &_n##_rb_zero)) { \
prev = node; \
node = node->_f.parent; \
} \
\
node = prev; \
for (node = node->_f.parent->_f.right; node != &_n##_rb_zero;\
node = node->_f.left) \
prev = node; \
next = prev; \
\
if (node != &_n##_rb_zero) \
func(node, arg); \
\
node = next; \
if (node == &_n##_rb_zero) \
break; \
} \
} \
\
_t * \
_n##_rb_search(struct _n##_rb_head *head, void *key) \
{ \
int match; \
_t *node; \
node = head->top._f.right; \
while (node != &_n##_rb_zero) { \
match = _cmp(key, node); \
if (match == 0) \
break; \
if (match< 0) \
node = node->_f.left; \
else \
node = node->_f.right; \
} \
if (node == &_n##_rb_zero || match != 0) \
return (NULL); \
return (node); \
}
#define RBI_DELETE(_n, _h, _v) _n##_rb_delete(_h, _v)
#define RBI_FIELD(_n) struct _n##_rb_link
#define RBI_INIT(_n, _h) _n##_rb_init(_h)
#define RBI_INSERT(_n, _h, _v) _n##_rb_insert(_h, _v)
#define RBI_ISEMPTY(_h) ((_h)->count == 0)
#define RBI_SEARCH(_n, _h, _k) _n##_rb_search(_h, _k)
#define RBI_WALK(_n, _h, _w, _a) _n##_rb_walktree(_h, _w, _a)
#define RBI_ZERO(_n) _n##_rb_zero

443
contrib/ipfilter/lib/Makefile
View File

@ -1,443 +0,0 @@
#
# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
# $Id$
#
INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h
LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/addipopt.o \
$(DEST)/alist_free.o \
$(DEST)/alist_new.o \
$(DEST)/allocmbt.o \
$(DEST)/assigndefined.o \
$(DEST)/bcopywrap.o \
$(DEST)/binprint.o \
$(DEST)/buildopts.o \
$(DEST)/checkrev.o \
$(DEST)/connecttcp.o \
$(DEST)/count6bits.o \
$(DEST)/count4bits.o \
$(DEST)/debug.o \
$(DEST)/dupmbt.o \
$(DEST)/familyname.o \
$(DEST)/facpri.o \
$(DEST)/fill6bits.o \
$(DEST)/findword.o \
$(DEST)/flags.o \
$(DEST)/freembt.o \
$(DEST)/ftov.o \
$(DEST)/genmask.o \
$(DEST)/gethost.o \
$(DEST)/geticmptype.o \
$(DEST)/getifname.o \
$(DEST)/getnattype.o \
$(DEST)/getport.o \
$(DEST)/getportproto.o \
$(DEST)/getproto.o \
$(DEST)/getsumd.o \
$(DEST)/hostname.o \
$(DEST)/icmpcode.o \
$(DEST)/icmptypename.o \
$(DEST)/icmptypes.o \
$(DEST)/initparse.o \
$(DEST)/interror.o \
$(DEST)/ionames.o \
$(DEST)/ipf_dotuning.o \
$(DEST)/ipf_perror.o \
$(DEST)/ipft_hx.o \
$(DEST)/ipft_pc.o \
$(DEST)/ipft_tx.o \
$(DEST)/ipoptsec.o \
$(DEST)/kmem.o \
$(DEST)/kmemcpywrap.o \
$(DEST)/kvatoname.o \
$(DEST)/load_file.o \
$(DEST)/load_dstlist.o \
$(DEST)/load_dstlistnode.o \
$(DEST)/load_hash.o \
$(DEST)/load_hashnode.o \
$(DEST)/load_http.o \
$(DEST)/load_pool.o \
$(DEST)/load_poolnode.o \
$(DEST)/load_url.o \
$(DEST)/msgdsize.o \
$(DEST)/mutex_emul.o \
$(DEST)/nametokva.o \
$(DEST)/nat_setgroupmap.o \
$(DEST)/ntomask.o \
$(DEST)/optname.o \
$(DEST)/optprint.o \
$(DEST)/optprintv6.o \
$(DEST)/optvalue.o \
$(DEST)/parsefields.o \
$(DEST)/parseipfexpr.o \
$(DEST)/parsewhoisline.o \
$(DEST)/poolio.o \
$(DEST)/portname.o \
$(DEST)/print_toif.o \
$(DEST)/printactiveaddr.o \
$(DEST)/printactivenat.o \
$(DEST)/printaddr.o \
$(DEST)/printaps.o \
$(DEST)/printbuf.o \
$(DEST)/printdstlist.o \
$(DEST)/printdstlistdata.o \
$(DEST)/printdstlistnode.o \
$(DEST)/printdstlistpolicy.o \
$(DEST)/printdstl_live.o \
$(DEST)/printfieldhdr.o \
$(DEST)/printfr.o \
$(DEST)/printfraginfo.o \
$(DEST)/printhash.o \
$(DEST)/printhashdata.o \
$(DEST)/printhashnode.o \
$(DEST)/printhash_live.o \
$(DEST)/printhost.o \
$(DEST)/printhostmap.o \
$(DEST)/printhostmask.o \
$(DEST)/printifname.o \
$(DEST)/printip.o \
$(DEST)/printipfexpr.o \
$(DEST)/printlog.o \
$(DEST)/printlookup.o \
$(DEST)/printmask.o \
$(DEST)/printnat.o \
$(DEST)/printnataddr.o \
$(DEST)/printnatfield.o \
$(DEST)/printnatside.o \
$(DEST)/printpool.o \
$(DEST)/printpooldata.o \
$(DEST)/printpoolfield.o \
$(DEST)/printpoolnode.o \
$(DEST)/printpool_live.o \
$(DEST)/printproto.o \
$(DEST)/printportcmp.o \
$(DEST)/printpacket.o \
$(DEST)/printpacket6.o \
$(DEST)/printsbuf.o \
$(DEST)/printstate.o \
$(DEST)/printstatefields.o \
$(DEST)/printtcpflags.o \
$(DEST)/printtqtable.o \
$(DEST)/printtunable.o \
$(DEST)/printunit.o \
$(DEST)/remove_hash.o \
$(DEST)/remove_hashnode.o \
$(DEST)/remove_pool.o \
$(DEST)/remove_poolnode.o \
$(DEST)/resetlexer.o \
$(DEST)/rwlock_emul.o \
$(DEST)/save_execute.o \
$(DEST)/save_file.o \
$(DEST)/save_nothing.o \
$(DEST)/save_syslog.o \
$(DEST)/save_v1trap.o \
$(DEST)/save_v2trap.o \
$(DEST)/tcpflags.o \
$(DEST)/var.o \
$(DEST)/verbose.o \
$(DEST)/vtof.o \
$(DEST)/v6ionames.o \
$(DEST)/v6optvalue.o
$(DEST)/libipf.a: $(LIBOBJS)
/bin/rm -f $@
ar $(AROPTS) $@ $(LIBOBJS)
$(RANLIB) $@
$(DEST)/addicmp.o: $(LIBSRC)/addicmp.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/addicmp.c -o $@
$(DEST)/addipopt.o: $(LIBSRC)/addipopt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/addipopt.c -o $@
$(DEST)/alist_free.o: $(LIBSRC)/alist_free.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/alist_free.c -o $@
$(DEST)/alist_new.o: $(LIBSRC)/alist_new.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/alist_new.c -o $@
$(DEST)/allocmbt.o: $(LIBSRC)/allocmbt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/allocmbt.c -o $@
$(DEST)/assigndefined.o: $(LIBSRC)/assigndefined.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/assigndefined.c -o $@
$(DEST)/bcopywrap.o: $(LIBSRC)/bcopywrap.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/bcopywrap.c -o $@
$(DEST)/binprint.o: $(LIBSRC)/binprint.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/binprint.c -o $@
$(DEST)/buildopts.o: $(LIBSRC)/buildopts.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/buildopts.c -o $@
$(DEST)/connecttcp.o: $(LIBSRC)/connecttcp.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/connecttcp.c -o $@
$(DEST)/count6bits.o: $(LIBSRC)/count6bits.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/count6bits.c -o $@
$(DEST)/checkrev.o: $(LIBSRC)/checkrev.c $(INCDEP) $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/checkrev.c -o $@
$(DEST)/count4bits.o: $(LIBSRC)/count4bits.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/count4bits.c -o $@
$(DEST)/debug.o: $(LIBSRC)/debug.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/debug.c -o $@
$(DEST)/dupmbt.o: $(LIBSRC)/dupmbt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/dupmbt.c -o $@
$(DEST)/facpri.o: $(LIBSRC)/facpri.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/facpri.c -o $@
$(DEST)/familyname.o: $(LIBSRC)/familyname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/familyname.c -o $@
$(DEST)/fill6bits.o: $(LIBSRC)/fill6bits.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/fill6bits.c -o $@
$(DEST)/findword.o: $(LIBSRC)/findword.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/findword.c -o $@
$(DEST)/flags.o: $(LIBSRC)/flags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/flags.c -o $@
$(DEST)/freembt.o: $(LIBSRC)/freembt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/freembt.c -o $@
$(DEST)/ftov.o: $(LIBSRC)/ftov.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ftov.c -o $@
$(DEST)/genmask.o: $(LIBSRC)/genmask.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/genmask.c -o $@
$(DEST)/gethost.o: $(LIBSRC)/gethost.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/gethost.c -o $@
$(DEST)/geticmptype.o: $(LIBSRC)/geticmptype.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/geticmptype.c -o $@
$(DEST)/getifname.o: $(LIBSRC)/getifname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getifname.c -o $@
$(DEST)/getnattype.o: $(LIBSRC)/getnattype.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/getnattype.c -o $@
$(DEST)/getport.o: $(LIBSRC)/getport.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getport.c -o $@
$(DEST)/getportproto.o: $(LIBSRC)/getportproto.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getportproto.c -o $@
$(DEST)/getproto.o: $(LIBSRC)/getproto.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getproto.c -o $@
$(DEST)/getsumd.o: $(LIBSRC)/getsumd.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getsumd.c -o $@
$(DEST)/hostname.o: $(LIBSRC)/hostname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/hostname.c -o $@
$(DEST)/icmpcode.o: $(LIBSRC)/icmpcode.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/icmpcode.c -o $@
$(DEST)/icmptypename.o: $(LIBSRC)/icmptypename.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/icmptypename.c -o $@
$(DEST)/icmptypes.o: $(LIBSRC)/icmptypes.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/icmptypes.c -o $@
$(DEST)/interror.o: $(LIBSRC)/interror.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/interror.c -o $@
$(DEST)/ipoptsec.o: $(LIBSRC)/ipoptsec.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipoptsec.c -o $@
$(DEST)/initparse.o: $(LIBSRC)/initparse.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/initparse.c -o $@
$(DEST)/ionames.o: $(LIBSRC)/ionames.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ionames.c -o $@
$(DEST)/ipf_dotuning.o: $(LIBSRC)/ipf_dotuning.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipf_dotuning.c -o $@
$(DEST)/ipf_perror.o: $(LIBSRC)/ipf_perror.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipf_perror.c -o $@
$(DEST)/ipft_hx.o: $(LIBSRC)/ipft_hx.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_hx.c -o $@
$(DEST)/ipft_pc.o: $(LIBSRC)/ipft_pc.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_pc.c -o $@
$(DEST)/ipft_tx.o: $(LIBSRC)/ipft_tx.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_tx.c -o $@
$(DEST)/kmem.o: $(LIBSRC)/kmem.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/kmem.c -o $@
$(DEST)/kmemcpywrap.o: $(LIBSRC)/kmemcpywrap.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/kmemcpywrap.c -o $@
$(DEST)/kvatoname.o: $(LIBSRC)/kvatoname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/kvatoname.c -o $@
$(DEST)/load_file.o: $(LIBSRC)/load_file.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/load_file.c -o $@
$(DEST)/load_dstlist.o: $(LIBSRC)/load_dstlist.c $(INCDEP) $(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_dstlist.c -o $@
$(DEST)/load_dstlistnode.o: $(LIBSRC)/load_dstlistnode.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_dstlistnode.c -o $@
$(DEST)/load_hash.o: $(LIBSRC)/load_hash.c $(INCDEP) $(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_hash.c -o $@
$(DEST)/load_hashnode.o: $(LIBSRC)/load_hashnode.c $(INCDEP) $(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_hashnode.c -o $@
$(DEST)/load_http.o: $(LIBSRC)/load_http.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/load_http.c -o $@
$(DEST)/load_pool.o: $(LIBSRC)/load_pool.c $(INCDEP) $(TOP)/ip_pool.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_pool.c -o $@
$(DEST)/load_poolnode.o: $(LIBSRC)/load_poolnode.c $(INCDEP) $(TOP)/ip_pool.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_poolnode.c -o $@
$(DEST)/load_url.o: $(LIBSRC)/load_url.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/load_url.c -o $@
$(DEST)/msgdsize.o: $(LIBSRC)/msgdsize.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/msgdsize.c -o $@
$(DEST)/mutex_emul.o: $(LIBSRC)/mutex_emul.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/mutex_emul.c -o $@
$(DEST)/nametokva.o: $(LIBSRC)/nametokva.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/nametokva.c -o $@
$(DEST)/nat_setgroupmap.o: $(LIBSRC)/nat_setgroupmap.c $(TOP)/ip_compat.h \
$(TOP)/ipf.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/nat_setgroupmap.c -o $@
$(DEST)/ntomask.o: $(LIBSRC)/ntomask.c $(TOP)/ip_compat.h
$(CC) $(CCARGS) -c $(LIBSRC)/ntomask.c -o $@
$(DEST)/optname.o: $(LIBSRC)/optname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/optname.c -o $@
$(DEST)/optprint.o: $(LIBSRC)/optprint.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/optprint.c -o $@
$(DEST)/optprintv6.o: $(LIBSRC)/optprintv6.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/optprintv6.c -o $@
$(DEST)/optvalue.o: $(LIBSRC)/optvalue.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/optvalue.c -o $@
$(DEST)/parsefields.o: $(LIBSRC)/parsefields.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/parsefields.c -o $@
$(DEST)/parseipfexpr.o: $(LIBSRC)/parseipfexpr.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/parseipfexpr.c -o $@
$(DEST)/parsewhoisline.o: $(LIBSRC)/parsewhoisline.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/parsewhoisline.c -o $@
$(DEST)/poolio.o: $(LIBSRC)/poolio.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/poolio.c -o $@
$(DEST)/portname.o: $(LIBSRC)/portname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/portname.c -o $@
$(DEST)/print_toif.o: $(LIBSRC)/print_toif.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/print_toif.c -o $@
$(DEST)/printactiveaddr.o: $(LIBSRC)/printactiveaddr.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printactiveaddr.c -o $@
$(DEST)/printactivenat.o: $(LIBSRC)/printactivenat.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printactivenat.c -o $@
$(DEST)/printaddr.o: $(LIBSRC)/printaddr.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printaddr.c -o $@
$(DEST)/printaps.o: $(LIBSRC)/printaps.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printaps.c -o $@
$(DEST)/printbuf.o: $(LIBSRC)/printbuf.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printbuf.c -o $@
$(DEST)/printdstlist.o: $(LIBSRC)/printdstlist.c $(INCDEP) $(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlist.c -o $@
$(DEST)/printdstlistdata.o: $(LIBSRC)/printdstlistdata.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlistdata.c -o $@
$(DEST)/printdstlistnode.o: $(LIBSRC)/printdstlistnode.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlistnode.c -o $@
$(DEST)/printdstlistpolicy.o: $(LIBSRC)/printdstlistpolicy.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlistpolicy.c -o $@
$(DEST)/printfieldhdr.o: $(LIBSRC)/printfieldhdr.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printfieldhdr.c -o $@
$(DEST)/printfr.o: $(LIBSRC)/printfr.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printfr.c -o $@
$(DEST)/printfraginfo.o: $(LIBSRC)/printfraginfo.c $(TOP)/ip_fil.h \
$(TOP)/ip_frag.h
$(CC) $(CCARGS) -c $(LIBSRC)/printfraginfo.c -o $@
$(DEST)/printhash.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhash.c -o $@
$(DEST)/printhashdata.o: $(LIBSRC)/printhashdata.c $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhashdata.c -o $@
$(DEST)/printhashnode.o: $(LIBSRC)/printhashnode.c $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhashnode.c -o $@
$(DEST)/printhash_live.o: $(LIBSRC)/printhash_live.c $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhash_live.c -o $@
$(DEST)/printdstl_live.o: $(LIBSRC)/printdstl_live.c $(TOP)/ip_fil.h \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstl_live.c -o $@
$(DEST)/printip.o: $(LIBSRC)/printip.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printip.c -o $@
$(DEST)/printipfexpr.o: $(LIBSRC)/printipfexpr.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printipfexpr.c -o $@
$(DEST)/printlookup.o: $(LIBSRC)/printlookup.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printlookup.c -o $@
$(DEST)/printnataddr.o: $(LIBSRC)/printnataddr.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnataddr.c -o $@
$(DEST)/printnatside.o: $(LIBSRC)/printnatside.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnatside.c -o $@
$(DEST)/printpool.o: $(LIBSRC)/printpool.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpool.c -o $@
$(DEST)/printpooldata.o: $(LIBSRC)/printpooldata.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpooldata.c -o $@
$(DEST)/printpoolfield.o: $(LIBSRC)/printpoolfield.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpoolfield.c -o $@
$(DEST)/printpoolnode.o: $(LIBSRC)/printpoolnode.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpoolnode.c -o $@
$(DEST)/printpool_live.o: $(LIBSRC)/printpool_live.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpool_live.c -o $@
$(DEST)/printproto.o: $(LIBSRC)/printproto.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printproto.c -o $@
$(DEST)/printhost.o: $(LIBSRC)/printhost.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhost.c -o $@
$(DEST)/printhostmap.o: $(LIBSRC)/printhostmap.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhostmap.c -o $@
$(DEST)/printifname.o: $(LIBSRC)/printifname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printifname.c -o $@
$(DEST)/printmask.o: $(LIBSRC)/printmask.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printmask.c -o $@
$(DEST)/printnat.o: $(LIBSRC)/printnat.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnat.c -o $@
$(DEST)/printnatfield.o: $(LIBSRC)/printnatfield.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnatfield.c -o $@
$(DEST)/printhostmask.o: $(LIBSRC)/printhostmask.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printhostmask.c -o $@
$(DEST)/printlog.o: $(LIBSRC)/printlog.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printlog.c -o $@
$(DEST)/printpacket.o: $(LIBSRC)/printpacket.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printpacket.c -o $@
$(DEST)/printpacket6.o: $(LIBSRC)/printpacket6.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printpacket6.c -o $@
$(DEST)/printportcmp.o: $(LIBSRC)/printportcmp.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printportcmp.c -o $@
$(DEST)/printsbuf.o: $(LIBSRC)/printsbuf.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printsbuf.c -o $@
$(DEST)/printstate.o: $(LIBSRC)/printstate.c $(INCDEP) $(TOP)/ip_state.h
$(CC) $(CCARGS) -c $(LIBSRC)/printstate.c -o $@
$(DEST)/printstatefields.o: $(LIBSRC)/printstatefields.c $(INCDEP) $(TOP)/ip_state.h
$(CC) $(CCARGS) -c $(LIBSRC)/printstatefields.c -o $@
$(DEST)/printtcpflags.o: $(LIBSRC)/printtcpflags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printtcpflags.c -o $@
$(DEST)/printtqtable.o: $(LIBSRC)/printtqtable.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printtqtable.c -o $@
$(DEST)/printtunable.o: $(LIBSRC)/printtunable.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printtunable.c -o $@
$(DEST)/printunit.o: $(LIBSRC)/printunit.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printunit.c -o $@
$(DEST)/remove_hash.o: $(LIBSRC)/remove_hash.c $(INCDEP) \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/remove_hash.c -o $@
$(DEST)/remove_hashnode.o: $(LIBSRC)/remove_hashnode.c $(INCDEP) \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/remove_hashnode.c -o $@
$(DEST)/remove_pool.o: $(LIBSRC)/remove_pool.c $(INCDEP) \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/remove_pool.c -o $@
$(DEST)/remove_poolnode.o: $(LIBSRC)/remove_poolnode.c $(INCDEP) \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/remove_poolnode.c -o $@
$(DEST)/resetlexer.o: $(LIBSRC)/resetlexer.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/resetlexer.c -o $@
$(DEST)/rwlock_emul.o: $(LIBSRC)/rwlock_emul.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/rwlock_emul.c -o $@
$(DEST)/tcpflags.o: $(LIBSRC)/tcpflags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/tcpflags.c -o $@
$(DEST)/tcp_flags.o: $(LIBSRC)/tcp_flags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/tcp_flags.c -o $@
$(DEST)/var.o: $(LIBSRC)/var.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/var.c -o $@
$(DEST)/verbose.o: $(LIBSRC)/verbose.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/verbose.c -o $@
$(DEST)/save_execute.o: $(LIBSRC)/save_execute.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_execute.c -o $@
$(DEST)/save_file.o: $(LIBSRC)/save_file.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_file.c -o $@
$(DEST)/save_nothing.o: $(LIBSRC)/save_nothing.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_nothing.c -o $@
$(DEST)/save_syslog.o: $(LIBSRC)/save_syslog.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_syslog.c -o $@
$(DEST)/vtof.o: $(LIBSRC)/vtof.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/vtof.c -o $@
$(DEST)/save_v1trap.o: $(LIBSRC)/save_v1trap.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_v1trap.c -o $@
$(DEST)/save_v2trap.o: $(LIBSRC)/save_v2trap.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_v2trap.c -o $@
$(DEST)/v6ionames.o: $(LIBSRC)/v6ionames.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/v6ionames.c -o $@
$(DEST)/v6optvalue.o: $(LIBSRC)/v6optvalue.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/v6optvalue.c -o $@
clean-lib:
/bin/rm -f ${LIBOBJS} ${LIB}

31
contrib/ipfilter/man/Makefile
View File

@ -1,31 +0,0 @@
#
# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
# $FreeBSD$
#
all:
install:
$(INSTALL) -m 0644 -c -o root -g bin mkfilters.1 $(MANDIR)/man1
$(INSTALL) -m 0644 -c -o root -g bin ipftest.1 $(MANDIR)/man1
$(INSTALL) -m 0644 -c -o root -g bin ipnat.8 $(MANDIR)/man8
$(INSTALL) -m 0644 -c -o root -g bin ipf.4 $(MANDIR)/man4
$(INSTALL) -m 0644 -c -o root -g bin ipfilter.4 $(MANDIR)/man4
$(INSTALL) -m 0644 -c -o root -g bin ipl.4 $(MANDIR)/man4
$(INSTALL) -m 0644 -c -o root -g bin ipnat.4 $(MANDIR)/man4
$(INSTALL) -m 0644 -c -o root -g bin ipf.5 $(MANDIR)/man5
$(INSTALL) -m 0644 -c -o root -g bin ipfilter.5 $(MANDIR)/man5
$(INSTALL) -m 0644 -c -o root -g bin ipnat.5 $(MANDIR)/man5
$(INSTALL) -m 0644 -c -o root -g bin ipf.8 $(MANDIR)/man8
$(INSTALL) -m 0644 -c -o root -g bin ipfs.8 $(MANDIR)/man8
$(INSTALL) -m 0644 -c -o root -g bin ipmon.8 $(MANDIR)/man8
$(INSTALL) -m 0644 -c -o root -g bin ipmon.5 $(MANDIR)/man5
$(INSTALL) -m 0644 -c -o root -g bin ippool.8 $(MANDIR)/man8
$(INSTALL) -m 0644 -c -o root -g bin ippool.5 $(MANDIR)/man5
$(INSTALL) -m 0644 -c -o root -g bin ipscan.8 $(MANDIR)/man8
$(INSTALL) -m 0644 -c -o root -g bin ipscan.5 $(MANDIR)/man5
$(INSTALL) -m 0644 -c -o root -g bin ipfstat.8 $(MANDIR)/man8
@echo "Remember to rebuild the whatis database."

267
contrib/ipfilter/man/ipfilter.4.mandoc
View File

@ -1,267 +0,0 @@
.Dd December 8, 2000
.Dt IP\ FILTER 4
.Os
.Sh NAME
.Nm IP Filter
.Nd Introduction to IP packet filtering
.Sh DESCRIPTION
IP Filter is a TCP/IP packet filter, suitable for use in a firewall
environment. To use, it can either be used as a loadable kernel module or
incorporated into your UNIX kernel; use as a loadable kernel module where
possible is highly recommended. Scripts are provided to install and patch
system files, as required.
.Sh FEATURES
The IP packet filter can:
.Bl -bullet -offset indent -compact
.It
explicitly deny/permit any packet from passing through
.It
distinguish between various interfaces
.It
filter by IP networks or hosts
.It
selectively filter any IP protocol
.It
selectively filter fragmented IP packets
.It
selectively filter packets with IP options
.It
send back an ICMP error/TCP reset for blocked packets
.It
keep packet state information for TCP, UDP and ICMP packet flows
.It
keep fragment state information for any IP packet, applying the same rule
to all fragments.
.It
act as a Network Address Translator (NAT)
.It
use redirection to setup true transparent proxy connections
.It
provide packet header details to a user program for authentication
.It
in addition, supports temporary storage of pre-authenticated rules for passing packets through
.El
.Pp
Special provision is made for the three most common Internet protocols, TCP,
UDP and ICMP. The IP Packet filter allows filtering of:
.Bl -bullet -offset indent -compact
.It
Inverted host/net matchingTCP/UDP packets by port number or a port number
range
.It
ICMP packets by type/code
.It
"established" TCP packets
.It
On any arbitrary combination of TCP flags
.It
"short" (fragmented) IP packets with incomplete headers can be filtered
.It
any of the 19 IP options or 8 registered IP security classes TOS (Type of
Service) field in packets
.El
.Pp
To keep track of the performance of the IP packet filter, a logging device
is used which supports logging of:
.Bl -bullet -offset indent -compact
.It
the TCP/UDP/ICMP and IP packet headers
.It
the first 128 bytes of the packet (including headers)
.El
.Pp
A packet can be logged when:
.Bl -bullet -offset indent -compact
.It
it is successfully passed through
.It
it is blocked from passing through
.It
it matches a rule setup to look for suspicious packets
.El
.Pp
IP Filter keeps its own set of statistics on:
.Bl -bullet -offset indent -compact
.It
packets blocked
.It
packets (and bytes!) used for accounting
.It
packets passed
.li
packets logged
.It
attempts to log which failed (buffer full)
.El
and much more, for packets going both in and out.
.Sh Tools
The current implementation provides a small set of tools, which can easily
be used and integrated with regular unix shells and tools. A brief description
of the tools provided:
.Pp
.Xr ipf 8
reads in a set of rules, from either stdin or a file, and adds them to
the kernels current list (appending them). It can also be used to flush the
current filter set or delete individual filter rules. The file format is
described in
.Xr ipf 5 .
.Pp
.Xr ipfs 8
is a utility to temporarily lock the IP Filter kernel tables (state tables
and NAT mappings) and write them to disk. After that the system can be
rebooted, and ipfs can be used to read these tables from disk and restore
them into the kernel. This way the system can be rebooted without the
connections being terminated.
.Pp
.Xr ipfstat 8
interrogates the kernel for statistics on packet filtering, so
far, and retrieves the list of filters in operation for inbound and outbound
packets.
.Pp
.Xr ipftest 1
reads in a filter rule file and then applies sample IP packets to
the rule file. This allows for testing of filter list and examination of how
a packet is passed along through it.
.Pp
.Xr ipmon 8
reads buffered data from the logging device (default is /dev/ipl)
for output to either:
.Bl -bullet -offset indent -compact
.It
screen (standard output)
.It
file
.It
syslog
.El
.Pp
.Xr ipsend 1
generates arbitary IP packets for ethernet connected machines.
.Pp
.Xr ipresend 1
reads in a data file of saved IP packets (ie
snoop/tcpdump/etherfind output) and sends it back across the network.
.Pp
.Xr iptest 1
contains a set of test "programs" which send out a series of IP
packets, aimed at testing the strength of the TCP/IP stack at which it is
aimed at. WARNING: this may crash machine(s) targeted!
.Pp
.Xr ipnat 8
reads in a set of rules, from either stdin or a file and adds them
to the kernels current list of active NAT rules. NAT rules can also be
deleted using ipnat. The format of the configuration file to be used
with ipnat is described in
.Xr ipnat 5 .
.Pp
For use in your own programs (e.g. for writing of transparent application
proxies), the programming interface and the associated ioctl's are
documented in
.Xr ipf 4 .
Documentation on ioctl's and the format of data saved
to the logging character device is provided in
.Xr ipl 4
so that you may develop your own applications to work with or in place of any
of the above.
Similar, the interface to the NAT code is documented in
.Xr ipnat 4 .
.Sh PACKET PROCESSING FLOW
The following diagram illustrates the flow of TCP/IP packets through the
various stages introduced by IP Filter.
.Pp
.nf
IN
|
V
+-------------------------+--------------------------+
| | |
| V |
| Network Address Translation |
| | |
| authenticated | |
| +-------<---------+ |
| | | |
| | V |
| V IP Accounting |
| | | |
| | V |
| | Fragment Cache Check--+ |
| | | | |
| V V V |
| | Packet State Check-->+ |
| | | | |
| | +->--+ | | |
| | | | V | |
| V groups IP Filtering V |
| | | | | | |
| | +--<-+ | | |
| | | | |
| +---------------->|<-----------+ |
| | |
| V |
| +---<----+ |
| | | |
| function | |
| | V |
| +--->----+ |
| | |
| V |
+--|---<--- fast-route ---<--+ |
| | | |
| | V |
| +-------------------------+--------------------------+
| |
| pass only
| |
| V
V [KERNEL TCP/IP Processing]
| |
| +-------------------------+--------------------------+
| | | |
| | V |
| | Fragment Cache Check--+ |
| | | | |
| | V V |
| | Packet State Check-->+ |
| | | | |
| | V | |
V | IP Filtering | |
| | | V |
| | |<-----------+ |
| | V |
| | IP Accounting |
| | | |
| | V |
| | Network Address Translation |
| | | |
| | V |
| +-------------------------+--------------------------+
| |
| pass only
V |
+--------------------------->|
V
OUT
.fi
.Sh MORE INFORMATION
More information (including pointers to the FAQ and the mailing list) can be
obtained from the sofware's official homepage: www.ipfilter.org
.Sh SEE ALSO
.Xr ipf 4 ,
.Xr ipf 5 ,
.Xr ipf 8 ,
.Xr ipfilter 5 ,
.Xr ipfs 8 ,
.Xr ipfstat 8 ,
.Xr ipftest 1 ,
.Xr ipl 4 ,
.Xr ipmon 8 ,
.Xr ipnat 4 ,
.Xr ipnat 8 ,

1
contrib/ipfilter/opt_inet6.h
View File

@ -1 +0,0 @@
#define INET6

47
contrib/ipfilter/snoop.h
View File

@ -1,47 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifndef __SNOOP_H__
#define __SNOOP_H__
/*
* written to comply with the RFC (1761) from Sun.
* $Id$
*/
struct snoophdr {
char s_id[8];
int s_v;
int s_type;
};
#define SNOOP_VERSION 2
#define SDL_8023 0
#define SDL_8024 1
#define SDL_8025 2
#define SDL_8026 3
#define SDL_ETHER 4
#define SDL_HDLC 5
#define SDL_CHSYNC 6
#define SDL_IBMCC 7
#define SDL_FDDI 8
#define SDL_OTHER 9
#define SDL_MAX 9
struct snooppkt {
int sp_olen;
int sp_ilen;
int sp_plen;
int sp_drop;
int sp_sec;
int sp_usec;
};
#endif /* __SNOOP_H__ */

750
contrib/ipfilter/sys/tree.h
View File

@ -1,750 +0,0 @@
/* $NetBSD: tree.h,v 1.8 2004/03/28 19:38:30 provos Exp $ */
/* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */
/* $FreeBSD: src/sys/sys/tree.h,v 1.7 2007/12/28 07:03:26 jasone Exp $ */
/*-
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _SYS_TREE_H_
#define _SYS_TREE_H_
/*
* This file defines data structures for different types of trees:
* splay trees and red-black trees.
*
* A splay tree is a self-organizing data structure. Every operation
* on the tree causes a splay to happen. The splay moves the requested
* node to the root of the tree and partly rebalances it.
*
* This has the benefit that request locality causes faster lookups as
* the requested nodes move to the top of the tree. On the other hand,
* every lookup causes memory writes.
*
* The Balance Theorem bounds the total access time for m operations
* and n inserts on an initially empty tree as O((m + n)lg n). The
* amortized cost for a sequence of m accesses to a splay tree is O(lg n);
*
* A red-black tree is a binary search tree with the node color as an
* extra attribute. It fulfills a set of conditions:
* - every search path from the root to a leaf consists of the
* same number of black nodes,
* - each red node (except for the root) has a black parent,
* - each leaf node is black.
*
* Every operation on a red-black tree is bounded as O(lg n).
* The maximum height of a red-black tree is 2lg (n+1).
*/
#define SPLAY_HEAD(name, type) \
struct name { \
struct type *sph_root; /* root of the tree */ \
}
#define SPLAY_INITIALIZER(root) \
{ NULL }
#define SPLAY_INIT(root) do { \
(root)->sph_root = NULL; \
} while (/*CONSTCOND*/ 0)
#define SPLAY_ENTRY(type) \
struct { \
struct type *spe_left; /* left element */ \
struct type *spe_right; /* right element */ \
}
#define SPLAY_LEFT(elm, field) (elm)->field.spe_left
#define SPLAY_RIGHT(elm, field) (elm)->field.spe_right
#define SPLAY_ROOT(head) (head)->sph_root
#define SPLAY_EMPTY(head) (SPLAY_ROOT(head) == NULL)
/* SPLAY_ROTATE_{LEFT,RIGHT} expect that tmp hold SPLAY_{RIGHT,LEFT} */
#define SPLAY_ROTATE_RIGHT(head, tmp, field) do { \
SPLAY_LEFT((head)->sph_root, field) = SPLAY_RIGHT(tmp, field); \
SPLAY_RIGHT(tmp, field) = (head)->sph_root; \
(head)->sph_root = tmp; \
} while (/*CONSTCOND*/ 0)
#define SPLAY_ROTATE_LEFT(head, tmp, field) do { \
SPLAY_RIGHT((head)->sph_root, field) = SPLAY_LEFT(tmp, field); \
SPLAY_LEFT(tmp, field) = (head)->sph_root; \
(head)->sph_root = tmp; \
} while (/*CONSTCOND*/ 0)
#define SPLAY_LINKLEFT(head, tmp, field) do { \
SPLAY_LEFT(tmp, field) = (head)->sph_root; \
tmp = (head)->sph_root; \
(head)->sph_root = SPLAY_LEFT((head)->sph_root, field); \
} while (/*CONSTCOND*/ 0)
#define SPLAY_LINKRIGHT(head, tmp, field) do { \
SPLAY_RIGHT(tmp, field) = (head)->sph_root; \
tmp = (head)->sph_root; \
(head)->sph_root = SPLAY_RIGHT((head)->sph_root, field); \
} while (/*CONSTCOND*/ 0)
#define SPLAY_ASSEMBLE(head, node, left, right, field) do { \
SPLAY_RIGHT(left, field) = SPLAY_LEFT((head)->sph_root, field); \
SPLAY_LEFT(right, field) = SPLAY_RIGHT((head)->sph_root, field);\
SPLAY_LEFT((head)->sph_root, field) = SPLAY_RIGHT(node, field); \
SPLAY_RIGHT((head)->sph_root, field) = SPLAY_LEFT(node, field); \
} while (/*CONSTCOND*/ 0)
/* Generates prototypes and inline functions */
#define SPLAY_PROTOTYPE(name, type, field, cmp) \
void name##_SPLAY(struct name *, struct type *); \
void name##_SPLAY_MINMAX(struct name *, int); \
struct type *name##_SPLAY_INSERT(struct name *, struct type *); \
struct type *name##_SPLAY_REMOVE(struct name *, struct type *); \
\
/* Finds the node with the same key as elm */ \
static __inline struct type * \
name##_SPLAY_FIND(struct name *head, struct type *elm) \
{ \
if (SPLAY_EMPTY(head)) \
return(NULL); \
name##_SPLAY(head, elm); \
if ((cmp)(elm, (head)->sph_root) == 0) \
return (head->sph_root); \
return (NULL); \
} \
\
static __inline struct type * \
name##_SPLAY_NEXT(struct name *head, struct type *elm) \
{ \
name##_SPLAY(head, elm); \
if (SPLAY_RIGHT(elm, field) != NULL) { \
elm = SPLAY_RIGHT(elm, field); \
while (SPLAY_LEFT(elm, field) != NULL) { \
elm = SPLAY_LEFT(elm, field); \
} \
} else \
elm = NULL; \
return (elm); \
} \
\
static __inline struct type * \
name##_SPLAY_MIN_MAX(struct name *head, int val) \
{ \
name##_SPLAY_MINMAX(head, val); \
return (SPLAY_ROOT(head)); \
}
/* Main splay operation.
* Moves node close to the key of elm to top
*/
#define SPLAY_GENERATE(name, type, field, cmp) \
struct type * \
name##_SPLAY_INSERT(struct name *head, struct type *elm) \
{ \
if (SPLAY_EMPTY(head)) { \
SPLAY_LEFT(elm, field) = SPLAY_RIGHT(elm, field) = NULL; \
} else { \
int __comp; \
name##_SPLAY(head, elm); \
__comp = (cmp)(elm, (head)->sph_root); \
if(__comp < 0) { \
SPLAY_LEFT(elm, field) = SPLAY_LEFT((head)->sph_root, field);\
SPLAY_RIGHT(elm, field) = (head)->sph_root; \
SPLAY_LEFT((head)->sph_root, field) = NULL; \
} else if (__comp > 0) { \
SPLAY_RIGHT(elm, field) = SPLAY_RIGHT((head)->sph_root, field);\
SPLAY_LEFT(elm, field) = (head)->sph_root; \
SPLAY_RIGHT((head)->sph_root, field) = NULL; \
} else \
return ((head)->sph_root); \
} \
(head)->sph_root = (elm); \
return (NULL); \
} \
\
struct type * \
name##_SPLAY_REMOVE(struct name *head, struct type *elm) \
{ \
struct type *__tmp; \
if (SPLAY_EMPTY(head)) \
return (NULL); \
name##_SPLAY(head, elm); \
if ((cmp)(elm, (head)->sph_root) == 0) { \
if (SPLAY_LEFT((head)->sph_root, field) == NULL) { \
(head)->sph_root = SPLAY_RIGHT((head)->sph_root, field);\
} else { \
__tmp = SPLAY_RIGHT((head)->sph_root, field); \
(head)->sph_root = SPLAY_LEFT((head)->sph_root, field);\
name##_SPLAY(head, elm); \
SPLAY_RIGHT((head)->sph_root, field) = __tmp; \
} \
return (elm); \
} \
return (NULL); \
} \
\
void \
name##_SPLAY(struct name *head, struct type *elm) \
{ \
struct type __node, *__left, *__right, *__tmp; \
int __comp; \
\
SPLAY_LEFT(&__node, field) = SPLAY_RIGHT(&__node, field) = NULL;\
__left = __right = &__node; \
\
while ((__comp = (cmp)(elm, (head)->sph_root)) != 0) { \
if (__comp < 0) { \
__tmp = SPLAY_LEFT((head)->sph_root, field); \
if (__tmp == NULL) \
break; \
if ((cmp)(elm, __tmp) < 0){ \
SPLAY_ROTATE_RIGHT(head, __tmp, field); \
if (SPLAY_LEFT((head)->sph_root, field) == NULL)\
break; \
} \
SPLAY_LINKLEFT(head, __right, field); \
} else if (__comp > 0) { \
__tmp = SPLAY_RIGHT((head)->sph_root, field); \
if (__tmp == NULL) \
break; \
if ((cmp)(elm, __tmp) > 0){ \
SPLAY_ROTATE_LEFT(head, __tmp, field); \
if (SPLAY_RIGHT((head)->sph_root, field) == NULL)\
break; \
} \
SPLAY_LINKRIGHT(head, __left, field); \
} \
} \
SPLAY_ASSEMBLE(head, &__node, __left, __right, field); \
} \
\
/* Splay with either the minimum or the maximum element \
* Used to find minimum or maximum element in tree. \
*/ \
void name##_SPLAY_MINMAX(struct name *head, int __comp) \
{ \
struct type __node, *__left, *__right, *__tmp; \
\
SPLAY_LEFT(&__node, field) = SPLAY_RIGHT(&__node, field) = NULL;\
__left = __right = &__node; \
\
while (1) { \
if (__comp < 0) { \
__tmp = SPLAY_LEFT((head)->sph_root, field); \
if (__tmp == NULL) \
break; \
if (__comp < 0){ \
SPLAY_ROTATE_RIGHT(head, __tmp, field); \
if (SPLAY_LEFT((head)->sph_root, field) == NULL)\
break; \
} \
SPLAY_LINKLEFT(head, __right, field); \
} else if (__comp > 0) { \
__tmp = SPLAY_RIGHT((head)->sph_root, field); \
if (__tmp == NULL) \
break; \
if (__comp > 0) { \
SPLAY_ROTATE_LEFT(head, __tmp, field); \
if (SPLAY_RIGHT((head)->sph_root, field) == NULL)\
break; \
} \
SPLAY_LINKRIGHT(head, __left, field); \
} \
} \
SPLAY_ASSEMBLE(head, &__node, __left, __right, field); \
}
#define SPLAY_NEGINF -1
#define SPLAY_INF 1
#define SPLAY_INSERT(name, x, y) name##_SPLAY_INSERT(x, y)
#define SPLAY_REMOVE(name, x, y) name##_SPLAY_REMOVE(x, y)
#define SPLAY_FIND(name, x, y) name##_SPLAY_FIND(x, y)
#define SPLAY_NEXT(name, x, y) name##_SPLAY_NEXT(x, y)
#define SPLAY_MIN(name, x) (SPLAY_EMPTY(x) ? NULL \
: name##_SPLAY_MIN_MAX(x, SPLAY_NEGINF))
#define SPLAY_MAX(name, x) (SPLAY_EMPTY(x) ? NULL \
: name##_SPLAY_MIN_MAX(x, SPLAY_INF))
#define SPLAY_FOREACH(x, name, head) \
for ((x) = SPLAY_MIN(name, head); \
(x) != NULL; \
(x) = SPLAY_NEXT(name, head, x))
/* Macros that define a red-black tree */
#define RB_HEAD(name, type) \
struct name { \
struct type *rbh_root; /* root of the tree */ \
}
#define RB_INITIALIZER(root) \
{ NULL }
#define RB_INIT(root) do { \
(root)->rbh_root = NULL; \
} while (/*CONSTCOND*/ 0)
/*
* Undef for Linux
*/
#undef RB_BLACK
#undef RB_RED
#undef RB_ROOT
#define RB_BLACK 0
#define RB_RED 1
#define RB_ENTRY(type) \
struct { \
struct type *rbe_left; /* left element */ \
struct type *rbe_right; /* right element */ \
struct type *rbe_parent; /* parent element */ \
int rbe_color; /* node color */ \
}
#define RB_LEFT(elm, field) (elm)->field.rbe_left
#define RB_RIGHT(elm, field) (elm)->field.rbe_right
#define RB_PARENT(elm, field) (elm)->field.rbe_parent
#define RB_COLOR(elm, field) (elm)->field.rbe_color
#define RB_ROOT(head) (head)->rbh_root
#define RB_EMPTY(head) (RB_ROOT(head) == NULL)
#define RB_SET(elm, parent, field) do { \
RB_PARENT(elm, field) = parent; \
RB_LEFT(elm, field) = RB_RIGHT(elm, field) = NULL; \
RB_COLOR(elm, field) = RB_RED; \
} while (/*CONSTCOND*/ 0)
#define RB_SET_BLACKRED(black, red, field) do { \
RB_COLOR(black, field) = RB_BLACK; \
RB_COLOR(red, field) = RB_RED; \
} while (/*CONSTCOND*/ 0)
#ifndef RB_AUGMENT
#define RB_AUGMENT(x) do {} while (0)
#endif
#define RB_ROTATE_LEFT(head, elm, tmp, field) do { \
(tmp) = RB_RIGHT(elm, field); \
if ((RB_RIGHT(elm, field) = RB_LEFT(tmp, field)) != NULL) { \
RB_PARENT(RB_LEFT(tmp, field), field) = (elm); \
} \
RB_AUGMENT(elm); \
if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field)) != NULL) { \
if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \
RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
else \
RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
} else \
(head)->rbh_root = (tmp); \
RB_LEFT(tmp, field) = (elm); \
RB_PARENT(elm, field) = (tmp); \
RB_AUGMENT(tmp); \
if ((RB_PARENT(tmp, field))) \
RB_AUGMENT(RB_PARENT(tmp, field)); \
} while (/*CONSTCOND*/ 0)
#define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \
(tmp) = RB_LEFT(elm, field); \
if ((RB_LEFT(elm, field) = RB_RIGHT(tmp, field)) != NULL) { \
RB_PARENT(RB_RIGHT(tmp, field), field) = (elm); \
} \
RB_AUGMENT(elm); \
if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field)) != NULL) { \
if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \
RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
else \
RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
} else \
(head)->rbh_root = (tmp); \
RB_RIGHT(tmp, field) = (elm); \
RB_PARENT(elm, field) = (tmp); \
RB_AUGMENT(tmp); \
if ((RB_PARENT(tmp, field))) \
RB_AUGMENT(RB_PARENT(tmp, field)); \
} while (/*CONSTCOND*/ 0)
/* Generates prototypes and inline functions */
#define RB_PROTOTYPE(name, type, field, cmp) \
RB_PROTOTYPE_INTERNAL(name, type, field, cmp,)
#define RB_PROTOTYPE_STATIC(name, type, field, cmp) \
RB_PROTOTYPE_INTERNAL(name, type, field, cmp, __unused static)
#define RB_PROTOTYPE_INTERNAL(name, type, field, cmp, attr) \
attr void name##_RB_INSERT_COLOR(struct name *, struct type *); \
attr void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\
attr struct type *name##_RB_REMOVE(struct name *, struct type *); \
attr struct type *name##_RB_INSERT(struct name *, struct type *); \
attr struct type *name##_RB_FIND(struct name *, struct type *); \
attr struct type *name##_RB_NFIND(struct name *, struct type *); \
attr struct type *name##_RB_NEXT(struct type *); \
attr struct type *name##_RB_PREV(struct type *); \
attr struct type *name##_RB_MINMAX(struct name *, int); \
\
/* Main rb operation.
* Moves node close to the key of elm to top
*/
#define RB_GENERATE(name, type, field, cmp) \
RB_GENERATE_INTERNAL(name, type, field, cmp,)
#define RB_GENERATE_STATIC(name, type, field, cmp) \
RB_GENERATE_INTERNAL(name, type, field, cmp, __unused static)
#define RB_GENERATE_INTERNAL(name, type, field, cmp, attr) \
attr void \
name##_RB_INSERT_COLOR(struct name *head, struct type *elm) \
{ \
struct type *parent, *gparent, *tmp; \
while ((parent = RB_PARENT(elm, field)) != NULL && \
RB_COLOR(parent, field) == RB_RED) { \
gparent = RB_PARENT(parent, field); \
if (parent == RB_LEFT(gparent, field)) { \
tmp = RB_RIGHT(gparent, field); \
if (tmp && RB_COLOR(tmp, field) == RB_RED) { \
RB_COLOR(tmp, field) = RB_BLACK; \
RB_SET_BLACKRED(parent, gparent, field);\
elm = gparent; \
continue; \
} \
if (RB_RIGHT(parent, field) == elm) { \
RB_ROTATE_LEFT(head, parent, tmp, field);\
tmp = parent; \
parent = elm; \
elm = tmp; \
} \
RB_SET_BLACKRED(parent, gparent, field); \
RB_ROTATE_RIGHT(head, gparent, tmp, field); \
} else { \
tmp = RB_LEFT(gparent, field); \
if (tmp && RB_COLOR(tmp, field) == RB_RED) { \
RB_COLOR(tmp, field) = RB_BLACK; \
RB_SET_BLACKRED(parent, gparent, field);\
elm = gparent; \
continue; \
} \
if (RB_LEFT(parent, field) == elm) { \
RB_ROTATE_RIGHT(head, parent, tmp, field);\
tmp = parent; \
parent = elm; \
elm = tmp; \
} \
RB_SET_BLACKRED(parent, gparent, field); \
RB_ROTATE_LEFT(head, gparent, tmp, field); \
} \
} \
RB_COLOR(head->rbh_root, field) = RB_BLACK; \
} \
\
attr void \
name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm) \
{ \
struct type *tmp; \
while ((elm == NULL || RB_COLOR(elm, field) == RB_BLACK) && \
elm != RB_ROOT(head)) { \
if (RB_LEFT(parent, field) == elm) { \
tmp = RB_RIGHT(parent, field); \
if (RB_COLOR(tmp, field) == RB_RED) { \
RB_SET_BLACKRED(tmp, parent, field); \
RB_ROTATE_LEFT(head, parent, tmp, field);\
tmp = RB_RIGHT(parent, field); \
} \
if ((RB_LEFT(tmp, field) == NULL || \
RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\
(RB_RIGHT(tmp, field) == NULL || \
RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\
RB_COLOR(tmp, field) = RB_RED; \
elm = parent; \
parent = RB_PARENT(elm, field); \
} else { \
if (RB_RIGHT(tmp, field) == NULL || \
RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK) {\
struct type *oleft; \
if ((oleft = RB_LEFT(tmp, field)) \
!= NULL) \
RB_COLOR(oleft, field) = RB_BLACK;\
RB_COLOR(tmp, field) = RB_RED; \
RB_ROTATE_RIGHT(head, tmp, oleft, field);\
tmp = RB_RIGHT(parent, field); \
} \
RB_COLOR(tmp, field) = RB_COLOR(parent, field);\
RB_COLOR(parent, field) = RB_BLACK; \
if (RB_RIGHT(tmp, field)) \
RB_COLOR(RB_RIGHT(tmp, field), field) = RB_BLACK;\
RB_ROTATE_LEFT(head, parent, tmp, field);\
elm = RB_ROOT(head); \
break; \
} \
} else { \
tmp = RB_LEFT(parent, field); \
if (RB_COLOR(tmp, field) == RB_RED) { \
RB_SET_BLACKRED(tmp, parent, field); \
RB_ROTATE_RIGHT(head, parent, tmp, field);\
tmp = RB_LEFT(parent, field); \
} \
if ((RB_LEFT(tmp, field) == NULL || \
RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\
(RB_RIGHT(tmp, field) == NULL || \
RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\
RB_COLOR(tmp, field) = RB_RED; \
elm = parent; \
parent = RB_PARENT(elm, field); \
} else { \
if (RB_LEFT(tmp, field) == NULL || \
RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) {\
struct type *oright; \
if ((oright = RB_RIGHT(tmp, field)) \
!= NULL) \
RB_COLOR(oright, field) = RB_BLACK;\
RB_COLOR(tmp, field) = RB_RED; \
RB_ROTATE_LEFT(head, tmp, oright, field);\
tmp = RB_LEFT(parent, field); \
} \
RB_COLOR(tmp, field) = RB_COLOR(parent, field);\
RB_COLOR(parent, field) = RB_BLACK; \
if (RB_LEFT(tmp, field)) \
RB_COLOR(RB_LEFT(tmp, field), field) = RB_BLACK;\
RB_ROTATE_RIGHT(head, parent, tmp, field);\
elm = RB_ROOT(head); \
break; \
} \
} \
} \
if (elm) \
RB_COLOR(elm, field) = RB_BLACK; \
} \
\
attr struct type * \
name##_RB_REMOVE(struct name *head, struct type *elm) \
{ \
struct type *child, *parent, *old = elm; \
int color; \
if (RB_LEFT(elm, field) == NULL) \
child = RB_RIGHT(elm, field); \
else if (RB_RIGHT(elm, field) == NULL) \
child = RB_LEFT(elm, field); \
else { \
struct type *left; \
elm = RB_RIGHT(elm, field); \
while ((left = RB_LEFT(elm, field)) != NULL) \
elm = left; \
child = RB_RIGHT(elm, field); \
parent = RB_PARENT(elm, field); \
color = RB_COLOR(elm, field); \
if (child) \
RB_PARENT(child, field) = parent; \
if (parent) { \
if (RB_LEFT(parent, field) == elm) \
RB_LEFT(parent, field) = child; \
else \
RB_RIGHT(parent, field) = child; \
RB_AUGMENT(parent); \
} else \
RB_ROOT(head) = child; \
if (RB_PARENT(elm, field) == old) \
parent = elm; \
(elm)->field = (old)->field; \
if (RB_PARENT(old, field)) { \
if (RB_LEFT(RB_PARENT(old, field), field) == old)\
RB_LEFT(RB_PARENT(old, field), field) = elm;\
else \
RB_RIGHT(RB_PARENT(old, field), field) = elm;\
RB_AUGMENT(RB_PARENT(old, field)); \
} else \
RB_ROOT(head) = elm; \
RB_PARENT(RB_LEFT(old, field), field) = elm; \
if (RB_RIGHT(old, field)) \
RB_PARENT(RB_RIGHT(old, field), field) = elm; \
if (parent) { \
left = parent; \
do { \
RB_AUGMENT(left); \
} while ((left = RB_PARENT(left, field)) != NULL); \
} \
goto color; \
} \
parent = RB_PARENT(elm, field); \
color = RB_COLOR(elm, field); \
if (child) \
RB_PARENT(child, field) = parent; \
if (parent) { \
if (RB_LEFT(parent, field) == elm) \
RB_LEFT(parent, field) = child; \
else \
RB_RIGHT(parent, field) = child; \
RB_AUGMENT(parent); \
} else \
RB_ROOT(head) = child; \
color: \
if (color == RB_BLACK) \
name##_RB_REMOVE_COLOR(head, parent, child); \
return (old); \
} \
\
/* Inserts a node into the RB tree */ \
attr struct type * \
name##_RB_INSERT(struct name *head, struct type *elm) \
{ \
struct type *tmp; \
struct type *parent = NULL; \
int comp = 0; \
tmp = RB_ROOT(head); \
while (tmp) { \
parent = tmp; \
comp = (cmp)(elm, parent); \
if (comp < 0) \
tmp = RB_LEFT(tmp, field); \
else if (comp > 0) \
tmp = RB_RIGHT(tmp, field); \
else \
return (tmp); \
} \
RB_SET(elm, parent, field); \
if (parent != NULL) { \
if (comp < 0) \
RB_LEFT(parent, field) = elm; \
else \
RB_RIGHT(parent, field) = elm; \
RB_AUGMENT(parent); \
} else \
RB_ROOT(head) = elm; \
name##_RB_INSERT_COLOR(head, elm); \
return (NULL); \
} \
\
/* Finds the node with the same key as elm */ \
attr struct type * \
name##_RB_FIND(struct name *head, struct type *elm) \
{ \
struct type *tmp = RB_ROOT(head); \
int comp; \
while (tmp) { \
comp = cmp(elm, tmp); \
if (comp < 0) \
tmp = RB_LEFT(tmp, field); \
else if (comp > 0) \
tmp = RB_RIGHT(tmp, field); \
else \
return (tmp); \
} \
return (NULL); \
} \
\
/* Finds the first node greater than or equal to the search key */ \
attr struct type * \
name##_RB_NFIND(struct name *head, struct type *elm) \
{ \
struct type *tmp = RB_ROOT(head); \
struct type *res = NULL; \
int comp; \
while (tmp) { \
comp = cmp(elm, tmp); \
if (comp < 0) { \
res = tmp; \
tmp = RB_LEFT(tmp, field); \
} \
else if (comp > 0) \
tmp = RB_RIGHT(tmp, field); \
else \
return (tmp); \
} \
return (res); \
} \
\
/* ARGSUSED */ \
attr struct type * \
name##_RB_NEXT(struct type *elm) \
{ \
if (RB_RIGHT(elm, field)) { \
elm = RB_RIGHT(elm, field); \
while (RB_LEFT(elm, field)) \
elm = RB_LEFT(elm, field); \
} else { \
if (RB_PARENT(elm, field) && \
(elm == RB_LEFT(RB_PARENT(elm, field), field))) \
elm = RB_PARENT(elm, field); \
else { \
while (RB_PARENT(elm, field) && \
(elm == RB_RIGHT(RB_PARENT(elm, field), field)))\
elm = RB_PARENT(elm, field); \
elm = RB_PARENT(elm, field); \
} \
} \
return (elm); \
} \
\
/* ARGSUSED */ \
attr struct type * \
name##_RB_PREV(struct type *elm) \
{ \
if (RB_LEFT(elm, field)) { \
elm = RB_LEFT(elm, field); \
while (RB_RIGHT(elm, field)) \
elm = RB_RIGHT(elm, field); \
} else { \
if (RB_PARENT(elm, field) && \
(elm == RB_RIGHT(RB_PARENT(elm, field), field))) \
elm = RB_PARENT(elm, field); \
else { \
while (RB_PARENT(elm, field) && \
(elm == RB_LEFT(RB_PARENT(elm, field), field)))\
elm = RB_PARENT(elm, field); \
elm = RB_PARENT(elm, field); \
} \
} \
return (elm); \
} \
\
attr struct type * \
name##_RB_MINMAX(struct name *head, int val) \
{ \
struct type *tmp = RB_ROOT(head); \
struct type *parent = NULL; \
while (tmp) { \
parent = tmp; \
if (val < 0) \
tmp = RB_LEFT(tmp, field); \
else \
tmp = RB_RIGHT(tmp, field); \
} \
return (parent); \
}
#define RB_NEGINF -1
#define RB_INF 1
#define RB_INSERT(name, x, y) name##_RB_INSERT(x, y)
#define RB_REMOVE(name, x, y) name##_RB_REMOVE(x, y)
#define RB_FIND(name, x, y) name##_RB_FIND(x, y)
#define RB_NFIND(name, x, y) name##_RB_NFIND(x, y)
#define RB_NEXT(name, x, y) name##_RB_NEXT(y)
#define RB_PREV(name, x, y) name##_RB_PREV(y)
#define RB_MIN(name, x) name##_RB_MINMAX(x, RB_NEGINF)
#define RB_MAX(name, x) name##_RB_MINMAX(x, RB_INF)
#define RB_FOREACH(x, name, head) \
for ((x) = RB_MIN(name, head); \
(x) != NULL; \
(x) = name##_RB_NEXT(x))
#define RB_FOREACH_REVERSE(x, name, head) \
for ((x) = RB_MAX(name, head); \
(x) != NULL; \
(x) = name##_RB_PREV(x))
#endif /* _SYS_TREE_H_ */

80
contrib/ipfilter/tools/BNF.ipf
View File

@ -1,80 +0,0 @@
filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ]
[ proto ] [ ip ] [ group ] [ tag ] [ pps ] .
insert = "@" decnumber .
action = block | "pass" | log | "count" | auth | call .
in-out = "in" | "out" .
options = [ log ] [ "quick" ] [ onif [ dup ] [ froute ] ] .
tos = "tos" decnumber | "tos" hexnumber .
ttl = "ttl" decnumber .
proto = "proto" protocol .
ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
group = [ "head" decnumber ] [ "group" decnumber ] .
pps = "pps" decnumber .
onif = "on" interface-name [ "out-via" interface-name ] .
block = "block" [ return-icmp[return-code] | "return-rst" ] .
auth = "auth" | "preauth" .
log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
tag = "tag" tagid .
call = "call" [ "now" ] function-name .
dup = "dup-to" interface-name[":"ipaddr] .
froute = "fastroute" | "to" interface-name .
protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber .
srcdst = "all" | fromto .
fromto = "from" object "to" object .
return-icmp = "return-icmp" | "return-icmp-as-dest" .
loglevel = facility"."priority | priority .
object = addr [ port-comp | port-range ] .
addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
port-comp = "port" compare port-num .
port-range = "port" port-num range port-num .
flags = "flags" flag { flag } [ "/" flag { flag } ] .
with = "with" | "and" .
icmp = "icmp-type" icmp-type [ "code" decnumber ] .
return-code = "("icmp-code")" .
keep = "keep" "state" [ "limit" number ] | "keep" "frags" .
nummask = host-name [ "/" decnumber ] .
host-name = ipaddr | hostname | "any" .
ipaddr = host-num "." host-num "." host-num "." host-num .
host-num = digit [ digit [ digit ] ] .
port-num = service-name | decnumber .
withopt = [ "not" | "no" ] opttype [ withopt ] .
opttype = "ipopts" | "short" | "nat" | "bad-src" | "lowttl" | "frag" |
"mbcast" | "opt" ipopts .
optname = ipopts [ "," optname ] .
ipopts = optlist | "sec-class" [ secname ] .
secname = seclvl [ "," secname ] .
seclvl = "unclass" | "confid" | "reserv-1" | "reserv-2" | "reserv-3" |
"reserv-4" | "secret" | "topsecret" .
icmp-type = "unreach" | "echo" | "echorep" | "squench" | "redir" |
"timex" | "paramprob" | "timest" | "timestrep" | "inforeq" |
"inforep" | "maskreq" | "maskrep" | "routerad" |
"routersol" | decnumber .
icmp-code = decumber | "net-unr" | "host-unr" | "proto-unr" | "port-unr" |
"needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" |
"net-prohib" | "host-prohib" | "net-tos" | "host-tos" |
"filter-prohib" | "host-preced" | "cutoff-preced" .
optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | "tr" |
"sec" | "lsrr" | "e-sec" | "cipso" | "satid" | "ssrr" | "addext" |
"visa" | "imitd" | "eip" | "finn" .
facility = "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" |
"lpr" | "news" | "uucp" | "cron" | "ftp" | "authpriv" |
"audit" | "logalert" | "local0" | "local1" | "local2" |
"local3" | "local4" | "local5" | "local6" | "local7" .
priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" |
"info" | "debug" .
hexnumber = "0" "x" hexstring .
hexstring = hexdigit [ hexstring ] .
decnumber = digit [ decnumber ] .
compare = "=" | "!=" | "<" | ">" | "<=" | ">=" | "eq" | "ne" | "lt" | "gt" |
"le" | "ge" .
range = "<>" | "><" .
hexdigit = digit | "a" | "b" | "c" | "d" | "e" | "f" .
digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" .
flag = "F" | "S" | "R" | "P" | "A" | "U" | "C" | "W" .

28
contrib/ipfilter/tools/BNF.ipnat
View File

@ -1,28 +0,0 @@
ipmap :: = mapblock | redir | map .
map ::= mapit ifname ipmask "->" ipmask [ mapport | mapicmpid ] .
map ::= mapit ifname fromto "->" ipmask [ mapport | mapicmpid ] .
mapblock ::= "map-block" ifname ipmask "->" ipmask [ ports ] .
redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] [ ports ] options .
dport ::= "port" portnum [ "-" portnum ] .
ports ::= "ports" numports | "auto" .
mapit ::= "map" | "bimap" .
fromto ::= "from" object "to" object .
ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask .
mapport ::= "portmap" tcpudp portnumber ":" portnumber .
mapicmpid ::= "icmpidmap" icmp idnumber ":" idnumber .
options ::= [ tcpudp ] [ rr ] .
object = addr [ port-comp | port-range ] .
addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
port-comp = "port" compare port-num .
port-range = "port" port-num range port-num .
rr ::= "round-robin" .
tcpudp ::= "tcp" | "udp" | "tcp/udp" .
portnumber ::= number { numbers } | "auto" .
idnumber ::= number { numbers } .
ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers .
numbers ::= '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' .

104
contrib/ipfilter/tools/Makefile
View File

@ -1,104 +0,0 @@
YACC=yacc -v
DEST=.
all: $(DEST)/ipf_y.c $(DEST)/ipf_y.h $(DEST)/ipf_l.c \
$(DEST)/ipmon_y.c $(DEST)/ipmon_y.h $(DEST)/ipmon_l.c \
$(DEST)/ipnat_y.c $(DEST)/ipnat_y.h $(DEST)/ipnat_l.c \
$(DEST)/ipscan_y.c $(DEST)/ipscan_y.h $(DEST)/ipscan_l.c \
$(DEST)/ippool_y.c $(DEST)/ippool_y.h $(DEST)/ippool_l.c \
$(DEST)/ipf_l.h $(DEST)/ipnat_l.h $(DEST)/ipscan_l.h \
$(DEST)/ippool_l.h $(DEST)/ipmon_l.h
$(DEST)/ipf_y.h: $(DEST)/ipf_y.c
$(DEST)/ipf_y.c: ipf_y.y
$(YACC) -d ipf_y.y
sed -e 's/yy/ipf_yy/g' -e 's/y.tab.h/ipf_y.c/' \
-e 's/"ipf_y.y"/"..\/tools\/ipf_y.y"/' \
y.tab.c > $(DEST)/ipf_y.c
sed -e 's/yy/ipf_yy/g' -e 's/y.tab.h/ipf_y.h/' y.tab.h > $(DEST)/ipf_y.h
/bin/rm -f y.tab.c y.tab.h
$(DEST)/ipf_l.c: lexer.c
sed -e 's/yy/ipf_yy/g' -e 's/y.tab.h/ipf_y.h/' \
-e 's/lexer.h/ipf_l.h/' lexer.c > $@
$(DEST)/ipmon_y.n: $(DEST)/ipmon_y.c
$(DEST)/ipmon_y.c $(DEST)/ipmon_y.h: ipmon_y.y
$(YACC) -d ipmon_y.y
sed -e 's/yy/ipmon_yy/g' -e 's/"ipmon_y.y"/"..\/tools\/ipmon_y.y"/' \
y.tab.c > $(DEST)/ipmon_y.c
sed -e 's/yy/ipmon_yy/g' y.tab.h > $(DEST)/ipmon_y.h
/bin/rm -f y.tab.c y.tab.h
$(DEST)/ipmon_l.c: lexer.c
sed -e 's/yy/ipmon_yy/g' -e 's/y.tab.h/ipmon_y.h/' \
-e 's/lexer.h/ipmon_l.h/' lexer.c > $@
$(DEST)/ipscan_y.h: $(DEST)/ipscan_y.c
$(DEST)/ipscan_y.c $(DEST)/ipscan_y.h: ipscan_y.y
$(YACC) -d ipscan_y.y
sed -e 's/yy/ipscan_yy/g' \
-e 's/"ipscan_y.y"/"..\/tools\/ipscan_y.y"/' \
y.tab.c > $(DEST)/ipscan_y.c
sed -e 's/yy/ipscan_yy/g' y.tab.h > $(DEST)/ipscan_y.h
/bin/rm -f y.tab.c y.tab.h
$(DEST)/ipscan_l.c: lexer.c
sed -e 's/yy/ipscan_yy/g' -e 's/y.tab.h/ipscan_y.h/' \
-e 's/lexer.h/ipscan_l.h/' lexer.c > $@
$(DEST)/ippool_y.h: $(DEST)/ippool_y.c
$(DEST)/ippool_y.c $(DEST)/ippool_y.h: ippool_y.y
$(YACC) -d ippool_y.y
sed -e 's/yy/ippool_yy/g' -e 's/"ippool_y.y"/"..\/tools\/ippool_y.y"/' \
y.tab.c > $(DEST)/ippool_y.c
sed -e 's/yy/ippool_yy/g' y.tab.h > $(DEST)/ippool_y.h
/bin/rm -f y.tab.c y.tab.h
$(DEST)/ippool_l.c: lexer.c
sed -e 's/yy/ippool_yy/g' -e 's/y.tab.h/ippool_y.h/' \
-e 's/lexer.h/ippool_l.h/' lexer.c > $@
$(DEST)/ipnat_y.h: $(DEST)/ipnat_y.c
$(DEST)/ipnat_y.c $(DEST)/ipnat_y.h: ipnat_y.y
$(YACC) -d ipnat_y.y
sed -e 's/yy/ipnat_yy/g' -e 's/y.tab.c/ipnat_y.c/' \
-e s/\"ipnat_y.y\"/\"..\\/tools\\/ipnat_y.y\"/ \
y.tab.c > $(DEST)/ipnat_y.c
sed -e 's/yy/ipnat_yy/g' -e 's/y.tab.h/ipnat_y.h/' \
y.tab.h > $(DEST)/ipnat_y.h
/bin/rm -f y.tab.c y.tab.h
$(DEST)/ipnat_l.c: lexer.c
sed -e 's/yy/ipnat_yy/g' -e 's/y.tab.h/ipnat_y.h/' \
-e 's/lexer.h/ipnat_l.h/' lexer.c > $@
$(DEST)/ipf_l.h: lexer.h
sed -e 's/yy/ipf_yy/g' lexer.h > $@
$(DEST)/ipmon_l.h: lexer.h
sed -e 's/yy/ipmon_yy/g' lexer.h > $@
$(DEST)/ipscan_l.h: lexer.h
sed -e 's/yy/ipscan_yy/g' lexer.h > $@
$(DEST)/ippool_l.h: lexer.h
sed -e 's/yy/ippool_yy/g' lexer.h > $@
$(DEST)/ipnat_l.h: lexer.h
sed -e 's/yy/ipnat_yy/g' lexer.h > $@
clean:
/bin/rm -f $(DEST)/ipf_y.c $(DEST)/ipf_y.h $(DEST)/ipf_l.c
/bin/rm -f $(DEST)/ipmon_y.c $(DEST)/ipmon_y.h $(DEST)/ipmon_l.c
/bin/rm -f $(DEST)/ipscan_y.c $(DEST)/ipscan_y.h $(DEST)/ipscan_l.c
/bin/rm -f $(DEST)/ippool_y.c $(DEST)/ippool_y.h $(DEST)/ippool_l.c
/bin/rm -f $(DEST)/ipnat_y.c $(DEST)/ipnat_y.h $(DEST)/ipnat_l.c
/bin/rm -f $(DEST)/ipf_l.h $(DEST)/ipmon_l.h $(DEST)/ippool_l.h
/bin/rm -f $(DEST)/ipscan_l.h $(DEST)/ipnat_l.h

671
contrib/ipfilter/tools/ipfsyncd.c
View File

@ -1,671 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipfsyncd.c,v 1.1.2.2 2012/07/22 08:04:24 darren_r Exp $";
#endif
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/sockio.h>
#include <sys/errno.h>
#include <netinet/in.h>
#include <net/if.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
#include <syslog.h>
#include <signal.h>
#include "ipf.h"
#include "opts.h"
#define R_IO_ERROR -1
#define R_OKAY 0
#define R_MORE 1
#define R_SKIP 2
#if defined(sun) && !defined(SOLARIS2)
# define STRERROR(x) sys_errlist[x]
extern char *sys_errlist[];
#else
# define STRERROR(x) strerror(x)
#endif
int main(int, char *[]);
void usage(char *);
void printsynchdr(synchdr_t *);
void printtable(int);
void printsmcproto(char *);
void printcommand(int);
int do_kbuff(int, char *, int *);
int do_packet(int, char *);
int buildsocket(char *, struct sockaddr_in *);
void do_io(void);
void handleterm(int);
int terminate = 0;
int igmpfd = -1;
int nfd = -1;
int lfd = -1;
int opts = 0;
void
usage(progname)
char *progname;
{
fprintf(stderr,
"Usage: %s [-d] [-p port] [-i address] -I <interface>\n",
progname);
}
void
handleterm(sig)
int sig;
{
terminate = sig;
}
/* should be large enough to hold header + any datatype */
#define BUFFERLEN 1400
int
main(argc, argv)
int argc;
char *argv[];
{
struct sockaddr_in sin;
char *interface;
char *progname;
int opt, tries;
progname = strrchr(argv[0], '/');
if (progname) {
progname++;
} else {
progname = argv[0];
}
opts = 0;
tries = 0;
interface = NULL;
bzero((char *)&sin, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_port = htons(0xaf6c);
sin.sin_addr.s_addr = htonl(INADDR_UNSPEC_GROUP | 0x697066);
while ((opt = getopt(argc, argv, "di:I:p:")) != -1)
switch (opt)
{
case 'd' :
debuglevel++;
break;
case 'I' :
interface = optarg;
break;
case 'i' :
sin.sin_addr.s_addr = inet_addr(optarg);
break;
case 'p' :
sin.sin_port = htons(atoi(optarg));
break;
}
if (interface == NULL) {
usage(progname);
exit(1);
}
if (!debuglevel) {
#ifdef BSD
daemon(0, 0);
#else
int fd = open("/dev/null", O_RDWR);
switch (fork())
{
case 0 :
break;
case -1 :
fprintf(stderr, "%s: fork() failed: %s\n",
argv[0], STRERROR(errno));
exit(1);
/* NOTREACHED */
default :
exit(0);
/* NOTREACHED */
}
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
close(fd);
setsid();
#endif
}
signal(SIGHUP, handleterm);
signal(SIGINT, handleterm);
signal(SIGTERM, handleterm);
openlog(progname, LOG_PID, LOG_SECURITY);
while (!terminate) {
if (lfd != -1) {
close(lfd);
lfd = -1;
}
if (nfd != -1) {
close(nfd);
nfd = -1;
}
if (igmpfd != -1) {
close(igmpfd);
igmpfd = -1;
}
if (buildsocket(interface, &sin) == -1)
goto tryagain;
lfd = open(IPSYNC_NAME, O_RDWR);
if (lfd == -1) {
syslog(LOG_ERR, "open(%s):%m", IPSYNC_NAME);
debug(1, "open(%s): %s\n", IPSYNC_NAME,
STRERROR(errno));
goto tryagain;
}
tries = -1;
do_io();
tryagain:
tries++;
syslog(LOG_INFO, "retry in %d seconds", 1 << tries);
debug(1, "wait %d seconds\n", 1 << tries);
sleep(1 << tries);
}
/* terminate */
if (lfd != -1)
close(lfd);
if (nfd != -1)
close(nfd);
syslog(LOG_ERR, "signal %d received, exiting...", terminate);
debug(1, "signal %d received, exiting...", terminate);
exit(1);
}
void
do_io()
{
char nbuff[BUFFERLEN];
char buff[BUFFERLEN];
fd_set mrd, rd;
int maxfd;
int inbuf;
int n1;
int left;
FD_ZERO(&mrd);
FD_SET(lfd, &mrd);
FD_SET(nfd, &mrd);
maxfd = nfd;
if (lfd > maxfd)
maxfd = lfd;
debug(2, "nfd %d lfd %d maxfd %d\n", nfd, lfd, maxfd);
inbuf = 0;
/*
* A threaded approach to this loop would have one thread
* work on reading lfd (only) all the time and another thread
* working on reading nfd all the time.
*/
while (!terminate) {
int n;
rd = mrd;
n = select(maxfd + 1, &rd, NULL, NULL, NULL);
if (n < 0) {
switch (errno)
{
case EINTR :
continue;
default :
syslog(LOG_ERR, "select error: %m");
debug(1, "select error: %s\n", STRERROR(errno));
return;
}
}
if (FD_ISSET(lfd, &rd)) {
n1 = read(lfd, buff+inbuf, BUFFERLEN-inbuf);
debug(3, "read(K):%d\n", n1);
if (n1 <= 0) {
syslog(LOG_ERR, "read error (k-header): %m");
debug(1, "read error (k-header): %s\n",
STRERROR(errno));
return;
}
left = 0;
switch (do_kbuff(n1, buff, &left))
{
case R_IO_ERROR :
return;
case R_MORE :
inbuf += left;
break;
default :
inbuf = 0;
break;
}
}
if (FD_ISSET(nfd, &rd)) {
n1 = recv(nfd, nbuff, sizeof(nbuff), 0);
debug(3, "read(N):%d\n", n1);
if (n1 <= 0) {
syslog(LOG_ERR, "read error (n-header): %m");
debug(1, "read error (n-header): %s\n",
STRERROR(errno));
return;
}
switch (do_packet(n1, nbuff))
{
case R_IO_ERROR :
return;
default :
break;
}
}
}
}
int
buildsocket(nicname, sinp)
char *nicname;
struct sockaddr_in *sinp;
{
struct sockaddr_in *reqip;
struct ifreq req;
char opt;
debug(2, "binding to %s:%s\n", nicname, inet_ntoa(sinp->sin_addr));
if (IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) {
struct in_addr addr;
struct ip_mreq mreq;
igmpfd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP);
if (igmpfd == -1) {
syslog(LOG_ERR, "socket:%m");
debug(1, "socket:%s\n", STRERROR(errno));
return -1;
}
bzero((char *)&req, sizeof(req));
strncpy(req.ifr_name, nicname, sizeof(req.ifr_name));
req.ifr_name[sizeof(req.ifr_name) - 1] = '\0';
if (ioctl(igmpfd, SIOCGIFADDR, &req) == -1) {
syslog(LOG_ERR, "ioctl(SIOCGIFADDR):%m");
debug(1, "ioctl(SIOCGIFADDR):%s\n", STRERROR(errno));
close(igmpfd);
igmpfd = -1;
return -1;
}
reqip = (struct sockaddr_in *)&req.ifr_addr;
addr = reqip->sin_addr;
if (setsockopt(igmpfd, IPPROTO_IP, IP_MULTICAST_IF,
(char *)&addr, sizeof(addr)) == -1) {
syslog(LOG_ERR, "setsockopt(IP_MULTICAST_IF(%s)):%m",
inet_ntoa(addr));
debug(1, "setsockopt(IP_MULTICAST_IF(%s)):%s\n",
inet_ntoa(addr), STRERROR(errno));
close(igmpfd);
igmpfd = -1;
return -1;
}
opt = 0;
if (setsockopt(igmpfd, IPPROTO_IP, IP_MULTICAST_LOOP,
(char *)&opt, sizeof(opt)) == -1) {
syslog(LOG_ERR, "setsockopt(IP_MULTICAST_LOOP=0):%m");
debug(1, "setsockopt(IP_MULTICAST_LOOP=0):%s\n",
STRERROR(errno));
close(igmpfd);
igmpfd = -1;
return -1;
}
opt = 63;
if (setsockopt(igmpfd, IPPROTO_IP, IP_MULTICAST_TTL,
(char *)&opt, sizeof(opt)) == -1) {
syslog(LOG_ERR, "setsockopt(IP_MULTICAST_TTL=%d):%m",
opt);
debug(1, "setsockopt(IP_MULTICAST_TTL=%d):%s\n", opt,
STRERROR(errno));
close(igmpfd);
igmpfd = -1;
return -1;
}
mreq.imr_multiaddr.s_addr = sinp->sin_addr.s_addr;
mreq.imr_interface.s_addr = reqip->sin_addr.s_addr;
if (setsockopt(igmpfd, IPPROTO_IP, IP_ADD_MEMBERSHIP,
(char *)&mreq, sizeof(mreq)) == -1) {
char buffer[80];
snprintf(buffer, sizeof(buffer), "%s,", inet_ntoa(sinp->sin_addr));
strcat(buffer, inet_ntoa(reqip->sin_addr));
syslog(LOG_ERR,
"setsockpt(IP_ADD_MEMBERSHIP,%s):%m", buffer);
debug(1, "setsockpt(IP_ADD_MEMBERSHIP,%s):%s\n",
buffer, STRERROR(errno));
close(igmpfd);
igmpfd = -1;
return -1;
}
}
nfd = socket(AF_INET, SOCK_DGRAM, 0);
if (nfd == -1) {
syslog(LOG_ERR, "socket:%m");
if (igmpfd != -1) {
close(igmpfd);
igmpfd = -1;
}
return -1;
}
bzero((char *)&req, sizeof(req));
strncpy(req.ifr_name, nicname, sizeof(req.ifr_name));
req.ifr_name[sizeof(req.ifr_name) - 1] = '\0';
if (ioctl(nfd, SIOCGIFADDR, &req) == -1) {
syslog(LOG_ERR, "ioctl(SIOCGIFADDR):%m");
debug(1, "ioctl(SIOCGIFADDR):%s\n", STRERROR(errno));
close(igmpfd);
igmpfd = -1;
return -1;
}
if (bind(nfd, (struct sockaddr *)&req.ifr_addr,
sizeof(req.ifr_addr)) == -1) {
syslog(LOG_ERR, "bind:%m");
debug(1, "bind:%s\n", STRERROR(errno));
close(nfd);
if (igmpfd != -1) {
close(igmpfd);
igmpfd = -1;
}
nfd = -1;
return -1;
}
if (connect(nfd, (struct sockaddr *)sinp, sizeof(*sinp)) == -1) {
syslog(LOG_ERR, "connect:%m");
debug(1, "connect:%s\n", STRERROR(errno));
close(nfd);
if (igmpfd != -1) {
close(igmpfd);
igmpfd = -1;
}
nfd = -1;
return -1;
}
syslog(LOG_INFO, "Sending data to %s", inet_ntoa(sinp->sin_addr));
debug(3, "Sending data to %s\n", inet_ntoa(sinp->sin_addr));
return nfd;
}
int
do_packet(pklen, buff)
int pklen;
char *buff;
{
synchdr_t *sh;
u_32_t magic;
int len;
int n2;
int n3;
while (pklen > 0) {
if (pklen < sizeof(*sh)) {
syslog(LOG_ERR, "packet length too short:%d", pklen);
debug(2, "packet length too short:%d\n", pklen);
return R_SKIP;
}
sh = (synchdr_t *)buff;
len = ntohl(sh->sm_len);
magic = ntohl(sh->sm_magic);
if (magic != SYNHDRMAGIC) {
syslog(LOG_ERR, "invalid header magic %x", magic);
debug(2, "invalid header magic %x\n", magic);
return R_SKIP;
}
if (pklen < len + sizeof(*sh)) {
syslog(LOG_ERR, "packet length too short:%d", pklen);
debug(2, "packet length too short:%d\n", pklen);
return R_SKIP;
}
if (debuglevel > 3) {
printsynchdr(sh);
printcommand(sh->sm_cmd);
printtable(sh->sm_table);
printsmcproto(buff);
}
n2 = sizeof(*sh) + len;
do {
n3 = write(lfd, buff, n2);
if (n3 <= 0) {
syslog(LOG_ERR, "write error: %m");
debug(1, "write error: %s\n", STRERROR(errno));
return R_IO_ERROR;
}
n2 -= n3;
buff += n3;
pklen -= n3;
} while (n3 != 0);
}
return R_OKAY;
}
int
do_kbuff(inbuf, buf, left)
int inbuf, *left;
char *buf;
{
synchdr_t *sh;
u_32_t magic;
int complete;
int sendlen;
int error;
int bytes;
int len;
int n2;
int n3;
sendlen = 0;
bytes = inbuf;
error = R_OKAY;
sh = (synchdr_t *)buf;
for (complete = 0; bytes > 0; complete++) {
len = ntohl(sh->sm_len);
magic = ntohl(sh->sm_magic);
if (magic != SYNHDRMAGIC) {
syslog(LOG_ERR,
"read invalid header magic 0x%x, flushing",
magic);
debug(2, "read invalid header magic 0x%x, flushing\n",
magic);
n2 = SMC_RLOG;
(void) ioctl(lfd, SIOCIPFFL, &n2);
break;
}
if (debuglevel > 3) {
printsynchdr(sh);
printcommand(sh->sm_cmd);
printtable(sh->sm_table);
putchar('\n');
}
if (bytes < sizeof(*sh) + len) {
debug(3, "Not enough bytes %d < %d\n", bytes,
sizeof(*sh) + len);
error = R_MORE;
break;
}
if (debuglevel > 3) {
printsmcproto(buf);
}
sendlen += len + sizeof(*sh);
sh = (synchdr_t *)(buf + sendlen);
bytes -= sendlen;
}
if (complete) {
n3 = send(nfd, buf, sendlen, 0);
if (n3 <= 0) {
syslog(LOG_ERR, "write error: %m");
debug(1, "write error: %s\n", STRERROR(errno));
return R_IO_ERROR;
}
debug(3, "send on %d len %d = %d\n", nfd, sendlen, n3);
error = R_OKAY;
}
/* move buffer to the front,we might need to make
* this more efficient, by using a rolling pointer
* over the buffer and only copying it, when
* we are reaching the end
*/
if (bytes > 0) {
bcopy(buf + bytes, buf, bytes);
error = R_MORE;
}
debug(4, "complete %d bytes %d error %d\n", complete, bytes, error);
*left = bytes;
return error;
}
void
printcommand(cmd)
int cmd;
{
switch (cmd)
{
case SMC_CREATE :
printf(" cmd:CREATE");
break;
case SMC_UPDATE :
printf(" cmd:UPDATE");
break;
default :
printf(" cmd:Unknown(%d)", cmd);
break;
}
}
void
printtable(table)
int table;
{
switch (table)
{
case SMC_NAT :
printf(" table:NAT");
break;
case SMC_STATE :
printf(" table:STATE");
break;
default :
printf(" table:Unknown(%d)", table);
break;
}
}
void
printsmcproto(buff)
char *buff;
{
syncupdent_t *su;
synchdr_t *sh;
sh = (synchdr_t *)buff;
if (sh->sm_cmd == SMC_CREATE) {
;
} else if (sh->sm_cmd == SMC_UPDATE) {
su = (syncupdent_t *)buff;
if (sh->sm_p == IPPROTO_TCP) {
printf(" TCP Update: age %lu state %d/%d\n",
su->sup_tcp.stu_age,
su->sup_tcp.stu_state[0],
su->sup_tcp.stu_state[1]);
}
} else {
printf("Unknown command\n");
}
}
void
printsynchdr(sh)
synchdr_t *sh;
{
printf("v:%d p:%d num:%d len:%d magic:%x", sh->sm_v, sh->sm_p,
ntohl(sh->sm_num), ntohl(sh->sm_len), ntohl(sh->sm_magic));
}

256
contrib/ipfilter/tools/ipsyncm.c
View File

@ -1,256 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <net/if.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
#include <syslog.h>
#include <signal.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_state.h"
#include "netinet/ip_sync.h"
int main(int, char *[]);
void usage(const char *);
int terminate = 0;
void usage(const char *progname) {
fprintf(stderr, "Usage: %s <destination IP> <destination port>\n", progname);
}
#if 0
static void handleterm(int sig)
{
terminate = sig;
}
#endif
/* should be large enough to hold header + any datatype */
#define BUFFERLEN 1400
int main(argc, argv)
int argc;
char *argv[];
{
struct sockaddr_in sin;
char buff[BUFFERLEN];
synclogent_t *sl;
syncupdent_t *su;
int nfd = -1, lfd = -1, n1, n2, n3, len;
int inbuf;
u_32_t magic;
synchdr_t *sh;
char *progname;
progname = strrchr(argv[0], '/');
if (progname) {
progname++;
} else {
progname = argv[0];
}
if (argc < 2) {
usage(progname);
exit(1);
}
#if 0
signal(SIGHUP, handleterm);
signal(SIGINT, handleterm);
signal(SIGTERM, handleterm);
#endif
openlog(progname, LOG_PID, LOG_SECURITY);
bzero((char *)&sin, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr(argv[1]);
if (argc > 2)
sin.sin_port = htons(atoi(argv[2]));
else
sin.sin_port = htons(43434);
while (1) {
if (lfd != -1)
close(lfd);
if (nfd != -1)
close(nfd);
lfd = open(IPSYNC_NAME, O_RDONLY);
if (lfd == -1) {
syslog(LOG_ERR, "Opening %s :%m", IPSYNC_NAME);
goto tryagain;
}
nfd = socket(AF_INET, SOCK_DGRAM, 0);
if (nfd == -1) {
syslog(LOG_ERR, "Socket :%m");
goto tryagain;
}
if (connect(nfd, (struct sockaddr *)&sin, sizeof(sin)) == -1) {
syslog(LOG_ERR, "Connect: %m");
goto tryagain;
}
syslog(LOG_INFO, "Sending data to %s",
inet_ntoa(sin.sin_addr));
inbuf = 0;
while (1) {
n1 = read(lfd, buff+inbuf, BUFFERLEN-inbuf);
printf("header : %d bytes read (header = %d bytes)\n",
n1, (int) sizeof(*sh));
if (n1 < 0) {
syslog(LOG_ERR, "Read error (header): %m");
goto tryagain;
}
if (n1 == 0) {
/* XXX can this happen??? */
syslog(LOG_ERR,
"Read error (header) : No data");
sleep(1);
continue;
}
inbuf += n1;
moreinbuf:
if (inbuf < sizeof(*sh)) {
continue; /* need more data */
}
sh = (synchdr_t *)buff;
len = ntohl(sh->sm_len);
magic = ntohl(sh->sm_magic);
if (magic != SYNHDRMAGIC) {
syslog(LOG_ERR,
"Invalid header magic %x", magic);
goto tryagain;
}
#define IPSYNC_DEBUG
#ifdef IPSYNC_DEBUG
printf("v:%d p:%d len:%d magic:%x", sh->sm_v,
sh->sm_p, len, magic);
if (sh->sm_cmd == SMC_CREATE)
printf(" cmd:CREATE");
else if (sh->sm_cmd == SMC_UPDATE)
printf(" cmd:UPDATE");
else
printf(" cmd:Unknown(%d)", sh->sm_cmd);
if (sh->sm_table == SMC_NAT)
printf(" table:NAT");
else if (sh->sm_table == SMC_STATE)
printf(" table:STATE");
else
printf(" table:Unknown(%d)", sh->sm_table);
printf(" num:%d\n", (u_32_t)ntohl(sh->sm_num));
#endif
if (inbuf < sizeof(*sh) + len) {
continue; /* need more data */
goto tryagain;
}
#ifdef IPSYNC_DEBUG
if (sh->sm_cmd == SMC_CREATE) {
sl = (synclogent_t *)buff;
} else if (sh->sm_cmd == SMC_UPDATE) {
su = (syncupdent_t *)buff;
if (sh->sm_p == IPPROTO_TCP) {
printf(" TCP Update: age %lu state %d/%d\n",
su->sup_tcp.stu_age,
su->sup_tcp.stu_state[0],
su->sup_tcp.stu_state[1]);
}
} else {
printf("Unknown command\n");
}
#endif
n2 = sizeof(*sh) + len;
n3 = write(nfd, buff, n2);
if (n3 <= 0) {
syslog(LOG_ERR, "Write error: %m");
goto tryagain;
}
if (n3 != n2) {
syslog(LOG_ERR, "Incomplete write (%d/%d)",
n3, n2);
goto tryagain;
}
/* signal received? */
if (terminate)
break;
/* move buffer to the front,we might need to make
* this more efficient, by using a rolling pointer
* over the buffer and only copying it, when
* we are reaching the end
*/
inbuf -= n2;
if (inbuf) {
bcopy(buff+n2, buff, inbuf);
printf("More data in buffer\n");
goto moreinbuf;
}
}
if (terminate)
break;
tryagain:
sleep(1);
}
/* terminate */
if (lfd != -1)
close(lfd);
if (nfd != -1)
close(nfd);
syslog(LOG_ERR, "signal %d received, exiting...", terminate);
exit(1);
}

274
contrib/ipfilter/tools/ipsyncs.c
View File

@ -1,274 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <net/if.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <syslog.h>
#include <errno.h>
#include <signal.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_state.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_sync.h"
int main(int, char *[]);
void usage(const char *progname);
int terminate = 0;
void usage(const char *progname) {
fprintf(stderr,
"Usage: %s <destination IP> <destination port> [remote IP]\n",
progname);
}
#if 0
static void handleterm(int sig)
{
terminate = sig;
}
#endif
#define BUFFERLEN 1400
int main(argc, argv)
int argc;
char *argv[];
{
int nfd = -1 , lfd = -1;
int n1, n2, n3, magic, len, inbuf;
struct sockaddr_in sin;
struct sockaddr_in in;
char buff[BUFFERLEN];
synclogent_t *sl;
syncupdent_t *su;
synchdr_t *sh;
char *progname;
progname = strrchr(argv[0], '/');
if (progname) {
progname++;
} else {
progname = argv[0];
}
if (argc < 2) {
usage(progname);
exit(1);
}
#if 0
signal(SIGHUP, handleterm);
signal(SIGINT, handleterm);
signal(SIGTERM, handleterm);
#endif
openlog(progname, LOG_PID, LOG_SECURITY);
lfd = open(IPSYNC_NAME, O_WRONLY);
if (lfd == -1) {
syslog(LOG_ERR, "Opening %s :%m", IPSYNC_NAME);
exit(1);
}
bzero((char *)&sin, sizeof(sin));
sin.sin_family = AF_INET;
if (argc > 1)
sin.sin_addr.s_addr = inet_addr(argv[1]);
if (argc > 2)
sin.sin_port = htons(atoi(argv[2]));
else
sin.sin_port = htons(43434);
if (argc > 3)
in.sin_addr.s_addr = inet_addr(argv[3]);
else
in.sin_addr.s_addr = 0;
in.sin_port = 0;
while(1) {
if (lfd != -1)
close(lfd);
if (nfd != -1)
close(nfd);
lfd = open(IPSYNC_NAME, O_WRONLY);
if (lfd == -1) {
syslog(LOG_ERR, "Opening %s :%m", IPSYNC_NAME);
goto tryagain;
}
nfd = socket(AF_INET, SOCK_DGRAM, 0);
if (nfd == -1) {
syslog(LOG_ERR, "Socket :%m");
goto tryagain;
}
n1 = 1;
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &n1, sizeof(n1));
if (bind(nfd, (struct sockaddr *)&sin, sizeof(sin)) == -1) {
syslog(LOG_ERR, "Bind: %m");
goto tryagain;
}
syslog(LOG_INFO, "Listening to %s", inet_ntoa(sin.sin_addr));
inbuf = 0;
while (1) {
/*
* XXX currently we do not check the source address
* of a datagram, this can be a security risk
*/
n1 = read(nfd, buff+inbuf, BUFFERLEN-inbuf);
printf("header : %d bytes read (header = %d bytes)\n",
n1, (int) sizeof(*sh));
if (n1 < 0) {
syslog(LOG_ERR, "Read error (header): %m");
goto tryagain;
}
if (n1 == 0) {
/* XXX can this happen??? */
syslog(LOG_ERR,
"Read error (header) : No data");
sleep(1);
continue;
}
inbuf += n1;
moreinbuf:
if (inbuf < sizeof(*sh)) {
continue; /* need more data */
}
sh = (synchdr_t *)buff;
len = ntohl(sh->sm_len);
magic = ntohl(sh->sm_magic);
if (magic != SYNHDRMAGIC) {
syslog(LOG_ERR, "Invalid header magic %x",
magic);
goto tryagain;
}
#define IPSYNC_DEBUG
#ifdef IPSYNC_DEBUG
printf("v:%d p:%d len:%d magic:%x", sh->sm_v,
sh->sm_p, len, magic);
if (sh->sm_cmd == SMC_CREATE)
printf(" cmd:CREATE");
else if (sh->sm_cmd == SMC_UPDATE)
printf(" cmd:UPDATE");
else
printf(" cmd:Unknown(%d)", sh->sm_cmd);
if (sh->sm_table == SMC_NAT)
printf(" table:NAT");
else if (sh->sm_table == SMC_STATE)
printf(" table:STATE");
else
printf(" table:Unknown(%d)", sh->sm_table);
printf(" num:%d\n", (u_32_t)ntohl(sh->sm_num));
#endif
if (inbuf < sizeof(*sh) + len) {
continue; /* need more data */
goto tryagain;
}
#ifdef IPSYNC_DEBUG
if (sh->sm_cmd == SMC_CREATE) {
sl = (synclogent_t *)buff;
} else if (sh->sm_cmd == SMC_UPDATE) {
su = (syncupdent_t *)buff;
if (sh->sm_p == IPPROTO_TCP) {
printf(" TCP Update: age %lu state %d/%d\n",
su->sup_tcp.stu_age,
su->sup_tcp.stu_state[0],
su->sup_tcp.stu_state[1]);
}
} else {
printf("Unknown command\n");
}
#endif
n2 = sizeof(*sh) + len;
n3 = write(lfd, buff, n2);
if (n3 <= 0) {
syslog(LOG_ERR, "%s: Write error: %m",
IPSYNC_NAME);
goto tryagain;
}
if (n3 != n2) {
syslog(LOG_ERR, "%s: Incomplete write (%d/%d)",
IPSYNC_NAME, n3, n2);
goto tryagain;
}
/* signal received? */
if (terminate)
break;
/* move buffer to the front,we might need to make
* this more efficient, by using a rolling pointer
* over the buffer and only copying it, when
* we are reaching the end
*/
inbuf -= n2;
if (inbuf) {
bcopy(buff+n2, buff, inbuf);
printf("More data in buffer\n");
goto moreinbuf;
}
}
if (terminate)
break;
tryagain:
sleep(1);
}
/* terminate */
if (lfd != -1)
close(lfd);
if (nfd != -1)
close(nfd);
syslog(LOG_ERR, "signal %d received, exiting...", terminate);
exit(1);
}

60
contrib/ipfilter/tools/lex_var.h
View File

@ -1,60 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
extern long string_start;
extern long string_end;
extern char *string_val;
extern long pos;
#define YY_INPUT(buf, result, max_size) \
if (pos >= string_start && pos <= string_end) { \
buf[0] = string_val[pos - string_start]; \
pos++; \
result = 1; \
} else if ( yy_current_buffer->yy_is_interactive ) \
{ \
int c = '*', n; \
for ( n = 0; n < 1 && \
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
buf[n] = (char) c; \
if ( c == '\n' ) \
buf[n++] = (char) c; \
if ( c == EOF && ferror( yyin ) ) \
YY_FATAL_ERROR( "input in flex scanner failed" ); \
result = n; \
pos++; \
} \
else if ( ((result = fread( buf, 1, 1, yyin )) == 0) \
&& ferror( yyin ) ) \
YY_FATAL_ERROR( "input in flex scanner failed" );
#ifdef input
# undef input
# define input() (((pos >= string_start) && (pos < string_end)) ? \
yysptr = yysbuf, string_val[pos++ - string_start] : \
((yytchar = yysptr > yysbuf ? U(*--yysptr) : \
getc(yyin)) == 10 ? (pos++, yylineno++, yytchar) : \
yytchar) == EOF ? (pos++, 0) : (pos++, yytchar))
#endif
#ifdef lex_input
# undef lex_input
# define lex_input() (((pos >= string_start) && (pos < string_end)) ? \
yysptr = yysbuf, string_val[pos++ - string_start] : \
((yytchar = yysptr > yysbuf ? U(*--yysptr) : \
getc(yyin)) == 10 ? (pos++, yylineno++, yytchar) : \
yytchar) == EOF ? (pos++, 0) : (pos++, yytchar))
#endif
#ifdef unput
# undef unput
# define unput(c) { if (pos > 0) pos--; \
yytchar = (c); if (yytchar == '\n') yylineno--; \
*yysptr++ = yytchar; }
#endif