fix conflicts generated by import, completing import of ipf3.4.25

This commit is contained in:
Darren Reed 2002-03-19 11:48:16 +00:00
parent 0df2c61f4f
commit 68d1243587
9 changed files with 363 additions and 137 deletions

View File

@ -10,6 +10,9 @@
* $FreeBSD$
*/
#ifdef __sgi
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <string.h>
#include <fcntl.h>

View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 1993-2001 by Darren Reed.
* Copyright (C) 1993-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@ -8,6 +8,9 @@
#define SOLARIS (defined(__SVR4) || defined(__svr4__)) && defined(sun)
#endif
#ifdef __sgi
# include <sys/ptimers.h>
#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
@ -47,7 +50,6 @@
#include <arpa/nameser.h>
#include <resolv.h>
#include <sys/uio.h>
#ifndef linux
# include <sys/protosw.h>
# include <netinet/ip_var.h>
@ -62,7 +64,6 @@
#include "netinet/ip_compat.h"
#include <netinet/tcpip.h>
#include "netinet/ip_fil.h"
#include "netinet/ip_proxy.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_state.h"
@ -86,6 +87,23 @@ struct flags {
char flag;
};
typedef struct icmp_subtype {
int ist_val;
char *ist_name;
} icmp_subtype_t;
typedef struct icmp_type {
int it_val;
struct icmp_subtype *it_subtable;
size_t it_stsize;
char *it_name;
} icmp_type_t;
#define IST_SZ(x) (sizeof(x)/sizeof(icmp_subtype_t))
struct flags tcpfl[] = {
{ TH_ACK, 'A' },
{ TH_RST, 'R' },
@ -124,6 +142,9 @@ static void dumphex __P((FILE *, u_char *, int));
static int read_log __P((int, int *, char *, int));
static void write_pid __P((char *));
static char *icmpname __P((u_int, u_int));
static char *icmpname6 __P((u_int, u_int));
static icmp_type_t *find_icmptype __P((int, icmp_type_t *, size_t));
static icmp_subtype_t *find_icmpsubtype __P((int, icmp_subtype_t *, size_t));
char *hostname __P((int, int, u_32_t *));
char *portname __P((int, char *, u_int));
@ -136,7 +157,6 @@ static char *getproto __P((u_int));
static char **protocols = NULL;
static char **udp_ports = NULL;
static char **tcp_ports = NULL;
static char *argv0 = "ipmon";
#define OPT_SYSLOG 0x001
#define OPT_RESOLVE 0x002
@ -158,47 +178,198 @@ static char *argv0 = "ipmon";
#endif
#define ICMPUNREACHNAMES 14
static char *icmpunreachnames[ICMPUNREACHNAMES] = {
"net",
"host",
"protocol",
"port",
"needfrag",
"srcfail",
"net_unknown",
"host_unknown",
"isolated",
"net_prohib",
"host_prohib",
"tosnet",
"toshost",
"admin_prohibit"
static icmp_subtype_t icmpunreachnames[] = {
{ ICMP_UNREACH_NET, "net" },
{ ICMP_UNREACH_HOST, "host" },
{ ICMP_UNREACH_PROTOCOL, "protocol" },
{ ICMP_UNREACH_PORT, "port" },
{ ICMP_UNREACH_NEEDFRAG, "needfrag" },
{ ICMP_UNREACH_SRCFAIL, "srcfail" },
{ ICMP_UNREACH_NET_UNKNOWN, "net_unknown" },
{ ICMP_UNREACH_HOST_UNKNOWN, "host_unknown" },
{ ICMP_UNREACH_NET, "isolated" },
{ ICMP_UNREACH_NET_PROHIB, "net_prohib" },
{ ICMP_UNREACH_NET_PROHIB, "host_prohib" },
{ ICMP_UNREACH_TOSNET, "tosnet" },
{ ICMP_UNREACH_TOSHOST, "toshost" },
{ ICMP_UNREACH_ADMIN_PROHIBIT, "admin_prohibit" },
{ -2, NULL }
};
#define ICMPTYPES 19
static char *icmptypes[ICMPTYPES] = {
"echoreply",
NULL,
NULL,
"unreach",
"sourcequench",
"redirect",
NULL,
NULL,
"echo",
"routeradvert",
"routersolicit",
"timxceed",
"paramprob",
"timestamp",
"timestampreply",
"inforeq",
"inforeply",
"maskreq",
"maskreply"
static icmp_subtype_t redirectnames[] = {
{ ICMP_REDIRECT_NET, "net" },
{ ICMP_REDIRECT_HOST, "host" },
{ ICMP_REDIRECT_TOSNET, "tosnet" },
{ ICMP_REDIRECT_TOSHOST, "toshost" },
{ -2, NULL }
};
static icmp_subtype_t timxceednames[] = {
{ ICMP_TIMXCEED_INTRANS, "transit" },
{ ICMP_TIMXCEED_REASS, "reassem" },
{ -2, NULL }
};
static icmp_subtype_t paramnames[] = {
{ ICMP_PARAMPROB_ERRATPTR, "errata_pointer" },
{ ICMP_PARAMPROB_OPTABSENT, "optmissing" },
{ ICMP_PARAMPROB_LENGTH, "length" },
{ -2, NULL }
};
static icmp_type_t icmptypes[] = {
{ ICMP_ECHOREPLY, NULL, 0, "echoreply" },
{ -1, NULL, 0, NULL },
{ -1, NULL, 0, NULL },
{ ICMP_UNREACH, icmpunreachnames,
IST_SZ(icmpunreachnames),"unreach" },
{ ICMP_SOURCEQUENCH, NULL, 0, "sourcequench" },
{ ICMP_REDIRECT, redirectnames,
IST_SZ(redirectnames), "redirect" },
{ -1, NULL, 0, NULL },
{ -1, NULL, 0, NULL },
{ ICMP_ECHO, NULL, 0, "echo" },
{ ICMP_ROUTERADVERT, NULL, 0, "routeradvert" },
{ ICMP_ROUTERSOLICIT, NULL, 0, "routersolicit" },
{ ICMP_TIMXCEED, timxceednames,
IST_SZ(timxceednames), "timxceed" },
{ ICMP_PARAMPROB, paramnames,
IST_SZ(paramnames), "paramprob" },
{ ICMP_TSTAMP, NULL, 0, "timestamp" },
{ ICMP_TSTAMPREPLY, NULL, 0, "timestampreply" },
{ ICMP_IREQ, NULL, 0, "inforeq" },
{ ICMP_IREQREPLY, NULL, 0, "inforeply" },
{ ICMP_MASKREQ, NULL, 0, "maskreq" },
{ ICMP_MASKREPLY, NULL, 0, "maskreply" },
{ -2, NULL, 0, NULL }
};
static icmp_subtype_t icmpredirect6[] = {
{ ICMP6_DST_UNREACH_NOROUTE, "noroute" },
{ ICMP6_DST_UNREACH_ADMIN, "admin" },
{ ICMP6_DST_UNREACH_NOTNEIGHBOR, "neighbour" },
{ ICMP6_DST_UNREACH_ADDR, "address" },
{ ICMP6_DST_UNREACH_NOPORT, "noport" },
{ -2, NULL }
};
static icmp_subtype_t icmptimexceed6[] = {
{ ICMP6_TIME_EXCEED_TRANSIT, "intransit" },
{ ICMP6_TIME_EXCEED_REASSEMBLY, "reassem" },
{ -2, NULL }
};
static icmp_subtype_t icmpparamprob6[] = {
{ ICMP6_PARAMPROB_HEADER, "header" },
{ ICMP6_PARAMPROB_NEXTHEADER, "nextheader" },
{ ICMP6_PARAMPROB_OPTION, "option" },
{ -2, NULL }
};
static icmp_subtype_t icmpquerysubject6[] = {
{ ICMP6_NI_SUBJ_IPV6, "ipv6" },
{ ICMP6_NI_SUBJ_FQDN, "fqdn" },
{ ICMP6_NI_SUBJ_IPV4, "ipv4" },
{ -2, NULL },
};
static icmp_subtype_t icmpnodeinfo6[] = {
{ ICMP6_NI_SUCCESS, "success" },
{ ICMP6_NI_REFUSED, "refused" },
{ ICMP6_NI_UNKNOWN, "unknown" },
{ -2, NULL }
};
static icmp_subtype_t icmprenumber6[] = {
{ ICMP6_ROUTER_RENUMBERING_COMMAND, "command" },
{ ICMP6_ROUTER_RENUMBERING_RESULT, "result" },
{ ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET, "seqnum_reset" },
{ -2, NULL }
};
static icmp_type_t icmptypes6[] = {
{ 0, NULL, 0, NULL },
{ ICMP6_DST_UNREACH, icmpredirect6,
IST_SZ(icmpredirect6), "unreach" },
{ ICMP6_PACKET_TOO_BIG, NULL, 0, "toobig" },
{ ICMP6_TIME_EXCEEDED, icmptimexceed6,
IST_SZ(icmptimexceed6), "timxceed" },
{ ICMP6_PARAM_PROB, icmpparamprob6,
IST_SZ(icmpparamprob6), "paramprob" },
{ ICMP6_ECHO_REQUEST, NULL, 0, "echo" },
{ ICMP6_ECHO_REPLY, NULL, 0, "echoreply" },
{ ICMP6_MEMBERSHIP_QUERY, icmpquerysubject6,
IST_SZ(icmpquerysubject6), "groupmemberquery" },
{ ICMP6_MEMBERSHIP_REPORT,NULL, 0, "groupmemberreport" },
{ ICMP6_MEMBERSHIP_REDUCTION,NULL, 0, "groupmemberterm" },
{ ND_ROUTER_SOLICIT, NULL, 0, "routersolicit" },
{ ND_ROUTER_ADVERT, NULL, 0, "routeradvert" },
{ ND_NEIGHBOR_SOLICIT, NULL, 0, "neighborsolicit" },
{ ND_NEIGHBOR_ADVERT, NULL, 0, "neighboradvert" },
{ ND_REDIRECT, NULL, 0, "redirect" },
{ ICMP6_ROUTER_RENUMBERING, icmprenumber6,
IST_SZ(icmprenumber6), "routerrenumber" },
{ ICMP6_WRUREQUEST, NULL, 0, "whoareyourequest" },
{ ICMP6_WRUREPLY, NULL, 0, "whoareyoureply" },
{ ICMP6_FQDN_QUERY, NULL, 0, "fqdnquery" },
{ ICMP6_FQDN_REPLY, NULL, 0, "fqdnreply" },
{ ICMP6_NI_QUERY, icmpnodeinfo6,
IST_SZ(icmpnodeinfo6), "nodeinforequest" },
{ ICMP6_NI_REPLY, NULL, 0, "nodeinforeply" },
{ MLD6_MTRACE_RESP, NULL, 0, "mtraceresponse" },
{ MLD6_MTRACE, NULL, 0, "mtracerequest" },
{ -2, NULL, 0, NULL }
};
static icmp_subtype_t *find_icmpsubtype(type, table, tablesz)
int type;
icmp_subtype_t *table;
size_t tablesz;
{
icmp_subtype_t *ist;
int i;
if (tablesz < 2)
return NULL;
if ((type < 0) || (type > table[tablesz - 2].ist_val))
return NULL;
i = type;
if (table[type].ist_val == type)
return table + type;
for (i = 0, ist = table; ist->ist_val != -2; i++, ist++)
if (ist->ist_val == type)
return ist;
return NULL;
}
static icmp_type_t *find_icmptype(type, table, tablesz)
int type;
icmp_type_t *table;
size_t tablesz;
{
icmp_type_t *it;
int i;
if (tablesz < 2)
return NULL;
if ((type < 0) || (type > table[tablesz - 2].it_val))
return NULL;
i = type;
if (table[type].it_val == type)
return table + type;
for (i = 0, it = table; it->it_val != -2; i++, it++)
if (it->it_val == type)
return it;
return NULL;
}
static void handlehup(sig)
int sig;
@ -231,7 +402,7 @@ static void init_tabs()
setprotoent(1);
while ((p = getprotoent()) != NULL)
if (p->p_proto >= 0 && p->p_proto <= 255 &&
p->p_name != NULL)
p->p_name != NULL && protocols[p->p_proto] == NULL)
protocols[p->p_proto] = strdup(p->p_name);
endprotoent();
}
@ -322,10 +493,11 @@ u_32_t *ip;
ipa.s_addr = *ip;
if (!res)
return inet_ntoa(ipa);
hp = gethostbyaddr((char *)ip, sizeof(ip), AF_INET);
hp = gethostbyaddr((char *)ip, sizeof(*ip), AF_INET);
if (!hp)
return inet_ntoa(ipa);
sprintf(hname, "%.*s[%s]", MAXHOSTNAMELEN, hp->h_name, inet_ntoa(ipa));
sprintf(hname, "%.*s[%s]", MAXHOSTNAMELEN, hp->h_name,
inet_ntoa(ipa));
return hname;
}
#ifdef USE_INET6
@ -362,62 +534,64 @@ u_int port;
}
#define TYPECODE(x,y) (((x) << 8) | (y))
static char *icmpname(type, code)
u_int type;
u_int code;
{
static char name[80];
char codeval[8], *s;
u_int typecode;
sprintf(codeval, "%d", code);
icmp_subtype_t *ist;
icmp_type_t *it;
char *s;
s = NULL;
if (type < ICMPTYPES)
s = icmptypes[type];
it = find_icmptype(type, icmptypes, sizeof(icmptypes) / sizeof(*it));
if (it != NULL)
s = it->it_name;
if (s == NULL)
sprintf(name, "icmptype(%d)/", type);
else
sprintf(name, "%s/", s);
if (type == ICMP_UNREACH) {
if (code >= ICMPUNREACHNAMES)
sprintf(name + strlen(name), "%d", code);
else
strcat(name, icmpunreachnames[code]);
} else {
typecode = (type << 8) | code;
ist = NULL;
if (it != NULL && it->it_subtable != NULL)
ist = find_icmpsubtype(code, it->it_subtable, it->it_stsize);
switch (typecode)
{
case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_NET) :
strcat(name, "net");
break;
case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_HOST) :
strcat(name, "host");
break;
case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_TOSNET) :
strcat(name, "tosnet");
break;
case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_TOSHOST) :
strcat(name, "toshost");
break;
case TYPECODE(ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS) :
strcat(name, "intrans");
break;
case TYPECODE(ICMP_TIMXCEED, ICMP_TIMXCEED_REASS) :
strcat(name, "reass");
break;
case TYPECODE(ICMP_PARAMPROB, ICMP_PARAMPROB_OPTABSENT) :
strcat(name, "optabsent");
break;
default:
strcat(name, codeval);
break;
}
}
if (ist != NULL && ist->ist_name != NULL)
strcat(name, ist->ist_name);
else
sprintf(name + strlen(name), "%d", code);
return name;
}
static char *icmpname6(type, code)
u_int type;
u_int code;
{
static char name[80];
icmp_subtype_t *ist;
icmp_type_t *it;
char *s;
s = NULL;
it = find_icmptype(type, icmptypes6, sizeof(icmptypes6) / sizeof(*it));
if (it != NULL)
s = it->it_name;
if (s == NULL)
sprintf(name, "icmpv6type(%d)/", type);
else
sprintf(name, "%s/", s);
ist = NULL;
if (it != NULL && it->it_subtable != NULL)
ist = find_icmpsubtype(code, it->it_subtable, it->it_stsize);
if (ist != NULL && ist->ist_name != NULL)
strcat(name, ist->ist_name);
else
sprintf(name + strlen(name), "%d", code);
return name;
}
@ -432,6 +606,10 @@ int len;
int i, j, k;
u_char *s = buf, *t = (u_char *)line;
if (len == 0 || buf == 0)
return;
*line = '\0';
for (i = len, j = 0; i; i--, j++, s++) {
if (j && !(j & 0xf)) {
*t++ = '\n';
@ -447,7 +625,7 @@ int len;
t += 2;
if (!((j + 1) & 0xf)) {
s -= 15;
sprintf((char *)t, " ");
sprintf((char *)t, " ");
t += 8;
for (k = 16; k; k--, s++)
*t++ = (isprint(*s) ? *s : '.');
@ -491,7 +669,7 @@ int blen;
int res, i, len;
char *proto;
nl = (struct natlog *)((char *)ipl + sizeof(*ipl));
nl = (struct natlog *)((char *)ipl + IPLOG_SIZE);
res = (opts & OPT_RESOLVE) ? 1 : 0;
tm = localtime((time_t *)&ipl->ipl_sec);
len = sizeof(line);
@ -565,7 +743,7 @@ int blen;
struct tm *tm;
int res, i, len;
sl = (struct ipslog *)((char *)ipl + sizeof(*ipl));
sl = (struct ipslog *)((char *)ipl + IPLOG_SIZE);
res = (opts & OPT_RESOLVE) ? 1 : 0;
tm = localtime((time_t *)&ipl->ipl_sec);
len = sizeof(line);
@ -614,6 +792,13 @@ int blen;
(void) sprintf(t, "%s PR icmp %d",
hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst),
sl->isl_itype);
} else if (sl->isl_p == IPPROTO_ICMPV6) {
(void) sprintf(t, "%s -> ", hostname(res, sl->isl_v,
(u_32_t *)&sl->isl_src));
t += strlen(t);
(void) sprintf(t, "%s PR icmpv6 %d",
hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst),
sl->isl_itype);
}
t += strlen(t);
if (sl->isl_type != ISL_NEW) {
@ -708,7 +893,7 @@ int blen;
#endif
ipl = (iplog_t *)buf;
ipf = (ipflog_t *)((char *)buf + sizeof(*ipl));
ipf = (ipflog_t *)((char *)buf + IPLOG_SIZE);
ip = (ip_t *)((char *)ipf + sizeof(*ipf));
v = ip->ip_v;
res = (opts & OPT_RESOLVE) ? 1 : 0;
@ -738,13 +923,20 @@ int blen;
#if (SOLARIS || \
(defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
(defined(OpenBSD) && (OpenBSD >= 199603))) || defined(linux)
len = (int)sizeof(ipf->fl_ifname);
(void) sprintf(t, "%*.*s", len, len, ipf->fl_ifname);
{
char ifname[sizeof(ipf->fl_ifname) + 1];
strncpy(ifname, (char *)ipf->fl_ifname, sizeof(ipf->fl_ifname));
ifname[sizeof(ipf->fl_ifname)] = '\0';
(void) sprintf(t, "%s", ifname);
t += strlen(t);
# if SOLARIS
if (isalpha(*(t - 1)))
*t++ = '0' + ipf->fl_unit;
if (isalpha(*(t - 1))) {
sprintf(t, "%d", ipf->fl_unit);
t += strlen(t);
}
# endif
}
#else
for (len = 0; len < 3; len++)
if (ipf->fl_ifname[len] == '\0')
@ -754,7 +946,15 @@ int blen;
(void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit);
t += strlen(t);
#endif
(void) sprintf(t, " @%hu:%hu ", ipf->fl_group, ipf->fl_rule + 1);
if (ipf->fl_group == 0xffffffff)
strcat(t, " @-1:");
else
(void) sprintf(t, " @%u:", ipf->fl_group);
t += strlen(t);
if (ipf->fl_rule == 0xffffffff)
strcat(t, "-1 ");
else
(void) sprintf(t, "%u ", ipf->fl_rule + 1);
t += strlen(t);
if (ipf->fl_flags & FF_SHORT) {
@ -813,17 +1013,18 @@ int blen;
if ((p == IPPROTO_TCP || p == IPPROTO_UDP) && !off) {
tp = (tcphdr_t *)((char *)ip + hl);
if (!(ipf->fl_flags & (FI_SHORT << 16))) {
if (!(ipf->fl_flags & FF_SHORT)) {
(void) sprintf(t, "%s,%s -> ", hostname(res, v, s),
portname(res, proto, (u_int)tp->th_sport));
t += strlen(t);
(void) sprintf(t, "%s,%s PR %s len %hu %hu ",
(void) sprintf(t, "%s,%s PR %s len %hu %hu",
hostname(res, v, d),
portname(res, proto, (u_int)tp->th_dport),
proto, hl, plen);
t += strlen(t);
if (p == IPPROTO_TCP) {
*t++ = ' ';
*t++ = '-';
for (i = 0; tcpfl[i].value; i++)
if (tp->th_flags & tcpfl[i].value)
@ -843,13 +1044,20 @@ int blen;
(void) sprintf(t, "%s PR %s len %hu %hu",
hostname(res, v, d), proto, hl, plen);
}
} else if ((p == IPPROTO_ICMPV6) && !off && (v == 6)) {
ic = (struct icmp *)((char *)ip + hl);
(void) sprintf(t, "%s -> ", hostname(res, v, s));
t += strlen(t);
(void) sprintf(t, "%s PR icmpv6 len %hu %hu icmpv6 %s",
hostname(res, v, d), hl, plen,
icmpname6(ic->icmp_type, ic->icmp_code));
} else if ((p == IPPROTO_ICMP) && !off && (v == 4)) {
ic = (struct icmp *)((char *)ip + hl);
(void) sprintf(t, "%s -> ", hostname(res, v, s));
t += strlen(t);
(void) sprintf(t, "%s PR icmp len %hu %hu icmp %s",
hostname(res, v, d), hl, plen,
icmpname((u_int) ic->icmp_type, (u_int) ic->icmp_code));
icmpname(ic->icmp_type, ic->icmp_code));
if (ic->icmp_type == ICMP_UNREACH ||
ic->icmp_type == ICMP_SOURCEQUENCH ||
ic->icmp_type == ICMP_PARAMPROB ||
@ -931,9 +1139,9 @@ int blen;
t += strlen(t);
}
if (ipf->fl_flags & FR_INQUE)
if (ipf->fl_dir == 0)
strcpy(t, " IN");
else if (ipf->fl_flags & FR_OUTQUE)
else if (ipf->fl_dir == 1)
strcpy(t, " OUT");
t += strlen(t);
printipflog:
@ -986,7 +1194,8 @@ FILE *log;
int fd, flushed = 0;
if ((fd = open(file, O_RDWR)) == -1) {
(void) fprintf(stderr, "%s: open: %s\n", file,STRERROR(errno));
(void) fprintf(stderr, "%s: open: %s\n",
file, STRERROR(errno));
exit(1);
}
@ -1050,7 +1259,7 @@ char *argv[];
int fd[3], doread, n, i;
int tr, nr, regular[3], c;
int fdt[3], devices = 0, make_daemon = 0;
char buf[512], *iplfile[3];
char buf[IPLLOGSIZE], *iplfile[3], *s;
extern int optind;
extern char *optarg;
@ -1060,12 +1269,6 @@ char *argv[];
iplfile[1] = IPNAT_NAME;
iplfile[2] = IPSTATE_NAME;
argv0 = strrchr(argv[0], '/');
if (argv0 == NULL)
argv0 = argv[0];
else
argv0++;
while ((c = getopt(argc, argv, "?abDf:FhnN:o:O:pP:sS:tvxX")) != -1)
switch (c)
{
@ -1116,7 +1319,12 @@ char *argv[];
pidfile = optarg;
break;
case 's' :
openlog(argv0, LOG_NDELAY|LOG_PID, LOGFAC);
s = strrchr(argv[0], '/');
if (s == NULL)
s = argv[0];
else
s++;
openlog(s, LOG_NDELAY|LOG_PID, LOGFAC);
opts |= OPT_SYSLOG;
log = NULL;
break;
@ -1140,7 +1348,7 @@ char *argv[];
default :
case 'h' :
case '?' :
usage(argv0);
usage(argv[0]);
}
init_tabs();
@ -1165,8 +1373,8 @@ char *argv[];
/* NOTREACHED */
}
if (fstat(fd[i], &sb) == -1) {
(void) fprintf(stderr, "%d: fstat: %s\n",fd[i],
STRERROR(errno));
(void) fprintf(stderr, "%d: fstat: %s\n",
fd[i], STRERROR(errno));
exit(1);
/* NOTREACHED */
}
@ -1179,8 +1387,8 @@ char *argv[];
logfile = argv[optind];
log = logfile ? fopen(logfile, "a") : stdout;
if (log == NULL) {
(void) fprintf(stderr, "%s: fopen: %s\n", argv[optind],
STRERROR(errno));
(void) fprintf(stderr, "%s: fopen: %s\n",
argv[optind], STRERROR(errno));
exit(1);
/* NOTREACHED */
}
@ -1196,8 +1404,8 @@ char *argv[];
if ((pid = fork()) > 0)
exit(0);
if (pid < 0) {
(void) fprintf(stderr, "%s: fork() failed: %s\n", argv0,
STRERROR(errno));
(void) fprintf(stderr, "%s: fork() failed: %s\n",
argv[0], STRERROR(errno));
exit(1);
/* NOTREACHED */
}
@ -1222,7 +1430,8 @@ char *argv[];
if (!regular[i]) {
if (ioctl(fd[i], FIONREAD, &tr) == -1) {
if (opts & OPT_SYSLOG)
syslog(LOG_CRIT, "ioctl(FIONREAD): %m");
syslog(LOG_CRIT,
"ioctl(FIONREAD): %m");
else
perror("ioctl(FIONREAD)");
exit(1);

View File

@ -9,6 +9,9 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

View File

@ -3,6 +3,9 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
@ -77,7 +80,7 @@
#if 0
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: iptests.c,v 2.1.4.2 2001/07/15 22:00:14 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: iptests.c,v 2.1.4.5 2002/02/22 15:32:58 darrenr Exp $";
#endif
#endif
@ -303,14 +306,14 @@ int ptest;
ip->ip_len = MIN(768 + 20, mtu - 68);
i = 512;
for (; i < (63 * 1024 + 768); i += 768) {
ip->ip_off = htons(IP_MF | (i >> 3));
ip->ip_off = htons(IP_MF | ((i >> 3) & 0x1fff));
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
fflush(stdout);
PAUSE();
}
ip->ip_len = 896 + 20;
ip->ip_off = htons(i >> 3);
ip->ip_off = htons((i >> 3) & 0x1fff);
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
putchar('\n');
@ -337,7 +340,7 @@ int ptest;
ip->ip_len = MIN(768 + 20, mtu - 68);
i = 512;
for (; i < (63 * 1024 + 768); i += 768) {
ip->ip_off = htons(IP_MF | (i >> 3));
ip->ip_off = htons(IP_MF | ((i >> 3) & 0x1fff));
if ((rand() & 0x1f) != 0) {
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
@ -347,7 +350,7 @@ int ptest;
PAUSE();
}
ip->ip_len = 896 + 20;
ip->ip_off = htons(i >> 3);
ip->ip_off = htons((i >> 3) & 0x1fff);
if ((rand() & 0x1f) != 0) {
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
@ -374,14 +377,14 @@ int ptest;
ip->ip_len = MIN(768 + 20, mtu - 68);
i = 512;
for (; i < (32 * 1024 + 768); i += 768) {
ip->ip_off = htons(IP_MF | (i >> 3));
ip->ip_off = htons(IP_MF | ((i >> 3) & 0x1fff));
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
fflush(stdout);
PAUSE();
}
ip->ip_len = 896 + 20;
ip->ip_off = htons(i >> 3);
ip->ip_off = htons((i >> 3) & 0x1fff);
(void) send_ip(nfd, mtu, ip, gwip, 1);
printf("%d\r", i);
putchar('\n');
@ -1034,6 +1037,7 @@ int ptest;
struct sockaddr_in sin;
int fd, slen;
fd = -1;
bzero((char *)&sin, sizeof(sin));
for (i = 1; i < 63; i++) {
@ -1266,7 +1270,7 @@ int ptest;
for (j = 768; j < 3584; j += 768) {
ip->ip_len = sizeof(*ip) + 768;
ip->ip_off = htons(IP_MF|(j>>3));
ip->ip_off = htons(IP_MF|((j>>3) & 0x1fff));
(void) send_ip(nfd, 1500, ip, gwip, 1);
printf("%d %d\r", i, j);
fflush(stdout);
@ -1274,7 +1278,7 @@ int ptest;
ip->ip_len = sizeof(*ip) + 128;
for (k = j - 768; k < j; k += 128) {
ip->ip_off = htons(IP_MF|(k>>3));
ip->ip_off = htons(IP_MF|((k>>3) & 0x1fff));
(void) send_ip(nfd, 1500, ip, gwip, 1);
printf("%d %d\r", i, k);
fflush(stdout);

View File

@ -42,7 +42,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: sbpf.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: sbpf.c,v 2.1.4.2 2001/09/30 04:04:28 darrenr Exp $";
#endif
/*
@ -62,6 +62,8 @@ int sport, tout;
char bpfname[16];
int fd, i;
fd = -1;
for (i = 0; i < 16; i++)
{
(void) sprintf(bpfname, "/dev/bpf%d", i);

View File

@ -4,6 +4,9 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
# include <sys/ptimers.h>
#endif
#include <stdio.h>
#include <unistd.h>
#include <string.h>
@ -63,7 +66,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: sock.c,v 2.1.4.3 2001/07/15 22:00:14 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: sock.c,v 2.1.4.5 2002/02/22 15:32:58 darrenr Exp $";
#endif
@ -188,8 +191,6 @@ struct tcpiphdr *ti;
if (!(p = getproc()))
return NULL;
printf("fl %x ty %x cn %d mc %d\n",
f->f_flag, f->f_type, f->f_count, f->f_msgcount);
up = (struct user *)malloc(sizeof(*up));
#ifndef ultrix
if (KMCPY(up, p->p_uarea, sizeof(*up)) == -1)

View File

@ -36,8 +36,8 @@ However, the full complement is as follows:
ioctl(fd, SIOCFRSYN, u_int *)
ioctl(fd, SIOCFRZST, struct friostat **)
ioctl(fd, SIOCZRLST, struct frentry **)
ioctl(fd, SIOCAUTHW, struct fr_info **)
ioctl(fd, SIOCAUTHR, struct fr_info **)
ioctl(fd, SIOCAUTHW, struct frauth_t **)
ioctl(fd, SIOCAUTHR, struct frauth_t **)
ioctl(fd, SIOCATHST, struct fr_authstat **)
.fi
.PP
@ -123,7 +123,7 @@ Flags which are recognised in fr_flags:
FR_RETRST 0x000080 /* return a TCP RST packet if blocked */
FR_RETICMP 0x000100 /* return an ICMP packet if blocked */
FR_FAKEICMP 0x00180 /* Return ICMP unreachable with fake source */
FR_NOMATCH 0x000200 /* no match occured */
FR_NOMATCH 0x000200 /* No match occurred */
FR_ACCOUNT 0x000400 /* count packet bytes */
FR_KEEPFRAG 0x000800 /* keep fragment information */
FR_KEEPSTATE 0x001000 /* keep `connection' state information */

View File

@ -1,11 +1,11 @@
.\" $FreeBSD$
.TH IPFILTER 1
.SH NAME
IP FIlter
IP Filter
.SH DESCRIPTION
.PP
IP Filter is a package providing packet filtering capabilities for a variety
of operating systems. On a properly setup system, it can be used to build a
firewall.
.SH SEE ALSO
ipf(8), ipf(1), ipf(5), ipnat(1), ipnat(5), mkfilters(1)
ipf(8), ipf(1), ipf(5), ipnat(8), ipnat(5), mkfilters(1)

View File

@ -5,7 +5,7 @@ ipmon \- monitors /dev/ipl for logged packets
.SH SYNOPSIS
.B ipmon
[
.B \-aDFhnpstvxX
.B \-abDFhnpstvxX
] [
.B "\-N <device>"
] [
@ -77,6 +77,10 @@ In order for \fBipmon\fP to properly work, the kernel option
Open all of the device logfiles for reading log entries from. All entries
are displayed to the same output 'device' (stderr or syslog).
.TP
.B \-b
For rules which log the body of a packet, generate hex output representing
the packet contents afte the headers.
.TP
.B \-D
Cause ipmon to turn itself into a daemon. Using subshells or backgrounding
of ipmon is not required to turn it into an orphan so it can run indefinately.