d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r98005,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
darrenr 2002-06-07 08:58:22 +00:00
commit 05bc20a37a
15 changed files with 137 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
contrib/ipfilter/BSD/Makefile
View File

@ -231,6 +231,7 @@ clean:
${RM} -f *.core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl ipnat \
vnode_if.h $(LKM) ioconf.h *.ko setdef1.c setdef0.c setdefs.h \
y.tab.? lex.yy.c ipfs
${RM} -f ../opt_inet6.h
${MAKE} -f Makefile.ipsend ${MFLAGS} clean
-(for i in *; do \

2
contrib/ipfilter/FreeBSD-4.0/kinstall
View File

@ -28,7 +28,7 @@ echo ""
echo "Linking /usr/include/osreldate.h to /sys/sys/osreldate.h"
ln -s /usr/include/osreldate.h /sys/sys/osreldate.h
set patchfile=FreeBSd-4.0/ipv6-patch-$krev
set patchfile=FreeBSD-4.0/ipv6-patch-$krev
if ( -f $patchfile ) then
echo ""
echo "Patching ip6_input.c and ip6_output.c"

39
contrib/ipfilter/HISTORY
View File

@ -22,6 +22,45 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
3.4.28 6/6/2002 - Released
Fix for H.323 proxy to work on little endian boxes
IRIX: Update installation documentation
add route lock patch
allow use of groups > 65535
create a new packet info summary for packets going through ipfr_fastroute()
so that where details are different (RST/ICMP errors), the packet now gets
correctly NAT'd, etc.
fix the FTP proxy so that checks for TCP sequence numbers outside the
normal offset due to data changes use absolute numbers
make it possible to remove rules in ipftest
Update installing onto OpenBSD and split into two directories:
OpenBSD-2 and OpenBSD-3
fix error in printout out the protocol in NAT rules
always unlock ipfilter if locking fails half way through in ipfs
fix problems with TCP window scaling
update of man pages for ipnat(4) and ipftest(1)
3.4.27 28/04/2002 - Released
fix calculation of 2's complmenent 16 bit checksum for user space
add mbuflen() to usespace compiles.
add more #ifdef complexity for platform portability
add OpenBSD 3.1 diffs
3.4.26 25/04/2002 - Released
fix parsing and printing of NAT rules with regression tests.

12
contrib/ipfilter/ip_sfil.c
View File

@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.16 2002/04/05 08:43:25 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.18 2002/06/06 10:47:26 darrenr Exp $";
#endif
#include <sys/types.h>
@ -61,7 +61,11 @@ int fr_running = 0;
int ipl_unreach = ICMP_UNREACH_HOST;
u_long ipl_frouteok[2] = {0, 0};
static int frzerostats __P((caddr_t));
#if SOLARIS2 >= 7
static u_int *ip_ttl_ptr;
#else
static u_long *ip_ttl_ptr;
#endif
static int frrequest __P((minor_t, int, caddr_t, int));
static int send_ip __P((fr_info_t *fin, mblk_t *m));
@ -196,6 +200,9 @@ int *rp;
if (IPL_LOGMAX < unit)
return ENXIO;
if (fr_running == 0 && (cmd != SIOCFRENB || unit != IPL_LOGIPF))
return ENODEV;
if (fr_running <= 0)
return 0;
@ -422,7 +429,8 @@ caddr_t data;
* Check that the group number does exist and that if a head group
* has been specified, doesn't exist.
*/
if ((req != SIOCZRLST) && fp->fr_grhead &&
if ((req != SIOCZRLST) && ((req == SIOCINAFR) || (req == SIOCINIFR) ||
(req == SIOCADAFR) || (req == SIOCADIFR)) && fp->fr_grhead &&
fr_findgroup(fp->fr_grhead, fp->fr_flags, unit, set, NULL)) {
error = EEXIST;
goto out;

7
contrib/ipfilter/ipf.c
View File

@ -50,7 +50,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.14 2002/04/10 04:56:36 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.16 2002/06/06 10:48:35 darrenr Exp $";
#endif
#if SOLARIS
@ -193,8 +193,11 @@ char *ipfdev;
if (!(opts & OPT_DONOTHING) && fd == -1)
if ((fd = open(ipfdev, O_RDWR)) == -1)
if ((fd = open(ipfdev, O_RDONLY)) == -1)
if ((fd = open(ipfdev, O_RDONLY)) == -1) {
perror("open device");
if (errno == ENODEV)
fprintf(stderr, "IPFilter enabled?\n");
}
return fd;
}

15
contrib/ipfilter/ipfs.c
View File

@ -45,7 +45,7 @@
#include "ipf.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.9 2002/04/17 17:42:59 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.11 2002/06/04 14:44:05 darrenr Exp $";
#endif
#ifndef IPF_SAVEDIR
@ -733,16 +733,16 @@ char *dirname;
devfd = opendevice(IPL_STATE);
if (devfd == -1)
return 1;
goto bad;
if (writestate(devfd, NULL))
return 1;
goto bad;
close(devfd);
devfd = opendevice(IPL_NAT);
if (devfd == -1)
return 1;
goto bad;
if (writenat(devfd, NULL))
return 1;
goto bad;
close(devfd);
if (setlock(fd, 0)) {
@ -751,6 +751,11 @@ char *dirname;
}
return 0;
bad:
setlock(fd, 0);
close(fd);
return 1;
}

4
contrib/ipfilter/ipnat.c
View File

@ -60,7 +60,7 @@ extern char *sys_errlist[];
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.20 2002/02/22 15:32:55 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.21 2002/06/06 10:49:19 darrenr Exp $";
#endif
@ -175,6 +175,8 @@ char *argv[];
((fd = open(IPL_NAT, O_RDONLY)) == -1)) {
(void) fprintf(stderr, "%s: open: %s\n", IPL_NAT,
STRERROR(errno));
if (errno == ENODEV)
fprintf(stderr, "IPFilter enabled?\n");
exit(1);
}
if (ioctl(fd, SIOCGNATS, &nsp) == -1) {

2
contrib/ipfilter/ipsend/ip_var.h
View File

@ -44,7 +44,7 @@ struct ipq {
* Note: ipf_next must be at same offset as ipq_next above
*/
struct ipasfrag {
#if defined(vax) || defined(i386)
#if defined(vax) || defined(i386) || defined(__i386__)
u_char ip_hl:4,
ip_v:4;
#endif

52
contrib/ipfilter/ipt.c
View File

@ -64,7 +64,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.21 2002/03/26 15:54:40 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.22 2002/06/04 14:52:58 darrenr Exp $";
#endif
extern char *optarg;
@ -76,6 +76,7 @@ extern ipnat_t *natparse __P((char *, int));
extern int fr_running;
int opts = 0;
int rremove = 0;
int use_inet6 = 0;
int main __P((int, char *[]));
int loadrules __P((char *));
@ -111,7 +112,7 @@ char *argv[];
ipflog_init();
fr_running = 1;
while ((c = getopt(argc, argv, "6bdDEHi:I:l:NoPr:STvxX")) != -1)
while ((c = getopt(argc, argv, "6bdDEHi:I:l:NoPr:RSTvxX")) != -1)
switch (c)
{
case '6' :
@ -163,6 +164,9 @@ char *argv[];
case 'P' :
r = &pcap;
break;
case 'R' :
rremove = 1;
break;
case 'S' :
r = &snoop;
break;
@ -330,20 +334,44 @@ char *file;
if (!(fr = natparse(line, linenum)))
continue;
i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCADNAT,
(caddr_t)&fr, FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr, "iplioctl(ADNAT,%p,1) = %d\n",
fr, i);
if (rremove == 0) {
i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCADNAT,
(caddr_t)&fr,
FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr,
"iplioctl(ADNAT,%p,1) = %d\n",
fr, i);
} else {
i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCRMNAT,
(caddr_t)&fr,
FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr,
"iplioctl(RMNAT,%p,1) = %d\n",
fr, i);
}
} else {
if (!(fr = parse(line, linenum)))
continue;
i = IPL_EXTERN(ioctl)(0, SIOCADAFR, (caddr_t)&fr,
FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr, "iplioctl(ADAFR,%p,1) = %d\n",
fr, i);
if (rremove == 0) {
i = IPL_EXTERN(ioctl)(0, SIOCADAFR,
(caddr_t)&fr,
FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr,
"iplioctl(ADAFR,%p,1) = %d\n",
fr, i);
} else {
i = IPL_EXTERN(ioctl)(0, SIOCRMAFR,
(caddr_t)&fr,
FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr,
"iplioctl(RMAFR,%p,1) = %d\n",
fr, i);
}
}
}
(void)fclose(fp);

14
contrib/ipfilter/man/ipnat.5
View File

@ -19,17 +19,19 @@ mapit ::= "map" | "bimap" .
fromto ::= "from" object "to" object .
ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask .
dstipmask ::= ipmask | "range" ip "-" ip .
mapport ::= "portmap" tcpudp portnumber ":" portnumber .
mapport ::= "portmap" tcpudp portspec .
options ::= [ tcpudp ] [ rr ] .
object = addr [ port-comp | port-range ] .
addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
port-comp = "port" compare port-num .
port-range = "port" port-num range port-num .
object :: = addr [ port-comp | port-range ] .
addr :: = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
port-comp :: = "port" compare port-num .
port-range :: = "port" port-num range port-num .
rr ::= "round-robin" .
nummask = host-name [ "/" decnumber ] .
tcpudp ::= "tcp" | "udp" | "tcp/udp" .
portnumber ::= number { numbers } | "auto" .
portspec ::= "auto" | portnumber ":" portnumber .
portnumber ::= number { numbers } .
ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers .
numbers ::= '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' .

6
contrib/ipfilter/mlf_ipl.c
View File

@ -13,7 +13,11 @@
#if defined(__FreeBSD__)
# ifndef __FreeBSD_version
# include <sys/osreldate.h>
# ifdef IPFILTER_LKM
# include <osreldate.h>
# else
# include <sys/osreldate.h>
# endif
# endif
# ifdef IPFILTER_LKM
# define ACTUALLY_LKM_NOT_KERNEL

2
contrib/ipfilter/parse.c
View File

@ -147,7 +147,7 @@ int linenum;
}
fil.fr_icode = j;
}
} else if (!strncasecmp(*(cpp+1), "return-rst", 10)) {
} else if (!strcasecmp(*(cpp+1), "return-rst")) {
fil.fr_flags |= FR_RETRST;
cpp++;
}

14
contrib/ipfilter/printnat.c
View File

@ -58,7 +58,7 @@ extern char *sys_errlist[];
#endif
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.8 2002/04/25 16:44:13 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.9 2002/05/03 11:48:49 darrenr Exp $";
#endif
@ -442,6 +442,12 @@ int opts;
printf("\n\tip modulous %d", np->in_pmax);
} else if (np->in_pmin || np->in_pmax) {
printf(" portmap");
if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP)
printf(" tcp/udp");
else if (np->in_flags & IPN_TCP)
printf(" tcp");
else if (np->in_flags & IPN_UDP)
printf(" udp");
if (np->in_flags & IPN_AUTOPORTMAP) {
printf(" auto");
if (opts & OPT_DEBUG)
@ -450,12 +456,6 @@ int opts;
ntohs(np->in_pmax),
np->in_ippip, np->in_ppip);
} else {
if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP)
printf(" tcp/udp");
else if (np->in_flags & IPN_TCP)
printf(" tcp");
else if (np->in_flags & IPN_UDP)
printf(" udp");
printf(" %d:%d", ntohs(np->in_pmin),
ntohs(np->in_pmax));
}

6
contrib/ipfilter/test/Makefile
View File

@ -18,7 +18,7 @@ first:
ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17
# Rule parsing tests
ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12
ntests: n1 n2 n3 n4 n5 n6 n7
@ -45,7 +45,7 @@ f15 f16:
f17:
@/bin/sh ./mhtest $@
i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11:
i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12:
@/bin/sh ./itest $@
n1 n2 n3 n4 n5 n6 n7:
@ -65,7 +65,7 @@ ipv6.1 ipv6.2:
clean:
/bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f13 f12 f14 f15 f16 f17
/bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
/bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12
/bin/rm -f n1 n2 n3 n4 n5 n6 n7
/bin/rm -f ni1 ni2 ni3 ni4 ni5
/bin/rm -f in1 in2 in3 in4

6
contrib/ipfilter/test/expected/in1
View File

@ -7,9 +7,9 @@ map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap udp 20000:29999
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 30000:39999
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap auto
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap auto
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap auto
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp auto
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap udp auto
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp auto
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ppp0 192.168.0.0/16 -> 0.0.0.0/32 proxy port 1010 ftp/tcp
map le0 0.0.0.0/0 -> 0.0.0.0/32 frag