d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove some paths preparing for a re-copy from head

Browse Source
This commit is contained in:
ngie 2015-10-05 03:25:30 +00:00
parent a9fe170df1
commit 115d008392
340 changed files with 0 additions and 72805 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
contrib/ipfilter/BNF
View File

@ -1,81 +0,0 @@
filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ]
[ proto ] [ ip ] [ group ] [ tag ] [ pps ] .
insert = "@" decnumber .
action = block | "pass" | log | "count" | auth | call .
in-out = "in" | "out" .
options = [ log ] [ "quick" ] [ onif [ dup ] [ froute ] ] .
tos = "tos" decnumber | "tos" hexnumber .
ttl = "ttl" decnumber .
proto = "proto" protocol .
ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
group = [ "head" decnumber ] [ "group" decnumber ] .
pps = "pps" decnumber .
onif = "on" interface-name [ "out-via" interface-name ] .
block = "block" [ return-icmp[return-code] | "return-rst" ] .
auth = "auth" | "preauth" .
log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
tag = "tag" tagid .
call = "call" [ "now" ] function-name "/" decnumber.
dup = "dup-to" interface-name[":"ipaddr] .
froute = "fastroute" | "to" interface-name .
replyto = "reply-to" interface-name [ ":" ipaddr ] .
protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber .
srcdst = "all" | fromto .
fromto = "from" object "to" object .
return-icmp = "return-icmp" | "return-icmp-as-dest" .
loglevel = facility"."priority | priority .
object = addr [ port-comp | port-range ] .
addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
port-comp = "port" compare port-num .
port-range = "port" port-num range port-num .
flags = "flags" flag { flag } [ "/" flag { flag } ] .
with = "with" | "and" .
icmp = "icmp-type" icmp-type [ "code" decnumber ] .
return-code = "("icmp-code")" .
keep = "keep" "state" [ "limit" number ] | "keep" "frags" .
nummask = host-name [ "/" decnumber ] .
host-name = ipaddr | hostname | "any" .
ipaddr = host-num "." host-num "." host-num "." host-num .
host-num = digit [ digit [ digit ] ] .
port-num = service-name | decnumber .
withopt = [ "not" | "no" ] opttype [ [ "," ] withopt ] .
opttype = "ipopts" | "short" | "nat" | "bad-src" | "lowttl" | "frag" |
"mbcast" | "opt" ipopts .
optname = ipopts [ "," optname ] .
ipopts = optlist | "sec-class" [ secname ] .
secname = seclvl [ "," secname ] .
seclvl = "unclass" | "confid" | "reserv-1" | "reserv-2" | "reserv-3" |
"reserv-4" | "secret" | "topsecret" .
icmp-type = "unreach" | "echo" | "echorep" | "squench" | "redir" |
"timex" | "paramprob" | "timest" | "timestrep" | "inforeq" |
"inforep" | "maskreq" | "maskrep" | "routerad" |
"routersol" | decnumber .
icmp-code = decumber | "net-unr" | "host-unr" | "proto-unr" | "port-unr" |
"needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" |
"net-prohib" | "host-prohib" | "net-tos" | "host-tos" |
"filter-prohib" | "host-preced" | "cutoff-preced" .
optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | "tr" |
"sec" | "lsrr" | "e-sec" | "cipso" | "satid" | "ssrr" | "addext" |
"visa" | "imitd" | "eip" | "finn" .
facility = "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" |
"lpr" | "news" | "uucp" | "cron" | "ftp" | "authpriv" |
"audit" | "logalert" | "local0" | "local1" | "local2" |
"local3" | "local4" | "local5" | "local6" | "local7" .
priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" |
"info" | "debug" .
hexnumber = "0" "x" hexstring .
hexstring = hexdigit [ hexstring ] .
decnumber = digit [ decnumber ] .
compare = "=" | "!=" | "<" | ">" | "<=" | ">=" | "eq" | "ne" | "lt" | "gt" |
"le" | "ge" .
range = "<>" | "><" .
hexdigit = digit | "a" | "b" | "c" | "d" | "e" | "f" .
digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" .
flag = "F" | "S" | "R" | "P" | "A" | "U" | "C" | "W" .

12
contrib/ipfilter/BugReport
View File

@ -1,12 +0,0 @@
Please submit this information at SourceForge using this URL:
http://sourceforge.net/tracker/?func=add&group_id=169098&atid=849053
Please also send an email to darrenr@reed.wattle.id.au.
Some information that I generally find important:
--------------------------
* IP Filter Version
* Operating System and its Version
* Configuration: (LKM or compiled-into-kernel)
* Description of problem
* How to repeat

1830
contrib/ipfilter/HISTORY
View File

File diff suppressed because it is too large Load Diff

16
contrib/ipfilter/LICENCE
View File

@ -1,16 +0,0 @@
/*
* Copyright (C) 1993-2000 by Darren Reed.
*
* The author accepts no responsibility for the use of this software and
* provides it on an ``as is'' basis without express or implied warranty.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
* I hate legaleese, don't you ?
*/

410
contrib/ipfilter/Makefile
View File

@ -1,410 +0,0 @@
#
# Copyright (C) 2012 by Darren Reed.
#
# Redistribution and use in source and binary forms are permitted
# provided that this notice is preserved and due credit is given
# to the original author and the contributors.
#
# $FreeBSD$
# Id: Makefile,v 2.76.2.24 2007/09/26 10:04:03 darrenr Exp $
#
SHELL=/bin/sh
BINDEST=/usr/local/bin
SBINDEST=/sbin
MANDIR=/usr/local/man
#To test prototyping
CC=gcc -Wstrict-prototypes -Wmissing-prototypes -Wunused -Wuninitialized
#CC=gcc
#CC=cc -Dconst=
DEBUG=-g
# -O
CFLAGS=-I$$(TOP) -D_BSD_SOURCE
CPU=`uname -m`
CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`
OBJ=.
#
# To enable this to work as a Loadable Kernel Module...
#
IPFLKM=-DIPFILTER_LKM
#
# To enable logging of blocked/passed packets...
#
IPFLOG=-DIPFILTER_LOG
#
# To enable loading filter rules compiled to C code...
#
#COMPIPF=-DIPFILTER_COMPILED
#
# To enable IPFilter compatibility with older CLI utilities
#
#COMPATIPF=-DIPFILTER_COMPAT
#
# To enable synchronisation between IPFilter hosts
#
#SYNC=-DIPFILTER_SYNC
#
# The facility you wish to log messages from ipmon to syslogd with.
#
LOGFAC=-DLOGFAC=LOG_SECURITY
#
# To enable rules to be written with BPF syntax, uncomment these two lines.
#
# WARNING: If you're building a commercial product based on IPFilter, using
# this options *may* infringe at least one patent held by CheckPoint
# (5,606,668.)
#
#IPFBPF=-DIPFILTER_BPF -I/usr/local/include
#LIBBPF=-L/usr/local/lib -lpcap
#
# HP-UX and Solaris require this uncommented for BPF.
#
#BPFILTER=bpf_filter.o
#
# LINUXKERNEL is the path to the top of your Linux kernel source tree.
# By default IPFilter looks for /usr/src/linux, but you may have to change
# it to /usr/src/linux-2.4 or similar.
#
LINUXKERNEL=/usr/src/kernels/2.6.29.5-191.fc11.i586
LINUX=`uname -r | awk -F. ' { printf"%d",$$1;for(i=1;i<NF&&i<3;i++){printf("%02d",$$(i+1));}}'`
#
#
#
#BUILDROOT=/usr/src/redhat/BUILD/ipfilter
BUILDROOT=${HOME}/rpmbuild/BUILDROOT/ipfilter-4.1.32-1.i386
#
# All of the compile-time options are here, used for compiling the userland
# tools for regression testing. Well, all except for IPFILTER_LKM, of course.
#
ALLOPTS=-DIPFILTER_LOG -DIPFILTER_LOOKUP \
-DIPFILTER_SYNC -DIPFILTER_CKSUM
#
# Uncomment the next 3 lines if you want to view the state table a la top(1)
# (requires that you have installed ncurses).
#STATETOP_CFLAGS=-DSTATETOP
#
# Where to find the ncurses include files (if not in default path),
#
#STATETOP_INC=
#STATETOP_INC=-I/usr/local/include
#
# How to link the ncurses library
#
#STATETOP_LIB=-lncurses
#STATETOP_LIB=-L/usr/local/lib -lncurses
#
# Uncomment this when building IPv6 capability.
#
INET6=-DUSE_INET6
#
# For packets which don't match any pass rules or any block rules, set either
# FR_PASS or FR_BLOCK (respectively). It defaults to FR_PASS if left
# undefined. This is ignored for ipftest, which can thus return three
# results: pass, block and nomatch. This is the sort of "block unless
# explicitly allowed" type #define switch.
#
POLICY=-DIPF_DEFAULT_PASS=FR_PASS
#
MFLAGS1='CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2) $(SGIREV) $(INET6)' \
"IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
"LIBBPF=$(LIBBPF)" "CPUDIR=$(CPUDIR)" "IPFBPF=$(IPFBPF)" \
'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' "BPFILTER=$(BPFILTER)" \
'STATETOP_INC=$(STATETOP_INC)' 'STATETOP_LIB=$(STATETOP_LIB)' \
"BITS=$(BITS)" "OBJ=$(OBJ)" "LOOKUP=$(LOOKUP)" "COMPIPF=$(COMPIPF)" \
"COMPATIPF=$(COMPATIPF)" \
'SYNC=$(SYNC)' 'ALLOPTS=$(ALLOPTS)' 'LIBBPF=$(LIBBPF)'
MFLAGS=$(MFLAGS1) "IPFLKM=$(IPFLKM)"
MACHASSERT=`/bin/ls -1 /usr/sys/*/mach_assert.h | head -1`
#
SHELL=/bin/sh
#
########## ########## ########## ########## ########## ########## ##########
#
CP=/bin/cp
RM=/bin/rm
CHMOD=/bin/chmod
INSTALL=install
#
all:
@echo "Chose one of the following targets for making IP filter:"
@echo ""
@echo "solaris - auto-selects SunOS4.1.x/Solaris 2.3-6/Solaris2.4-6x86"
@echo "netbsd - compile for NetBSD"
@echo "openbsd - compile for OpenBSD"
@echo "freebsd20 - compile for FreeBSD 2.0, 2.1 or earlier"
@echo "freebsd22 - compile for FreeBSD-2.2 or greater"
@echo "freebsd - compile for all other versions of FreeBSD"
@echo "bsd - compile for generic 4.4BSD systems"
@echo "bsdi - compile for BSD/OS"
@echo "irix - compile for SGI IRIX"
@echo "hpux - compile for HP-UX 11.00"
@echo "osf - compile for OSF/Tru64 5.1"
@echo ""
tests:
@if [ -d test ]; then (cd test; make) \
else echo test directory not present, sorry; fi
retest:
@if [ -d test ]; then (cd test; make clean && make) \
else echo test directory not present, sorry; fi
include:
-mkdir -p net netinet
if [ ! -f netinet/done ] ; then \
(cd netinet; ln -s ../*.h .; ln -s ../ip_*_pxy.c .;); \
(cd netinet; ln -s ../ipsend/tcpip.h tcpip.h); \
touch netinet/done; \
fi
-(cd netinet; ln -s ../ip_rules.h ip_rules.h)
sunos solaris: include
MAKE="$(MAKE)" MAKEFLAGS="$(MAKEFLAGS)" BPFILTER=$(BPFILTER) \
CC="$(CC)" DEBUG="$(DEBUG)" ./buildsunos
freebsd:
make freebsd`uname -r|cut -c1`
freebsd22: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
-rm -f BSD/$(CPUDIR)/ioconf.h
-if [ x$(IPFILKERN) != x ] ; then \
if [ -f /sys/compile/$(IPFILKERN)/ioconf.h ] ; then \
ln -s /sys/compile/$(IPFILKERN)/ioconf.h BSD/$$y; \
else \
ln -s /sys/$(IPFILKERN)/ioconf.h BSD/$$y; \
fi \
else \
x=`uname -v|sed -e 's@^.*:\(/[^: ]*\).*$$@\1/ioconf.h@'`; \
y=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`; \
if [ ! -f $$x ] ; then \
echo -n "Can't find ioconf.h at $$x "; \
exit 1;\
else \
ln -s $$x BSD/$$y ; \
fi \
fi
make freebsd20
freebsd5 freebsd6 freebsd7 freebsd8: include
if [ x$(INET6) = x ] ; then \
echo "#undef INET6" > opt_inet6.h; \
else \
echo "#define INET6" > opt_inet6.h; \
fi
if [ "x$(IPFBPF)" = "x" ] ; then \
echo "#undef NBPF" > opt_bpf.h; \
echo "#undef NBPFILTER" > opt_bpf.h; \
echo "#undef DEV_BPF" > opt_bpf.h; \
else \
echo "#define NBPF" > opt_bpf.h; \
echo "#define NBPFILTER" > opt_bpf.h; \
echo "#define DEV_BPF" > opt_bpf.h; \
fi
if [ x$(ENABLE_PFIL) = x ] ; then \
echo "#undef PFIL_HOOKS" > opt_pfil.h; \
else \
echo "#define PFIL_HOOKS" > opt_pfil.h; \
fi
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko.5" "LKMR=ipfrule.ko.5" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..)
# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
freebsd4 : include
if [ x$(INET6) = x ] ; then \
echo "#undef INET6" > opt_inet6.h; \
else \
echo "#define INET6" > opt_inet6.h; \
fi
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko" "LKMR=ipfrule.ko" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
freebsd3 freebsd30: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS1) "ML=mlf_ipl.c" "MLR=mlf_rule.o" LKM= LKMR=; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
netbsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
@if [ ! -d /sys -o ! -d /sys/arch ] ; then \
echo "*****************************************************"; \
echo "* *"; \
echo "* Please extract source code to create /sys and *";\
echo "* /sys/arch and run 'config GENERIC' *"; \
echo "* *"; \
echo "*****************************************************"; \
exit 1; \
fi
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" LKMR= "MLR=mln_rule.o"; cd ..)
# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
openbsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mlo_ipl.c" LKMR= "MLR=mlo_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
freebsd20 freebsd21: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlf_ipl.c" "MLR=mlf_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
osf tru64: null include
make setup "TARGOS=OSF" "CPUDIR=`OSF/cpurev`"
(cd OSF/`OSF/cpurev`; make build TRU64=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "MACHASSERT=$(MACHASSERT)" "OSREV=`../cpurev`"; cd ..)
(cd OSF/`OSF/cpurev`; make -f Makefile.ipsend build TRU64=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..)
aix: null include
make setup "TARGOS=AIX" "CPUDIR=`AIX/cpurev`"
(cd AIX/`AIX/cpurev`; make build AIX=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "OSREV=`../cpurev`" BITS=`../bootbits.sh`; cd ..)
# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend build AIX=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..)
bsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" "MLR=mln_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
bsdi bsdos: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build "CC=$(CC)" TOP=../.. $(MFLAGS) LKM= LKMR= ; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build "CC=$(CC)" TOP=../.. $(MFLAGS); cd ..)
irix IRIX: include
make setup TARGOS=IRIX CPUDIR=`IRIX/cpurev`
if [ "x${SGIREV}" = "x" ] ; then \
make irix "SGIREV=-D_KMEMUSER -DIRIX=`IRIX/getrev`"; \
else \
(cd IRIX/`IRIX/cpurev`; smake -l -J 1 build TOP=../.. $(DEST) $(MFLAGS) IRIX=`../getrev` SGI=$$(IRIX) CPUDIR=`../cpurev`; cd ..); \
(cd IRIX/`IRIX/cpurev`; make -f Makefile.ipsend build TOP=../.. $(DEST) $(MFLAGS) IRIX=`../getrev` SGI=$$(IRIX) CPUDIR=`../cpurev`; cd ..); \
fi
setup:
-if [ ! -d $(TARGOS)/$(CPUDIR) ] ; then mkdir $(TARGOS)/$(CPUDIR); fi
-rm -f $(TARGOS)/$(CPUDIR)/Makefile $(TARGOS)/$(CPUDIR)/Makefile.ipsend
-ln -s ../Makefile $(TARGOS)/$(CPUDIR)/Makefile
-ln -s ../Makefile.ipsend $(TARGOS)/$(CPUDIR)/Makefile.ipsend
-if [ -f $(TARGOS)/Makefile.common ] ; then \
rm -f $(TARGOS)/$(CPUDIR)/Makefile.common; \
ln -s ../Makefile.common $(TARGOS)/$(CPUDIR)/Makefile.common;\
fi
clean: clean-include
/bin/rm -rf h y.output
${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl ipflkm \
vnode_if.h $(LKM) *~
/bin/rm -rf sparcv7 sparcv9 mdbgen_build
(cd SunOS4; $(MAKE) TOP=.. clean)
-(cd SunOS5; $(MAKE) TOP=.. clean)
(cd BSD; $(MAKE) TOP=.. clean)
(cd HPUX; $(MAKE) BITS=32 TOP=.. clean)
(cd Linux; $(MAKE) TOP=.. clean)
(cd OSF; $(MAKE) TOP=.. clean)
(cd AIX; $(MAKE) TOP=.. clean)
if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; $(MAKE) clean); fi
[ -d test ] && (cd test; $(MAKE) clean)
(cd ipsend; $(MAKE) clean)
clean-include:
sh -c 'if [ -d netinet ] ; then cd netinet; for i in *; do if [ -h $$i ] ; then /bin/rm -f $$i; fi; done fi'
sh -c 'if [ -d net ] ; then cd net; for i in *; do if [ -h $$i ] ; then /bin/rm -f $$i; fi; done fi'
${RM} -f netinet/done net/done
clean-bsd: clean-include
(cd BSD; make TOP=.. clean)
clean-hpux: clean-include
(cd HPUX; $(MAKE) BITS=32 clean)
clean-osf: clean-include
(cd OSF; make clean)
clean-aix: clean-include
(cd AIX; make clean)
clean-linux: clean-include
(cd Linux; make clean)
clean-sunos4: clean-include
(cd SunOS4; make clean)
clean-sunos5: clean-include
(cd SunOS5; $(MAKE) clean)
/bin/rm -rf sparcv?
clean-irix: clean-include
(cd IRIX; $(MAKE) clean)
h/xti.h:
mkdir -p h
ln -s /usr/include/sys/xti.h h
hpux: include h/xti.h
make setup CPUDIR=`HPUX/cpurev` TARGOS=HPUX
(cd HPUX/`HPUX/cpurev`; $(MAKE) build TOP=../.. $(DEST) $(MFLAGS) "BITS=`getconf KERNEL_BITS`" `../makeargs`; cd ..)
(cd HPUX/`HPUX/cpurev`; $(MAKE) -f Makefile.ipsend build TOP=../.. $(DEST) $(MFLAGS) "BITS=`getconf KERNEL_BITS`" `../makeargs`; cd ..)
sunos4 solaris1:
(cd SunOS4; make build TOP=.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
(cd SunOS4; make -f Makefile.ipsend build "CC=$(CC)" TOP=.. $(DEST) $(MFLAGS); cd ..)
sunos5 solaris2: null
(cd SunOS5/$(CPUDIR); $(MAKE) build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" INSTANCE=$(INSTANCE); cd ..)
(cd SunOS5/$(CPUDIR); $(MAKE) -f Makefile.ipsend build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
linux: include
(cd Linux; make build LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) LINUXKERNEL=$(LINUXKERNEL); cd ..)
(cd Linux; make ipflkm LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) LINUXKERNEL=$(LINUXKERNEL) WORKDIR=`pwd`; cd ..)
# (cd Linux; make -f Makefile.ipsend build LINUX=$(LINUX) TOP=.. "CC=$(CC)" $(MFLAGS); cd ..)
install-linux: linux
(cd Linux/; make LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) ROOTDIR=$(BUILDROOT) install ; cd ..)
install-bsd:
(cd BSD/$(CPUDIR); make install "TOP=../.." $(MFLAGS); cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..)
install-sunos4: solaris
(cd SunOS4; $(MAKE) CPU=$(CPU) TOP=.. install)
install-sunos5: solaris null
(cd SunOS5; $(MAKE) TOP=.. install)
install-aix:
(cd AIX/`AIX/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..)
# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..)
install-hpux: hpux
(cd HPUX/`HPUX/cpurev`; $(MAKE) CPU=$(CPU) TOP=../.. "BITS=`getconf KERNEL_BITS`" install)
install-irix: irix
(cd IRIX; smake install CPU=$(CPU) TOP=.. $(DEST) $(MFLAGS) CPUDIR=`./cpurev`)
install-osf install-tru64:
(cd OSF/`OSF/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..)
do-cvs:
find . -type d -name CVS -print | xargs /bin/rm -rf
find . -type f -name .cvsignore -print | xargs /bin/rm -f
/bin/rm -f ip_msnrpc_pxy.c ip_sunrpc_pxy.c
ip_rules.c ip_rules.h: rules/ip_rules tools/ipfcomp.c
-./ipf -n -cc -f rules/ip_rules 2>/dev/null 1>&2
null:
@if [ "`$(MAKE) -v 2>&1 | sed -ne 's/GNU.*/GNU/p'`" = "GNU" ] ; then \
echo 'Do not use GNU make (gmake) to compile IPFilter'; \
exit 1; \
fi
-@echo make ok
mdb:
/bin/rm -rf mdbgen_build
mdbgen -D_KERNEL -DIPFILTER_LOG -DIPFILTER_LOOKUP -DSUNDDI \
-DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \
-I/home/dr146992/pfil -I/home/dr146992/ipf -f \
/usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h

104
contrib/ipfilter/NAT.FreeBSD
View File

@ -1,104 +0,0 @@
These are Instructions for Configuring A FreeBSD Box For NAT
After you have installed IpFilter.
You will need to change three files:
/etc/rc.local
/etc/rc.conf
/etc/natrules
You will have to:
1) Load the kernel module
2) Make the ipnat rules
3) Load the ipnat rules
4) Enable routing between interfaces
5) Add static routes for the subnet ranges
6) Configure your network interfaces
7) reboot the computer for the changes to take effect.
The FAQ was written by Chris Coleman <chris@@bbcc.ctc.edu>
This was tested using ipfilter 3.1.4 and FreeBSD 2.1.6-RELEASE
_________________________________________________________
1) Loading the Kernel Module
If you are using a Kernal Loadable Module you need to edit your
/etc/rc.local file and load the module at boot time.
use the line:
modload /lkm/if_ipl.o
If you are not loading a kernel module, skip this step.
_________________________________________________________
2) Setting up the NAT Rules
Make a file called /etc/natrules
put in the rules that you need for your system.
If you want to use the whole 10 Network. Try:
map fpx0 10.0.0.0/8 -> 208.8.0.1/32 portmap tcp/udp 10000:65000
_________________________________________________________
Here is an explaination of each part of the command:
map starts the command.
fpx0 is the interface with the real internet address.
10.0.0.0 is the subnet you want to use.
/8 is the subnet mask. ie 255.0.0.0
208.8.0.1 is the real ip address that you use.
/32 is the subnet mask 255.255.255.255, ie only use this ip address.
portmap tcp/udp 10000:65000
tells it to use the ports to redirect the tcp/udp calls through
The one line should work for the whole network.
_________________________________________________________
3) Loading the NAT Rules:
The NAT Rules will need to be loaded every time the computer
reboots.
In your /etc/rc.local put the line:
ipnat -f /etc/natrules
To check and see if it is loaded, as root type
ipnat -ls
_________________________________________________________
4) Enable Routing between interfaces.
Tell the kernel to route these addresses.
in the rc.local file put the line:
sysctl -w net.inet.ip.forwarding=1
_________________________________________________________
5) Static Routes to Subnet Ranges
Now you have to add a static routes for the subnet ranges.
Edit your /etc/sysconfig to add them at bootup.
static_routes="foo"
route_foo="10.0.0.0 -netmask 0xf0000000 -interface 10.0.0.1"
_________________________________________________________
6) Make sure that you have your interfaces configured.
I have two Intel Ether Express Pro B cards.
One is on 208.8.0.1 The other is on 10.0.0.1
You need to configure these in the /etc/sysconfig
network_interfaces="fxp0 fxp1"
ifconfig_fxp0="inet 208.8.0.1 netmask 255.255.255.0"
ifconfig_fxp1="inet 10.0.0.1 netmask 255.0.0.0"
_________________________________________________________

101
contrib/ipfilter/README
View File

@ -1,101 +0,0 @@
IP Filter - What's this about ?
============================
Web site: http://coombs.anu.edu.au/~avalon/ip-filter.html
How-to: http://www.obfuscation.org/ipf/ipf-howto.txt
The idea behind this package is allow those who use Unix workstations as
routers (a common occurance in Universities it appears) to apply packet
filtering to packets going in and out of them. This package has been
tested on all versions of SunOS 4.1 and Solaris 2.4/2.5, running on Sparcs.
It is also quite possible for this small kernel extension to be installed
and used effectively on Sun workstations which don't route IP, just for
added security. It can also be integrated with the multicast patches.
It has also been tested successfully on all of the modern free BSDs as
well as BSDI, and SGI's IRIX 6.2.
The filter keeps a rule list for both inbound and outbound sides of
the IP packet queue and a check is made as early as possible, aiming to
stop the packet before it even gets as far as being checked for source
route options. In the file "BNF", a set of rules for constructing filter
rules understood by this package is given. The files in the directory
"rules", "example.1" ... "example.sr" show example rules you might apply.
In practise, I've successfully isolated a workstation from all
machines except the NFS file servers on its local subnets (yeah, ok, so
this doesn't really increase security, because of NFS, but you get the
drift on how it can be applied and used). I've also successfully
setup and maintained my own firewalls using it with TIS's Firewall Toolkit,
including using it on an mbone router.
When using it with multicast IP, the calls to fr_check() should be
before the packet is unwrapped and after it is encapsulated. So the
filter routines will see the packet as a UDP packet, protocol XYZ.
Whether this is better or worse than having it filter on class D addresses
is debateable, but the idea behind this package is to be able to
discriminate between packets as they are on the 'wire', before they
get routed anywhere, etc.
It is worth noting, that it is possible, using a small MTU and
generating tiny fragmented IP packets to generate a TCP packet which
doesn't contain enough information to filter on the "flags". Filtering
on these types of packets is possible, but under the more general case
of the packets being "short". ICMP and UDP packets which are too small
(they don't contain a complete header) are dropped and logged, no questions
asked. When filtering on fragmented packets, the last fragment will get
through for TCP/UDP/ICMP packets.
Bugs/Problems
-------------
If you have a problem with IP Filter on your operating system, please email
a copy of the file "BugReport" with the details of your setup as required
and email to darrenr@pobox.com.
Some general notes.
-------------------
To add/delete a rule from memory, access to the device in /dev is needed,
allowing non-root maintenaince. The filter list in kernel memory is built
from the kernel's heap. Each packet coming *in* or *out* is checked against
the appropriate list, rejects dropped, others passed through. Thus this will
work on an individual host, not just gateways. Presently there is only one
list for all interfaces, the changes required to make it a per-interface list
require more .o replacements for the kernel. When checking a packet, the
packet is compared to the entire list from top to bottom, the last matching
line being effective.
What does what ?
----------------
if_fil.o (Loadable kernel module)
- additional kernel routines to check an access list as to whether
or not to drop or pass a packet. It currently defaults to pass
on all packets.
ipfstat
- digs through your kernel (need to check #define VMUNIX in fils.c)
and /dev/kmem for the access filter list and mini stats table.
Obviously needs to be run priviledged if required.
ipf
- reads the files passed as parameters as input files containing new
filter rules to add/delete to the kernel list. The lines are
inserted in order; the first line is inserted first, and ends up
first on the list. Subsequent invocations append to the list
unless specified otherwise.
ipftest
- test the ruleset given by filename. Reads in the ruleset and then
waits for stdin.
See the man pages (ipf.1, ipftest.1, ipfstat.8) for more detailed
information on what the above do.
mkfilters
- suggests a set of filter rules to employ and suggests how to add
routes to back these up.
BNF
- BNF rule set for the filter rules
Darren Reed
darrenr@pobox.com
http://coombs.anu.edu.au/~avalon/ip-filter.html

57
contrib/ipfilter/STYLE.TXT
View File

@ -1,57 +0,0 @@
Over time, I am moving all of the IPFilter code to what I consider a better
coding style than it had before. If you submit patches, I expect them to
conform as appropriate.
Function Comments
=================
Preceeding each and every function, a comment block like this should
be present:
/* ------------------------------------------------------------------------ */
/* Function: function-name */
/* Returns: return-type */
/* Parameters: param1(I) - param1 is an input parameter */
/* p2(O) - p2 is an output parameter passed as an arg */
/* par3(IO) - par3 is a parameter which is both input and */
/* output. Pointers to things which are used and */
/* then get a result stored in them qualify here. */
/* */
/* Description about what the function does. This comment should explain */
/* any gotchas or algorithms that are used which aren't obvious to the */
/* casual reader. It should not be an excuse to not use comments inside */
/* the function. */
/* ------------------------------------------------------------------------ */
Tab spacing
===========
Tabs are to be at 8 characters.
Conditions
==========
All expressions which evaluate to a boolean for a test condition, such as
in an if()/while() statement must involve a boolean operation. Since C
has no native boolean type, this means that one of <,>,<=,>=,==,!= must
be present. Implied boolean evaluations are out.
In code, the following is banned:
if (x)
if (!x)
while ((a = b))
and should be replaced by:
if (x != 0)
if (x == 0)
while ((a = b) != 0)
If pointers are involved, always compare with NULL, ie.:
if (x != NULL)
if (x == NULL)
while ((a = b) != NULL)

83
contrib/ipfilter/WhatsNew50.txt
View File

@ -1,83 +0,0 @@
What's new in 5.1
=================
General
-------
* all of the tuneables can now be set at any time, not just whilst disabled
or prior to loading rules;
* group identifiers may now be a number or name (universal);
* man pages rewritten
* tunables can now be set via ipf.conf;
Logging
-------
* ipmon.conf can now be used to generate SNMPv1 and SNMPv2 traps using
information from log entries from the kernel;
NAT changes
-----------
* DNS proxy for the kernel that can block queries based on domain names;
* FTP proxy can be configured to limit data connections to one or many
connections per client;
* NAT on IPv6 is now supported;
* rewrite command allows changing both the source and destination address
in a single NAT rule;
* simple encapsulation can now be configured with ipnat.conf,
* TFTP proxy now included;
Packet Filtering
----------------
* acceptance of ICMP packets for "keep state" rules can be refined through
the use of filtering rules;
* alternative form for writing rules using simple filtering expressions;
* CIPSO headers now recognised and analysed for filtering on DOI;
* comments can now be a part of a rule and loaded into the kernel and
thus displayed with ipfstat;
* decapsulation rules allow filtering on inner headers, providing they
are not encrypted;
* interface names, aside from that the packet is on, can be present in
filter rules;
* internally now a single list of filter rules, there is no longer an
IPv4 and IPv6 list;
* rules can now be added with an expiration time, allowing for their
automatic removal after some period of time;
* single file, ipf.conf, can now be used for both IPv4 and IPv6 rules;
* stateful filtering now allows for limits to be placed on the number
of distinct hosts allowed per rule;
Pools
-----
* addresses added to a pool via the command line (only!) can be given
an expiration timeout;
* destination lists are a new type of address pool, primarily for use with
NAT rdr rules, supporting newer algorithms for target selection;
* raw whois information saved to a file can be used to populate a pool;
Solaris
-------
* support for use in zones with exclusive IP instances fully supported.
Tools
-----
* use of matching expressions allows for refining what is displayed or
flushed;

3
contrib/ipfilter/Y2K
View File

@ -1,3 +0,0 @@
IP Filter is Year 2000 (Y2K) Compliant.
Darren

277
contrib/ipfilter/arc4random.c
View File

@ -1,277 +0,0 @@
/*-
* THE BEER-WARE LICENSE
*
* <dan@FreeBSD.ORG> wrote this file. As long as you retain this notice you
* can do whatever you want with this stuff. If we meet some day, and you
* think this stuff is worth it, you can buy me a beer in return.
*
* Dan Moschuk
*/
#if !defined(SOLARIS2) && !defined(__osf__)
# include <sys/cdefs.h>
#endif
#include <sys/types.h>
#include <sys/param.h>
#ifdef __FreeBSD__
# include <sys/kernel.h>
#endif
#if !defined(__osf__)
# include <sys/random.h>
#endif
#ifdef __FreeBSD__
# include <sys/libkern.h>
#endif
#include <sys/lock.h>
#ifndef __osf__
# include <sys/mutex.h>
#endif
#include <sys/time.h>
#if defined(SOLARIS2) && (SOLARIS2 < 9)
# include <netinet/in_systm.h>
#endif
#include <sys/socket.h>
#include <net/if.h>
#ifdef __osf__
# include <net/route.h>
#endif
#include <netinet/in.h>
#include <netinet/ip.h>
#include "netinet/ip_compat.h"
#ifdef HAS_SYS_MD5_H
# include <sys/md5.h>
#else
# include "md5.h"
#endif
#ifdef NEED_LOCAL_RAND
#if !defined(__GNUC__)
# define __inline
#endif
#define ARC4_RESEED_BYTES 65536
#define ARC4_RESEED_SECONDS 300
#define ARC4_KEYBYTES (256 / 8)
static u_int8_t arc4_i, arc4_j;
static int arc4_numruns = 0;
static u_int8_t arc4_sbox[256];
static time_t arc4_t_reseed;
static ipfmutex_t arc4_mtx;
static MD5_CTX md5ctx;
static u_int8_t arc4_randbyte(void);
static int ipf_read_random(void *dest, int length);
static __inline void
arc4_swap(u_int8_t *a, u_int8_t *b)
{
u_int8_t c;
c = *a;
*a = *b;
*b = c;
}
/*
* Stir our S-box.
*/
static void
arc4_randomstir (void)
{
u_int8_t key[256];
int r, n;
struct timeval tv_now;
/*
* XXX read_random() returns unsafe numbers if the entropy
* device is not loaded -- MarkM.
*/
r = ipf_read_random(key, ARC4_KEYBYTES);
GETKTIME(&tv_now);
MUTEX_ENTER(&arc4_mtx);
/* If r == 0 || -1, just use what was on the stack. */
if (r > 0) {
for (n = r; n < sizeof(key); n++)
key[n] = key[n % r];
}
for (n = 0; n < 256; n++) {
arc4_j = (arc4_j + arc4_sbox[n] + key[n]) % 256;
arc4_swap(&arc4_sbox[n], &arc4_sbox[arc4_j]);
}
/* Reset for next reseed cycle. */
arc4_t_reseed = tv_now.tv_sec + ARC4_RESEED_SECONDS;
arc4_numruns = 0;
/*
* Throw away the first N words of output, as suggested in the
* paper "Weaknesses in the Key Scheduling Algorithm of RC4"
* by Fluher, Mantin, and Shamir. (N = 256 in our case.)
*/
for (n = 0; n < 256*4; n++)
arc4_randbyte();
MUTEX_EXIT(&arc4_mtx);
}
/*
* Initialize our S-box to its beginning defaults.
*/
static void
arc4_init(void)
{
int n;
MD5Init(&md5ctx);
MUTEX_INIT(&arc4_mtx, "arc4_mtx");
arc4_i = arc4_j = 0;
for (n = 0; n < 256; n++)
arc4_sbox[n] = (u_int8_t) n;
arc4_t_reseed = 0;
}
/*
* Generate a random byte.
*/
static u_int8_t
arc4_randbyte(void)
{
u_int8_t arc4_t;
arc4_i = (arc4_i + 1) % 256;
arc4_j = (arc4_j + arc4_sbox[arc4_i]) % 256;
arc4_swap(&arc4_sbox[arc4_i], &arc4_sbox[arc4_j]);
arc4_t = (arc4_sbox[arc4_i] + arc4_sbox[arc4_j]) % 256;
return arc4_sbox[arc4_t];
}
/*
* MPSAFE
*/
void
arc4rand(void *ptr, u_int len, int reseed)
{
u_int8_t *p;
struct timeval tv;
GETKTIME(&tv);
if (reseed ||
(arc4_numruns > ARC4_RESEED_BYTES) ||
(tv.tv_sec > arc4_t_reseed))
arc4_randomstir();
MUTEX_ENTER(&arc4_mtx);
arc4_numruns += len;
p = ptr;
while (len--)
*p++ = arc4_randbyte();
MUTEX_EXIT(&arc4_mtx);
}
uint32_t
ipf_random(void)
{
uint32_t ret;
arc4rand(&ret, sizeof ret, 0);
return ret;
}
static u_char pot[ARC4_RESEED_BYTES];
static u_char *pothead = pot, *pottail = pot;
static int inpot = 0;
/*
* This is not very strong, and this is understood, but the aim isn't to
* be cryptographically strong - it is just to make up something that is
* pseudo random.
*/
void
ipf_rand_push(void *src, int length)
{
static int arc4_inited = 0;
u_char *nsrc;
int mylen;
if (arc4_inited == 0) {
arc4_init();
arc4_inited = 1;
}
if (length < 64) {
MD5Update(&md5ctx, src, length);
return;
}
nsrc = src;
mylen = length;
#if defined(_SYS_MD5_H) && defined(SOLARIS2)
# define buf buf_un.buf8
#endif
MUTEX_ENTER(&arc4_mtx);
while ((mylen > 64) && (sizeof(pot) - inpot > sizeof(md5ctx.buf))) {
MD5Update(&md5ctx, nsrc, 64);
mylen -= 64;
nsrc += 64;
if (pottail + sizeof(md5ctx.buf) > pot + sizeof(pot)) {
int left, numbytes;
numbytes = pot + sizeof(pot) - pottail;
bcopy(md5ctx.buf, pottail, numbytes);
left = sizeof(md5ctx.buf) - numbytes;
pottail = pot;
bcopy(md5ctx.buf + sizeof(md5ctx.buf) - left,
pottail, left);
pottail += left;
} else {
bcopy(md5ctx.buf, pottail, sizeof(md5ctx.buf));
pottail += sizeof(md5ctx.buf);
}
inpot += 64;
}
MUTEX_EXIT(&arc4_mtx);
#if defined(_SYS_MD5_H) && defined(SOLARIS2)
# undef buf
#endif
}
static int
ipf_read_random(void *dest, int length)
{
if (length > inpot)
return 0;
MUTEX_ENTER(&arc4_mtx);
if (pothead + length > pot + sizeof(pot)) {
int left, numbytes;
left = length;
numbytes = pot + sizeof(pot) - pothead;
bcopy(pothead, dest, numbytes);
left -= numbytes;
pothead = pot;
bcopy(pothead, dest + length - left, left);
pothead += left;
} else {
bcopy(pothead, dest, length);
pothead += length;
}
inpot -= length;
if (inpot == 0)
pothead = pottail = pot;
MUTEX_EXIT(&arc4_mtx);
return length;
}
#endif /* NEED_LOCAL_RAND */

452
contrib/ipfilter/bpf-ipf.h
View File

@ -1,452 +0,0 @@
/* $FreeBSD$ */
/*-
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* This code is derived from the Stanford/CMU enet packet filter,
* (net/enet.c) distributed as part of 4.3BSD, and code contributed
* to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
* Berkeley Laboratory.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
*
* @(#) $Header: /devel/CVS/IP-Filter/bpf-ipf.h,v 2.1 2002/10/26 12:14:26 darrenr Exp $ (LBL)
*/
#ifndef BPF_MAJOR_VERSION
#ifdef __cplusplus
extern "C" {
#endif
/* BSD style release date */
#define BPF_RELEASE 199606
typedef int bpf_int32;
typedef u_int bpf_u_int32;
/*
* Alignment macros. BPF_WORDALIGN rounds up to the next
* even multiple of BPF_ALIGNMENT.
*/
#ifndef __NetBSD__
#define BPF_ALIGNMENT sizeof(bpf_int32)
#else
#define BPF_ALIGNMENT sizeof(long)
#endif
#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
#define BPF_MAXINSNS 512
#define BPF_MAXBUFSIZE 0x8000
#define BPF_MINBUFSIZE 32
/*
* Structure for BIOCSETF.
*/
struct bpf_program {
u_int bf_len;
struct bpf_insn *bf_insns;
};
/*
* Struct returned by BIOCGSTATS.
*/
struct bpf_stat {
u_int bs_recv; /* number of packets received */
u_int bs_drop; /* number of packets dropped */
};
/*
* Struct return by BIOCVERSION. This represents the version number of
* the filter language described by the instruction encodings below.
* bpf understands a program iff kernel_major == filter_major &&
* kernel_minor >= filter_minor, that is, if the value returned by the
* running kernel has the same major number and a minor number equal
* equal to or less than the filter being downloaded. Otherwise, the
* results are undefined, meaning an error may be returned or packets
* may be accepted haphazardly.
* It has nothing to do with the source code version.
*/
struct bpf_version {
u_short bv_major;
u_short bv_minor;
};
/* Current version number of filter architecture. */
#define BPF_MAJOR_VERSION 1
#define BPF_MINOR_VERSION 1
/*
* BPF ioctls
*
* The first set is for compatibility with Sun's pcc style
* header files. If your using gcc, we assume that you
* have run fixincludes so the latter set should work.
*/
#if (defined(sun) || defined(ibm032)) && !defined(__GNUC__)
#define BIOCGBLEN _IOR(B,102, u_int)
#define BIOCSBLEN _IOWR(B,102, u_int)
#define BIOCSETF _IOW(B,103, struct bpf_program)
#define BIOCFLUSH _IO(B,104)
#define BIOCPROMISC _IO(B,105)
#define BIOCGDLT _IOR(B,106, u_int)
#define BIOCGETIF _IOR(B,107, struct ifreq)
#define BIOCSETIF _IOW(B,108, struct ifreq)
#define BIOCSRTIMEOUT _IOW(B,109, struct timeval)
#define BIOCGRTIMEOUT _IOR(B,110, struct timeval)
#define BIOCGSTATS _IOR(B,111, struct bpf_stat)
#define BIOCIMMEDIATE _IOW(B,112, u_int)
#define BIOCVERSION _IOR(B,113, struct bpf_version)
#define BIOCSTCPF _IOW(B,114, struct bpf_program)
#define BIOCSUDPF _IOW(B,115, struct bpf_program)
#else
#define BIOCGBLEN _IOR('B',102, u_int)
#define BIOCSBLEN _IOWR('B',102, u_int)
#define BIOCSETF _IOW('B',103, struct bpf_program)
#define BIOCFLUSH _IO('B',104)
#define BIOCPROMISC _IO('B',105)
#define BIOCGDLT _IOR('B',106, u_int)
#define BIOCGETIF _IOR('B',107, struct ifreq)
#define BIOCSETIF _IOW('B',108, struct ifreq)
#define BIOCSRTIMEOUT _IOW('B',109, struct timeval)
#define BIOCGRTIMEOUT _IOR('B',110, struct timeval)
#define BIOCGSTATS _IOR('B',111, struct bpf_stat)
#define BIOCIMMEDIATE _IOW('B',112, u_int)
#define BIOCVERSION _IOR('B',113, struct bpf_version)
#define BIOCSTCPF _IOW('B',114, struct bpf_program)
#define BIOCSUDPF _IOW('B',115, struct bpf_program)
#endif
/*
* Structure prepended to each packet.
*/
struct bpf_hdr {
struct timeval bh_tstamp; /* time stamp */
bpf_u_int32 bh_caplen; /* length of captured portion */
bpf_u_int32 bh_datalen; /* original length of packet */
u_short bh_hdrlen; /* length of bpf header (this struct
plus alignment padding) */
};
/*
* Because the structure above is not a multiple of 4 bytes, some compilers
* will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work.
* Only the kernel needs to know about it; applications use bh_hdrlen.
*/
#if defined(KERNEL) || defined(_KERNEL)
#define SIZEOF_BPF_HDR 18
#endif
/*
* Data-link level type codes.
*/
/*
* These are the types that are the same on all platforms; on other
* platforms, a <net/bpf.h> should be supplied that defines the additional
* DLT_* codes appropriately for that platform (the BSDs, for example,
* should not just pick up this version of "bpf.h"; they should also define
* the additional DLT_* codes used by their kernels, as well as the values
* defined here - and, if the values they use for particular DLT_ types
* differ from those here, they should use their values, not the ones
* here).
*/
#define DLT_NULL 0 /* no link-layer encapsulation */
#define DLT_EN10MB 1 /* Ethernet (10Mb) */
#define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */
#define DLT_AX25 3 /* Amateur Radio AX.25 */
#define DLT_PRONET 4 /* Proteon ProNET Token Ring */
#define DLT_CHAOS 5 /* Chaos */
#define DLT_IEEE802 6 /* IEEE 802 Networks */
#define DLT_ARCNET 7 /* ARCNET */
#define DLT_SLIP 8 /* Serial Line IP */
#define DLT_PPP 9 /* Point-to-point Protocol */
#define DLT_FDDI 10 /* FDDI */
/*
* These are values from the traditional libpcap "bpf.h".
* Ports of this to particular platforms should replace these definitions
* with the ones appropriate to that platform, if the values are
* different on that platform.
*/
#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
#define DLT_RAW 12 /* raw IP */
/*
* These are values from BSD/OS's "bpf.h".
* These are not the same as the values from the traditional libpcap
* "bpf.h"; however, these values shouldn't be generated by any
* OS other than BSD/OS, so the correct values to use here are the
* BSD/OS values.
*
* Platforms that have already assigned these values to other
* DLT_ codes, however, should give these codes the values
* from that platform, so that programs that use these codes will
* continue to compile - even though they won't correctly read
* files of these types.
*/
#ifdef __NetBSD__
#ifndef DLT_SLIP_BSDOS
#define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */
#endif
#else
#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
#endif
#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
/*
* These values are defined by NetBSD; other platforms should refrain from
* using them for other purposes, so that NetBSD savefiles with link
* types of 50 or 51 can be read as this type on all platforms.
*/
#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */
#define DLT_PPP_ETHER 51 /* PPP over Ethernet */
/*
* Values between 100 and 103 are used in capture file headers as
* link-layer types corresponding to DLT_ types that differ
* between platforms; don't use those values for new DLT_ new types.
*/
/*
* This value was defined by libpcap 0.5; platforms that have defined
* it with a different value should define it here with that value -
* a link type of 104 in a save file will be mapped to DLT_C_HDLC,
* whatever value that happens to be, so programs will correctly
* handle files with that link type regardless of the value of
* DLT_C_HDLC.
*
* The name DLT_C_HDLC was used by BSD/OS; we use that name for source
* compatibility with programs written for BSD/OS.
*
* libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
* for source compatibility with programs written for libpcap 0.5.
*/
#define DLT_C_HDLC 104 /* Cisco HDLC */
#define DLT_CHDLC DLT_C_HDLC
#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
/*
* Values between 106 and 107 are used in capture file headers as
* link-layer types corresponding to DLT_ types that might differ
* between platforms; don't use those values for new DLT_ new types.
*/
/*
* OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
* that the AF_ type in the link-layer header is in network byte order.
*
* OpenBSD defines it as 12, but that collides with DLT_RAW, so we
* define it as 108 here. If OpenBSD picks up this file, it should
* define DLT_LOOP as 12 in its version, as per the comment above -
* and should not use 108 as a DLT_ value.
*/
#define DLT_LOOP 108
/*
* Values between 109 and 112 are used in capture file headers as
* link-layer types corresponding to DLT_ types that might differ
* between platforms; don't use those values for new DLT_ types
* other than the corresponding DLT_ types.
*/
/*
* This is for Linux cooked sockets.
*/
#define DLT_LINUX_SLL 113
/*
* Apple LocalTalk hardware.
*/
#define DLT_LTALK 114
/*
* Acorn Econet.
*/
#define DLT_ECONET 115
/*
* Reserved for use with OpenBSD ipfilter.
*/
#define DLT_IPFILTER 116
/*
* Reserved for use in capture-file headers as a link-layer type
* corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD,
* but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it
* in capture-file headers.
*/
#define DLT_PFLOG 117
/*
* Registered for Cisco-internal use.
*/
#define DLT_CISCO_IOS 118
/*
* Reserved for 802.11 cards using the Prism II chips, with a link-layer
* header including Prism monitor mode information plus an 802.11
* header.
*/
#define DLT_PRISM_HEADER 119
/*
* Reserved for Aironet 802.11 cards, with an Aironet link-layer header
* (see Doug Ambrisko's FreeBSD patches).
*/
#define DLT_AIRONET_HEADER 120
/*
* Reserved for Siemens HiPath HDLC.
*/
#define DLT_HHDLC 121
/*
* Reserved for RFC 2625 IP-over-Fibre Channel, as per a request from
* Don Lee <donlee@cray.com>.
*
* This is not for use with raw Fibre Channel, where the link-layer
* header starts with a Fibre Channel frame header; it's for IP-over-FC,
* where the link-layer header starts with an RFC 2625 Network_Header
* field.
*/
#define DLT_IP_OVER_FC 122
/*
* The instruction encodings.
*/
/* instruction classes */
#define BPF_CLASS(code) ((code) & 0x07)
#define BPF_LD 0x00
#define BPF_LDX 0x01
#define BPF_ST 0x02
#define BPF_STX 0x03
#define BPF_ALU 0x04
#define BPF_JMP 0x05
#define BPF_RET 0x06
#define BPF_MISC 0x07
/* ld/ldx fields */
#define BPF_SIZE(code) ((code) & 0x18)
#define BPF_W 0x00
#define BPF_H 0x08
#define BPF_B 0x10
#define BPF_MODE(code) ((code) & 0xe0)
#define BPF_IMM 0x00
#define BPF_ABS 0x20
#define BPF_IND 0x40
#define BPF_MEM 0x60
#define BPF_LEN 0x80
#define BPF_MSH 0xa0
/* alu/jmp fields */
#define BPF_OP(code) ((code) & 0xf0)
#define BPF_ADD 0x00
#define BPF_SUB 0x10
#define BPF_MUL 0x20
#define BPF_DIV 0x30
#define BPF_OR 0x40
#define BPF_AND 0x50
#define BPF_LSH 0x60
#define BPF_RSH 0x70
#define BPF_NEG 0x80
#define BPF_JA 0x00
#define BPF_JEQ 0x10
#define BPF_JGT 0x20
#define BPF_JGE 0x30
#define BPF_JSET 0x40
#define BPF_SRC(code) ((code) & 0x08)
#define BPF_K 0x00
#define BPF_X 0x08
/* ret - BPF_K and BPF_X also apply */
#define BPF_RVAL(code) ((code) & 0x18)
#define BPF_A 0x10
/* misc */
#define BPF_MISCOP(code) ((code) & 0xf8)
#define BPF_TAX 0x00
#define BPF_TXA 0x80
/*
* The instruction data structure.
*/
struct bpf_insn {
u_short code;
u_char jt;
u_char jf;
bpf_int32 k;
};
/*
* Macros for insn array initializers.
*/
#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
#if defined(BSD) && (defined(KERNEL) || defined(_KERNEL))
/*
* Systems based on non-BSD kernels don't have ifnet's (or they don't mean
* anything if it is in <net/if.h>) and won't work like this.
*/
# if __STDC__
extern void bpf_tap(struct ifnet *, u_char *, u_int);
extern void bpf_mtap(struct ifnet *, struct mbuf *);
extern void bpfattach(struct ifnet *, u_int, u_int);
extern void bpfilterattach(int);
# else
extern void bpf_tap();
extern void bpf_mtap();
extern void bpfattach();
extern void bpfilterattach();
# endif /* __STDC__ */
#endif /* BSD && (_KERNEL || KERNEL) */
#if __STDC__ || defined(__cplusplus)
extern int bpf_validate(struct bpf_insn *, int);
extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
#else
extern int bpf_validate();
extern u_int bpf_filter();
#endif
/*
* Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
*/
#define BPF_MEMWORDS 16
#ifdef __cplusplus
}
#endif
#endif

595
contrib/ipfilter/bpf_filter.c
View File

@ -1,595 +0,0 @@
/* $FreeBSD$ */
/*-
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* This code is derived from the Stanford/CMU enet packet filter,
* (net/enet.c) distributed as part of 4.3BSD, and code contributed
* to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
* Berkeley Laboratory.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)bpf.c 7.5 (Berkeley) 7/15/91
*/
#if !(defined(lint) || defined(KERNEL) || defined(_KERNEL))
static const char rcsid[] =
"@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.3 2006/10/03 11:25:56 darrenr Exp $ (LBL)";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <net/if.h>
#include "netinet/ip_compat.h"
#include "bpf-ipf.h"
#if (defined(__hpux) || SOLARIS) && (defined(_KERNEL) || defined(KERNEL))
# include <sys/sysmacros.h>
# include <sys/stream.h>
#endif
#include "pcap-ipf.h"
#if !defined(KERNEL) && !defined(_KERNEL)
#include <stdlib.h>
#endif
#define int32 bpf_int32
#define u_int32 bpf_u_int32
static int m_xword __P((mb_t *, int, int *));
static int m_xhalf __P((mb_t *, int, int *));
#ifndef LBL_ALIGN
/*
* XXX - IA-64? If not, this probably won't work on Win64 IA-64
* systems, unless LBL_ALIGN is defined elsewhere for them.
* XXX - SuperH? If not, this probably won't work on WinCE SuperH
* systems, unless LBL_ALIGN is defined elsewhere for them.
*/
#if defined(sparc) || defined(__sparc__) || defined(mips) || \
defined(ibm032) || defined(__alpha) || defined(__hpux) || \
defined(__arm__)
#define LBL_ALIGN
#endif
#endif
#ifndef LBL_ALIGN
#define EXTRACT_SHORT(p) ((u_short)ntohs(*(u_short *)p))
#define EXTRACT_LONG(p) (ntohl(*(u_int32 *)p))
#else
#define EXTRACT_SHORT(p)\
((u_short)\
((u_short)*((u_char *)p+0)<<8|\
(u_short)*((u_char *)p+1)<<0))
#define EXTRACT_LONG(p)\
((u_int32)*((u_char *)p+0)<<24|\
(u_int32)*((u_char *)p+1)<<16|\
(u_int32)*((u_char *)p+2)<<8|\
(u_int32)*((u_char *)p+3)<<0)
#endif
#define MINDEX(len, _m, _k) \
{ \
len = M_LEN(m); \
while ((_k) >= len) { \
(_k) -= len; \
(_m) = (_m)->m_next; \
if ((_m) == 0) \
return 0; \
len = M_LEN(m); \
} \
}
static int
m_xword(m, k, err)
register mb_t *m;
register int k, *err;
{
register int len;
register u_char *cp, *np;
register mb_t *m0;
MINDEX(len, m, k);
cp = MTOD(m, u_char *) + k;
if (len - k >= 4) {
*err = 0;
return EXTRACT_LONG(cp);
}
m0 = m->m_next;
if (m0 == 0 || M_LEN(m0) + len - k < 4)
goto bad;
*err = 0;
np = MTOD(m0, u_char *);
switch (len - k) {
case 1:
return (cp[0] << 24) | (np[0] << 16) | (np[1] << 8) | np[2];
case 2:
return (cp[0] << 24) | (cp[1] << 16) | (np[0] << 8) | np[1];
default:
return (cp[0] << 24) | (cp[1] << 16) | (cp[2] << 8) | np[0];
}
bad:
*err = 1;
return 0;
}
static int
m_xhalf(m, k, err)
register mb_t *m;
register int k, *err;
{
register int len;
register u_char *cp;
register mb_t *m0;
MINDEX(len, m, k);
cp = MTOD(m, u_char *) + k;
if (len - k >= 2) {
*err = 0;
return EXTRACT_SHORT(cp);
}
m0 = m->m_next;
if (m0 == 0)
goto bad;
*err = 0;
return (cp[0] << 8) | MTOD(m0, u_char *)[0];
bad:
*err = 1;
return 0;
}
/*
* Execute the filter program starting at pc on the packet p
* wirelen is the length of the original packet
* buflen is the amount of data present
* For the kernel, p is assumed to be a pointer to an mbuf if buflen is 0,
* in all other cases, p is a pointer to a buffer and buflen is its size.
*/
u_int
bpf_filter(pc, p, wirelen, buflen)
register struct bpf_insn *pc;
register u_char *p;
u_int wirelen;
register u_int buflen;
{
register u_int32 A, X;
register int k;
int32 mem[BPF_MEMWORDS];
mb_t *m, *n;
int merr = 0; /* XXX: GCC */
int len;
if (buflen == 0) {
m = (mb_t *)p;
p = MTOD(m, u_char *);
buflen = M_LEN(m);
} else
m = NULL;
if (pc == 0)
/*
* No filter means accept all.
*/
return (u_int)-1;
A = 0;
X = 0;
--pc;
while (1) {
++pc;
switch (pc->code) {
default:
return 0;
case BPF_RET|BPF_K:
return (u_int)pc->k;
case BPF_RET|BPF_A:
return (u_int)A;
case BPF_LD|BPF_W|BPF_ABS:
k = pc->k;
if (k + sizeof(int32) > buflen) {
if (m == NULL)
return 0;
A = m_xword(m, k, &merr);
if (merr != 0)
return 0;
continue;
}
A = EXTRACT_LONG(&p[k]);
continue;
case BPF_LD|BPF_H|BPF_ABS:
k = pc->k;
if (k + sizeof(short) > buflen) {
if (m == NULL)
return 0;
A = m_xhalf(m, k, &merr);
if (merr != 0)
return 0;
continue;
}
A = EXTRACT_SHORT(&p[k]);
continue;
case BPF_LD|BPF_B|BPF_ABS:
k = pc->k;
if (k >= buflen) {
if (m == NULL)
return 0;
n = m;
MINDEX(len, n, k);
A = MTOD(n, u_char *)[k];
continue;
}
A = p[k];
continue;
case BPF_LD|BPF_W|BPF_LEN:
A = wirelen;
continue;
case BPF_LDX|BPF_W|BPF_LEN:
X = wirelen;
continue;
case BPF_LD|BPF_W|BPF_IND:
k = X + pc->k;
if (k + sizeof(int32) > buflen) {
if (m == NULL)
return 0;
A = m_xword(m, k, &merr);
if (merr != 0)
return 0;
continue;
}
A = EXTRACT_LONG(&p[k]);
continue;
case BPF_LD|BPF_H|BPF_IND:
k = X + pc->k;
if (k + sizeof(short) > buflen) {
if (m == NULL)
return 0;
A = m_xhalf(m, k, &merr);
if (merr != 0)
return 0;
continue;
}
A = EXTRACT_SHORT(&p[k]);
continue;
case BPF_LD|BPF_B|BPF_IND:
k = X + pc->k;
if (k >= buflen) {
if (m == NULL)
return 0;
n = m;
MINDEX(len, n, k);
A = MTOD(n, u_char *)[k];
continue;
}
A = p[k];
continue;
case BPF_LDX|BPF_MSH|BPF_B:
k = pc->k;
if (k >= buflen) {
if (m == NULL)
return 0;
n = m;
MINDEX(len, n, k);
X = (MTOD(n, char *)[k] & 0xf) << 2;
continue;
}
X = (p[pc->k] & 0xf) << 2;
continue;
case BPF_LD|BPF_IMM:
A = pc->k;
continue;
case BPF_LDX|BPF_IMM:
X = pc->k;
continue;
case BPF_LD|BPF_MEM:
A = mem[pc->k];
continue;
case BPF_LDX|BPF_MEM:
X = mem[pc->k];
continue;
case BPF_ST:
mem[pc->k] = A;
continue;
case BPF_STX:
mem[pc->k] = X;
continue;
case BPF_JMP|BPF_JA:
pc += pc->k;
continue;
case BPF_JMP|BPF_JGT|BPF_K:
pc += (A > pc->k) ? pc->jt : pc->jf;
continue;
case BPF_JMP|BPF_JGE|BPF_K:
pc += (A >= pc->k) ? pc->jt : pc->jf;
continue;
case BPF_JMP|BPF_JEQ|BPF_K:
pc += (A == pc->k) ? pc->jt : pc->jf;
continue;
case BPF_JMP|BPF_JSET|BPF_K:
pc += (A & pc->k) ? pc->jt : pc->jf;
continue;
case BPF_JMP|BPF_JGT|BPF_X:
pc += (A > X) ? pc->jt : pc->jf;
continue;
case BPF_JMP|BPF_JGE|BPF_X:
pc += (A >= X) ? pc->jt : pc->jf;
continue;
case BPF_JMP|BPF_JEQ|BPF_X:
pc += (A == X) ? pc->jt : pc->jf;
continue;
case BPF_JMP|BPF_JSET|BPF_X:
pc += (A & X) ? pc->jt : pc->jf;
continue;
case BPF_ALU|BPF_ADD|BPF_X:
A += X;
continue;
case BPF_ALU|BPF_SUB|BPF_X:
A -= X;
continue;
case BPF_ALU|BPF_MUL|BPF_X:
A *= X;
continue;
case BPF_ALU|BPF_DIV|BPF_X:
if (X == 0)
return 0;
A /= X;
continue;
case BPF_ALU|BPF_AND|BPF_X:
A &= X;
continue;
case BPF_ALU|BPF_OR|BPF_X:
A |= X;
continue;
case BPF_ALU|BPF_LSH|BPF_X:
A <<= X;
continue;
case BPF_ALU|BPF_RSH|BPF_X:
A >>= X;
continue;
case BPF_ALU|BPF_ADD|BPF_K:
A += pc->k;
continue;
case BPF_ALU|BPF_SUB|BPF_K:
A -= pc->k;
continue;
case BPF_ALU|BPF_MUL|BPF_K:
A *= pc->k;
continue;
case BPF_ALU|BPF_DIV|BPF_K:
A /= pc->k;
continue;
case BPF_ALU|BPF_AND|BPF_K:
A &= pc->k;
continue;
case BPF_ALU|BPF_OR|BPF_K:
A |= pc->k;
continue;
case BPF_ALU|BPF_LSH|BPF_K:
A <<= pc->k;
continue;
case BPF_ALU|BPF_RSH|BPF_K:
A >>= pc->k;
continue;
case BPF_ALU|BPF_NEG:
A = -A;
continue;
case BPF_MISC|BPF_TAX:
X = A;
continue;
case BPF_MISC|BPF_TXA:
A = X;
continue;
}
}
}
/*
* Return true if the 'fcode' is a valid filter program.
* The constraints are that each jump be forward and to a valid
* code, that memory accesses are within valid ranges (to the
* extent that this can be checked statically; loads of packet
* data have to be, and are, also checked at run time), and that
* the code terminates with either an accept or reject.
*
* The kernel needs to be able to verify an application's filter code.
* Otherwise, a bogus program could easily crash the system.
*/
int
bpf_validate(f, len)
struct bpf_insn *f;
int len;
{
u_int i, from;
const struct bpf_insn *p;
if (len == 0)
return 1;
if (len < 1 || len > BPF_MAXINSNS)
return 0;
for (i = 0; i < len; ++i) {
p = &f[i];
switch (BPF_CLASS(p->code)) {
/*
* Check that memory operations use valid addresses.
*/
case BPF_LD:
case BPF_LDX:
switch (BPF_MODE(p->code)) {
case BPF_IMM:
break;
case BPF_ABS:
case BPF_IND:
case BPF_MSH:
/*
* More strict check with actual packet length
* is done runtime.
*/
#if 0
if (p->k >= bpf_maxbufsize)
return 0;
#endif
break;
case BPF_MEM:
if (p->k >= BPF_MEMWORDS)
return 0;
break;
case BPF_LEN:
break;
default:
return 0;
}
break;
case BPF_ST:
case BPF_STX:
if (p->k >= BPF_MEMWORDS)
return 0;
break;
case BPF_ALU:
switch (BPF_OP(p->code)) {
case BPF_ADD:
case BPF_SUB:
case BPF_OR:
case BPF_AND:
case BPF_LSH:
case BPF_RSH:
case BPF_NEG:
break;
case BPF_DIV:
/*
* Check for constant division by 0.
*/
if (BPF_RVAL(p->code) == BPF_K && p->k == 0)
return 0;
default:
return 0;
}
break;
case BPF_JMP:
/*
* Check that jumps are within the code block,
* and that unconditional branches don't go
* backwards as a result of an overflow.
* Unconditional branches have a 32-bit offset,
* so they could overflow; we check to make
* sure they don't. Conditional branches have
* an 8-bit offset, and the from address is <=
* BPF_MAXINSNS, and we assume that BPF_MAXINSNS
* is sufficiently small that adding 255 to it
* won't overflow.
*
* We know that len is <= BPF_MAXINSNS, and we
* assume that BPF_MAXINSNS is < the maximum size
* of a u_int, so that i + 1 doesn't overflow.
*/
from = i + 1;
switch (BPF_OP(p->code)) {
case BPF_JA:
if (from + p->k < from || from + p->k >= len)
return 0;
break;
case BPF_JEQ:
case BPF_JGT:
case BPF_JGE:
case BPF_JSET:
if (from + p->jt >= len || from + p->jf >= len)
return 0;
break;
default:
return 0;
}
break;
case BPF_RET:
break;
case BPF_MISC:
break;
default:
return 0;
}
}
return BPF_CLASS(f[len - 1].code) == BPF_RET;
}

68
contrib/ipfilter/genmask.c
View File

@ -1,68 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
int genmask(family, msk, mskp)
int family;
char *msk;
i6addr_t *mskp;
{
char *endptr = 0L;
u_32_t addr;
int bits;
if (strchr(msk, '.') || strchr(msk, 'x') || strchr(msk, ':')) {
/* possibly of the form xxx.xxx.xxx.xxx
* or 0xYYYYYYYY */
switch (family)
{
#ifdef USE_INET6
case AF_INET6 :
if (inet_pton(AF_INET6, msk, &mskp->in4) != 1)
return -1;
break;
#endif
case AF_INET :
if (inet_aton(msk, &mskp->in4) == 0)
return -1;
break;
default :
return -1;
/*NOTREACHED*/
}
} else {
/*
* set x most significant bits
*/
bits = (int)strtol(msk, &endptr, 0);
switch (family)
{
case AF_INET6 :
if ((*endptr != '\0') || (bits < 0) || (bits > 128))
return -1;
fill6bits(bits, mskp->i6);
break;
case AF_INET :
if (*endptr != '\0' || bits > 32 || bits < 0)
return -1;
if (bits == 0)
addr = 0;
else
addr = htonl(0xffffffff << (32 - bits));
mskp->in4.s_addr = addr;
break;
default :
return -1;
/*NOTREACHED*/
}
}
return 0;
}

1351
contrib/ipfilter/ip_dstlist.c
View File

File diff suppressed because it is too large Load Diff

68
contrib/ipfilter/ip_dstlist.h
View File

@ -1,68 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: ip_dstlist.h,v 1.5.2.6 2012/07/22 08:04:23 darren_r Exp $
*/
#ifndef __IP_DSTLIST_H__
#define __IP_DSTLIST_H__
typedef struct ipf_dstnode {
struct ipf_dstnode *ipfd_next;
struct ipf_dstnode **ipfd_pnext;
ipfmutex_t ipfd_lock;
frdest_t ipfd_dest;
u_long ipfd_syncat;
int ipfd_flags;
int ipfd_size;
int ipfd_states;
int ipfd_ref;
int ipfd_uid;
char ipfd_names[1];
} ipf_dstnode_t;
typedef enum ippool_policy_e {
IPLDP_NONE = 0,
IPLDP_ROUNDROBIN,
IPLDP_CONNECTION,
IPLDP_RANDOM,
IPLDP_HASHED,
IPLDP_SRCHASH,
IPLDP_DSTHASH
} ippool_policy_t;
typedef struct ippool_dst {
struct ippool_dst *ipld_next;
struct ippool_dst **ipld_pnext;
ipfmutex_t ipld_lock;
int ipld_seed;
int ipld_unit;
int ipld_ref;
int ipld_flags;
int ipld_nodes;
int ipld_maxnodes;
ippool_policy_t ipld_policy;
ipf_dstnode_t **ipld_dests;
ipf_dstnode_t *ipld_selected;
char ipld_name[FR_GROUPLEN];
} ippool_dst_t;
#define IPDST_DELETE 0x01
typedef struct dstlist_stat_s {
void *ipls_list[LOOKUP_POOL_SZ];
int ipls_numlists;
u_long ipls_nomem;
int ipls_numnodes;
int ipls_numdereflists;
int ipls_numderefnodes;
} ipf_dstl_stat_t;
extern ipf_lookup_t ipf_dstlist_backend;
extern int ipf_dstlist_select_node __P((fr_info_t *, void *, u_32_t *,
frdest_t *));
#endif /* __IP_DSTLIST_H__ */

884
contrib/ipfilter/ip_fil.c
View File

@ -1,884 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include "ipf.h"
#include "md5.h"
#include "ipt.h"
ipf_main_softc_t ipfmain;
static struct ifnet **ifneta = NULL;
static int nifs = 0;
struct rtentry;
static void ipf_setifpaddr __P((struct ifnet *, char *));
void init_ifp __P((void));
#if defined(__sgi) && (IRIX < 60500)
static int no_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *));
static int write_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *));
#else
# if TRU64 >= 1885
static int no_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *, char *));
static int write_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *, char *));
# else
static int no_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *));
static int write_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *));
# endif
#endif
struct ifaddr {
struct sockaddr_storage ifa_addr;
};
int
ipfattach(softc)
ipf_main_softc_t *softc;
{
return 0;
}
int
ipfdetach(softc)
ipf_main_softc_t *softc;
{
return 0;
}
/*
* Filter ioctl interface.
*/
int
ipfioctl(softc, dev, cmd, data, mode)
ipf_main_softc_t *softc;
int dev;
ioctlcmd_t cmd;
caddr_t data;
int mode;
{
int error = 0, unit = 0, uid;
uid = getuid();
unit = dev;
SPL_NET(s);
error = ipf_ioctlswitch(softc, unit, data, cmd, mode, uid, NULL);
if (error != -1) {
SPL_X(s);
return error;
}
SPL_X(s);
return error;
}
void
ipf_forgetifp(softc, ifp)
ipf_main_softc_t *softc;
void *ifp;
{
register frentry_t *f;
WRITE_ENTER(&softc->ipf_mutex);
for (f = softc->ipf_acct[0][softc->ipf_active]; (f != NULL);
f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
for (f = softc->ipf_acct[1][softc->ipf_active]; (f != NULL);
f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
for (f = softc->ipf_rules[0][softc->ipf_active]; (f != NULL);
f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
for (f = softc->ipf_rules[1][softc->ipf_active]; (f != NULL);
f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
RWLOCK_EXIT(&softc->ipf_mutex);
ipf_nat_sync(softc, ifp);
ipf_lookup_sync(softc, ifp);
}
static int
#if defined(__sgi) && (IRIX < 60500)
no_output(ifp, m, s)
#else
# if TRU64 >= 1885
no_output (ifp, m, s, rt, cp)
char *cp;
# else
no_output(ifp, m, s, rt)
# endif
struct rtentry *rt;
#endif
struct ifnet *ifp;
struct mbuf *m;
struct sockaddr *s;
{
return 0;
}
static int
#if defined(__sgi) && (IRIX < 60500)
write_output(ifp, m, s)
#else
# if TRU64 >= 1885
write_output (ifp, m, s, rt, cp)
char *cp;
# else
write_output(ifp, m, s, rt)
# endif
struct rtentry *rt;
#endif
struct ifnet *ifp;
struct mbuf *m;
struct sockaddr *s;
{
char fname[32];
mb_t *mb;
ip_t *ip;
int fd;
mb = (mb_t *)m;
ip = MTOD(mb, ip_t *);
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
sprintf(fname, "/tmp/%s", ifp->if_xname);
#else
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
#endif
fd = open(fname, O_WRONLY|O_APPEND);
if (fd == -1) {
perror("open");
return -1;
}
write(fd, (char *)ip, ntohs(ip->ip_len));
close(fd);
return 0;
}
static void
ipf_setifpaddr(ifp, addr)
struct ifnet *ifp;
char *addr;
{
#ifdef __sgi
struct in_ifaddr *ifa;
#else
struct ifaddr *ifa;
#endif
#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__)
if (ifp->if_addrlist.tqh_first != NULL)
#else
# ifdef __sgi
if (ifp->in_ifaddr != NULL)
# else
if (ifp->if_addrlist != NULL)
# endif
#endif
return;
ifa = (struct ifaddr *)malloc(sizeof(*ifa));
#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__)
ifp->if_addrlist.tqh_first = ifa;
#else
# ifdef __sgi
ifp->in_ifaddr = ifa;
# else
ifp->if_addrlist = ifa;
# endif
#endif
if (ifa != NULL) {
struct sockaddr_in *sin;
#ifdef __sgi
sin = (struct sockaddr_in *)&ifa->ia_addr;
#else
sin = (struct sockaddr_in *)&ifa->ifa_addr;
#endif
#ifdef USE_INET6
if (index(addr, ':') != NULL) {
struct sockaddr_in6 *sin6;
sin6 = (struct sockaddr_in6 *)&ifa->ifa_addr;
sin6->sin6_family = AF_INET6;
/* Abort if bad address. */
switch (inet_pton(AF_INET6, addr, &sin6->sin6_addr))
{
case 1:
break;
case -1:
perror("inet_pton");
abort();
break;
default:
abort();
break;
}
} else
#endif
{
sin->sin_family = AF_INET;
sin->sin_addr.s_addr = inet_addr(addr);
if (sin->sin_addr.s_addr == 0)
abort();
}
}
}
struct ifnet *
get_unit(name, family)
char *name;
int family;
{
struct ifnet *ifp, **ifpp, **old_ifneta;
char *addr;
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
if (!*name)
return NULL;
if (name == NULL)
name = "anon0";
addr = strchr(name, '=');
if (addr != NULL)
*addr++ = '\0';
for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {
if (!strcmp(name, ifp->if_xname)) {
if (addr != NULL)
ipf_setifpaddr(ifp, addr);
return ifp;
}
}
#else
char *s, ifname[LIFNAMSIZ+1];
if (name == NULL)
name = "anon0";
addr = strchr(name, '=');
if (addr != NULL)
*addr++ = '\0';
for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {
COPYIFNAME(family, ifp, ifname);
if (!strcmp(name, ifname)) {
if (addr != NULL)
ipf_setifpaddr(ifp, addr);
return ifp;
}
}
#endif
if (!ifneta) {
ifneta = (struct ifnet **)malloc(sizeof(ifp) * 2);
if (!ifneta)
return NULL;
ifneta[1] = NULL;
ifneta[0] = (struct ifnet *)calloc(1, sizeof(*ifp));
if (!ifneta[0]) {
free(ifneta);
return NULL;
}
nifs = 1;
} else {
old_ifneta = ifneta;
nifs++;
ifneta = (struct ifnet **)realloc(ifneta,
(nifs + 1) * sizeof(ifp));
if (!ifneta) {
free(old_ifneta);
nifs = 0;
return NULL;
}
ifneta[nifs] = NULL;
ifneta[nifs - 1] = (struct ifnet *)malloc(sizeof(*ifp));
if (!ifneta[nifs - 1]) {
nifs--;
return NULL;
}
}
ifp = ifneta[nifs - 1];
#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__)
TAILQ_INIT(&ifp->if_addrlist);
#endif
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
(void) strncpy(ifp->if_xname, name, sizeof(ifp->if_xname));
#else
s = name + strlen(name) - 1;
for (; s > name; s--) {
if (!ISDIGIT(*s)) {
s++;
break;
}
}
if ((s > name) && (*s != 0) && ISDIGIT(*s)) {
ifp->if_unit = atoi(s);
ifp->if_name = (char *)malloc(s - name + 1);
(void) strncpy(ifp->if_name, name, s - name);
ifp->if_name[s - name] = '\0';
} else {
ifp->if_name = strdup(name);
ifp->if_unit = -1;
}
#endif
ifp->if_output = (void *)no_output;
if (addr != NULL) {
ipf_setifpaddr(ifp, addr);
}
return ifp;
}
char *
get_ifname(ifp)
struct ifnet *ifp;
{
static char ifname[LIFNAMSIZ];
#if defined(__OpenBSD__) || defined(__NetBSD__) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
sprintf(ifname, "%s", ifp->if_xname);
#else
if (ifp->if_unit != -1)
sprintf(ifname, "%s%d", ifp->if_name, ifp->if_unit);
else
strcpy(ifname, ifp->if_name);
#endif
return ifname;
}
void
init_ifp()
{
struct ifnet *ifp, **ifpp;
char fname[32];
int fd;
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {
ifp->if_output = (void *)write_output;
sprintf(fname, "/tmp/%s", ifp->if_xname);
fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600);
if (fd == -1)
perror("open");
else
close(fd);
}
#else
for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {
ifp->if_output = (void *)write_output;
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600);
if (fd == -1)
perror("open");
else
close(fd);
}
#endif
}
int
ipf_fastroute(m, mpp, fin, fdp)
mb_t *m, **mpp;
fr_info_t *fin;
frdest_t *fdp;
{
struct ifnet *ifp;
ip_t *ip = fin->fin_ip;
frdest_t node;
int error = 0;
frentry_t *fr;
void *sifp;
int sout;
sifp = fin->fin_ifp;
sout = fin->fin_out;
fr = fin->fin_fr;
ip->ip_sum = 0;
if (!(fr->fr_flags & FR_KEEPSTATE) && (fdp != NULL) &&
(fdp->fd_type == FRD_DSTLIST)) {
bzero(&node, sizeof(node));
ipf_dstlist_select_node(fin, fdp->fd_ptr, NULL, &node);
fdp = &node;
}
ifp = fdp->fd_ptr;
if (ifp == NULL)
return 0; /* no routing table out here */
if (fin->fin_out == 0) {
fin->fin_ifp = ifp;
fin->fin_out = 1;
(void) ipf_acctpkt(fin, NULL);
fin->fin_fr = NULL;
if (!fr || !(fr->fr_flags & FR_RETMASK)) {
u_32_t pass;
(void) ipf_state_check(fin, &pass);
}
switch (ipf_nat_checkout(fin, NULL))
{
case 0 :
break;
case 1 :
ip->ip_sum = 0;
break;
case -1 :
error = -1;
goto done;
break;
}
}
m->mb_ifp = ifp;
printpacket(fin->fin_out, m);
#if defined(__sgi) && (IRIX < 60500)
(*ifp->if_output)(ifp, (void *)ip, NULL);
# if TRU64 >= 1885
(*ifp->if_output)(ifp, (void *)m, NULL, 0, 0);
# else
(*ifp->if_output)(ifp, (void *)m, NULL, 0);
# endif
#endif
done:
fin->fin_ifp = sifp;
fin->fin_out = sout;
return error;
}
int
ipf_send_reset(fin)
fr_info_t *fin;
{
ipfkverbose("- TCP RST sent\n");
return 0;
}
int
ipf_send_icmp_err(type, fin, dst)
int type;
fr_info_t *fin;
int dst;
{
ipfkverbose("- ICMP unreachable sent\n");
return 0;
}
void
m_freem(m)
mb_t *m;
{
return;
}
void
m_copydata(m, off, len, cp)
mb_t *m;
int off, len;
caddr_t cp;
{
bcopy((char *)m + off, cp, len);
}
int
ipfuiomove(buf, len, rwflag, uio)
caddr_t buf;
int len, rwflag;
struct uio *uio;
{
int left, ioc, num, offset;
struct iovec *io;
char *start;
if (rwflag == UIO_READ) {
left = len;
ioc = 0;
offset = uio->uio_offset;
while ((left > 0) && (ioc < uio->uio_iovcnt)) {
io = uio->uio_iov + ioc;
num = io->iov_len;
if (num > left)
num = left;
start = (char *)io->iov_base + offset;
if (start > (char *)io->iov_base + io->iov_len) {
offset -= io->iov_len;
ioc++;
continue;
}
bcopy(buf, start, num);
uio->uio_resid -= num;
uio->uio_offset += num;
left -= num;
if (left > 0)
ioc++;
}
if (left > 0)
return EFAULT;
}
return 0;
}
u_32_t
ipf_newisn(fin)
fr_info_t *fin;
{
static int iss_seq_off = 0;
u_char hash[16];
u_32_t newiss;
MD5_CTX ctx;
/*
* Compute the base value of the ISS. It is a hash
* of (saddr, sport, daddr, dport, secret).
*/
MD5Init(&ctx);
MD5Update(&ctx, (u_char *) &fin->fin_fi.fi_src,
sizeof(fin->fin_fi.fi_src));
MD5Update(&ctx, (u_char *) &fin->fin_fi.fi_dst,
sizeof(fin->fin_fi.fi_dst));
MD5Update(&ctx, (u_char *) &fin->fin_dat, sizeof(fin->fin_dat));
/* MD5Update(&ctx, ipf_iss_secret, sizeof(ipf_iss_secret)); */
MD5Final(hash, &ctx);
memcpy(&newiss, hash, sizeof(newiss));
/*
* Now increment our "timer", and add it in to
* the computed value.
*
* XXX Use `addin'?
* XXX TCP_ISSINCR too large to use?
*/
iss_seq_off += 0x00010000;
newiss += iss_seq_off;
return newiss;
}
/* ------------------------------------------------------------------------ */
/* Function: ipf_nextipid */
/* Returns: int - 0 == success, -1 == error (packet should be droppped) */
/* Parameters: fin(I) - pointer to packet information */
/* */
/* Returns the next IPv4 ID to use for this packet. */
/* ------------------------------------------------------------------------ */
INLINE u_short
ipf_nextipid(fin)
fr_info_t *fin;
{
static u_short ipid = 0;
ipf_main_softc_t *softc = fin->fin_main_soft;
u_short id;
MUTEX_ENTER(&softc->ipf_rw);
if (fin->fin_pktnum != 0) {
/*
* The -1 is for aligned test results.
*/
id = (fin->fin_pktnum - 1) & 0xffff;
} else {
}
id = ipid++;
MUTEX_EXIT(&softc->ipf_rw);
return id;
}
INLINE int
ipf_checkv4sum(fin)
fr_info_t *fin;
{
if (fin->fin_flx & FI_SHORT)
return 1;
if (ipf_checkl4sum(fin) == -1) {
fin->fin_flx |= FI_BAD;
return -1;
}
return 0;
}
#ifdef USE_INET6
INLINE int
ipf_checkv6sum(fin)
fr_info_t *fin;
{
if (fin->fin_flx & FI_SHORT)
return 1;
if (ipf_checkl4sum(fin) == -1) {
fin->fin_flx |= FI_BAD;
return -1;
}
return 0;
}
#endif
#if 0
/*
* See above for description, except that all addressing is in user space.
*/
int
copyoutptr(softc, src, dst, size)
void *src, *dst;
size_t size;
{
caddr_t ca;
bcopy(dst, (char *)&ca, sizeof(ca));
bcopy(src, ca, size);
return 0;
}
/*
* See above for description, except that all addressing is in user space.
*/
int
copyinptr(src, dst, size)
void *src, *dst;
size_t size;
{
caddr_t ca;
bcopy(src, (char *)&ca, sizeof(ca));
bcopy(ca, dst, size);
return 0;
}
#endif
/*
* return the first IP Address associated with an interface
*/
int
ipf_ifpaddr(softc, v, atype, ifptr, inp, inpmask)
ipf_main_softc_t *softc;
int v, atype;
void *ifptr;
i6addr_t *inp, *inpmask;
{
struct ifnet *ifp = ifptr;
#ifdef __sgi
struct in_ifaddr *ifa;
#else
struct ifaddr *ifa;
#endif
#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__)
ifa = ifp->if_addrlist.tqh_first;
#else
# ifdef __sgi
ifa = (struct in_ifaddr *)ifp->in_ifaddr;
# else
ifa = ifp->if_addrlist;
# endif
#endif
if (ifa != NULL) {
if (v == 4) {
struct sockaddr_in *sin, mask;
mask.sin_addr.s_addr = 0xffffffff;
#ifdef __sgi
sin = (struct sockaddr_in *)&ifa->ia_addr;
#else
sin = (struct sockaddr_in *)&ifa->ifa_addr;
#endif
return ipf_ifpfillv4addr(atype, sin, &mask,
&inp->in4, &inpmask->in4);
}
#ifdef USE_INET6
if (v == 6) {
struct sockaddr_in6 *sin6, mask;
sin6 = (struct sockaddr_in6 *)&ifa->ifa_addr;
((i6addr_t *)&mask.sin6_addr)->i6[0] = 0xffffffff;
((i6addr_t *)&mask.sin6_addr)->i6[1] = 0xffffffff;
((i6addr_t *)&mask.sin6_addr)->i6[2] = 0xffffffff;
((i6addr_t *)&mask.sin6_addr)->i6[3] = 0xffffffff;
return ipf_ifpfillv6addr(atype, sin6, &mask,
inp, inpmask);
}
#endif
}
return 0;
}
/*
* This function is not meant to be random, rather just produce a
* sequence of numbers that isn't linear to show "randomness".
*/
u_32_t
ipf_random()
{
static unsigned int last = 0xa5a5a5a5;
static int calls = 0;
int number;
calls++;
/*
* These are deliberately chosen to ensure that there is some
* attempt to test whether the output covers the range in test n18.
*/
switch (calls)
{
case 1 :
number = 0;
break;
case 2 :
number = 4;
break;
case 3 :
number = 3999;
break;
case 4 :
number = 4000;
break;
case 5 :
number = 48999;
break;
case 6 :
number = 49000;
break;
default :
number = last;
last *= calls;
last++;
number ^= last;
break;
}
return number;
}
int
ipf_verifysrc(fin)
fr_info_t *fin;
{
return 1;
}
int
ipf_inject(fin, m)
fr_info_t *fin;
mb_t *m;
{
FREE_MB_T(m);
return 0;
}
u_int
ipf_pcksum(fin, hlen, sum)
fr_info_t *fin;
int hlen;
u_int sum;
{
u_short *sp;
u_int sum2;
int slen;
slen = fin->fin_plen - hlen;
sp = (u_short *)((u_char *)fin->fin_ip + hlen);
for (; slen > 1; slen -= 2)
sum += *sp++;
if (slen)
sum += ntohs(*(u_char *)sp << 8);
while (sum > 0xffff)
sum = (sum & 0xffff) + (sum >> 16);
sum2 = (u_short)(~sum & 0xffff);
return sum2;
}
void *
ipf_pullup(m, fin, plen)
mb_t *m;
fr_info_t *fin;
int plen;
{
if (M_LEN(m) >= plen)
return fin->fin_ip;
/*
* Fake ipf_pullup failing
*/
fin->fin_reason = FRB_PULLUP;
*fin->fin_mp = NULL;
fin->fin_m = NULL;
fin->fin_ip = NULL;
return NULL;
}

4854
contrib/ipfilter/ip_fil_compat.c
View File

File diff suppressed because it is too large Load Diff

328
contrib/ipfilter/ip_msnrpc_pxy.c
View File

@ -1,328 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2003 by Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Simple DCE transparent proxy for MSN RPC.
*
* ******* NOTE: THIS PROXY DOES NOT DO ADDRESS TRANSLATION ********
*
* Id: ip_msnrpc_pxy.c,v 2.17.2.1 2005/02/04 10:22:55 darrenr Exp
*/
#define IPF_MSNRPC_PROXY
#define IPF_MINMSNRPCLEN 24
#define IPF_MSNRPCSKIP (2 + 19 + 2 + 2 + 2 + 19 + 2 + 2)
typedef struct msnrpchdr {
u_char mrh_major; /* major # == 5 */
u_char mrh_minor; /* minor # == 0 */
u_char mrh_type;
u_char mrh_flags;
u_32_t mrh_endian;
u_short mrh_dlen; /* data size */
u_short mrh_alen; /* authentication length */
u_32_t mrh_cid; /* call identifier */
u_32_t mrh_hint; /* allocation hint */
u_short mrh_ctxt; /* presentation context hint */
u_char mrh_ccnt; /* cancel count */
u_char mrh_ans;
} msnrpchdr_t;
int ippr_msnrpc_init __P((void));
void ippr_msnrpc_fini __P((void));
int ippr_msnrpc_new __P((fr_info_t *, ap_session_t *, nat_t *));
int ippr_msnrpc_out __P((fr_info_t *, ap_session_t *, nat_t *));
int ippr_msnrpc_in __P((fr_info_t *, ap_session_t *, nat_t *));
int ippr_msnrpc_check __P((ip_t *, msnrpchdr_t *));
static frentry_t msnfr;
int msn_proxy_init = 0;
/*
* Initialize local structures.
*/
int ippr_msnrpc_init()
{
bzero((char *)&msnfr, sizeof(msnfr));
msnfr.fr_ref = 1;
msnfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
MUTEX_INIT(&msnfr.fr_lock, "MSN RPC proxy rule lock");
msn_proxy_init = 1;
return 0;
}
void ippr_msnrpc_fini()
{
if (msn_proxy_init == 1) {
MUTEX_DESTROY(&msnfr.fr_lock);
msn_proxy_init = 0;
}
}
int ippr_msnrpc_new(fin, aps, nat)
fr_info_t *fin;
ap_session_t *aps;
nat_t *nat;
{
msnrpcinfo_t *mri;
KMALLOC(mri, msnrpcinfo_t *);
if (mri == NULL)
return -1;
aps->aps_data = mri;
aps->aps_psiz = sizeof(msnrpcinfo_t);
bzero((char *)mri, sizeof(*mri));
mri->mri_cmd[0] = 0xff;
mri->mri_cmd[1] = 0xff;
return 0;
}
int ippr_msnrpc_check(ip, mrh)
ip_t *ip;
msnrpchdr_t *mrh;
{
if (mrh->mrh_major != 5)
return -1;
if (mrh->mrh_minor != 0)
return -1;
if (mrh->mrh_alen != 0)
return -1;
if (mrh->mrh_endian == 0x10) {
/* Both gateway and packet match endian */
if (mrh->mrh_dlen > ip->ip_len)
return -1;
if (mrh->mrh_type == 0 || mrh->mrh_type == 2)
if (mrh->mrh_hint > ip->ip_len)
return -1;
} else if (mrh->mrh_endian == 0x10000000) {
/* XXX - Endian mismatch - should be swapping! */
return -1;
} else {
return -1;
}
return 0;
}
int ippr_msnrpc_out(fin, ip, aps, nat)
fr_info_t *fin;
ip_t *ip;
ap_session_t *aps;
nat_t *nat;
{
msnrpcinfo_t *mri;
msnrpchdr_t *mrh;
tcphdr_t *tcp;
int dlen;
mri = aps->aps_data;
if (mri == NULL)
return 0;
tcp = (tcphdr_t *)fin->fin_dp;
dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2);
if (dlen < IPF_MINMSNRPCLEN)
return 0;
mrh = (msnrpchdr_t *)((char *)tcp + (TCP_OFF(tcp) << 2));
if (ippr_msnrpc_check(ip, mrh))
return 0;
mri->mri_valid++;
switch (mrh->mrh_type)
{
case 0x0b : /* BIND */
case 0x00 : /* REQUEST */
break;
case 0x0c : /* BIND ACK */
case 0x02 : /* RESPONSE */
default:
return 0;
}
mri->mri_cmd[1] = mrh->mrh_type;
return 0;
}
int ippr_msnrpc_in(fin, ip, aps, nat)
fr_info_t *fin;
ip_t *ip;
ap_session_t *aps;
nat_t *nat;
{
tcphdr_t *tcp, tcph, *tcp2 = &tcph;
int dlen, sz, sz2, i;
msnrpcinfo_t *mri;
msnrpchdr_t *mrh;
fr_info_t fi;
u_short len;
char *s;
mri = aps->aps_data;
if (mri == NULL)
return 0;
tcp = (tcphdr_t *)fin->fin_dp;
dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2);
if (dlen < IPF_MINMSNRPCLEN)
return 0;
mrh = (msnrpchdr_t *)((char *)tcp + (TCP_OFF(tcp) << 2));
if (ippr_msnrpc_check(ip, mrh))
return 0;
mri->mri_valid++;
switch (mrh->mrh_type)
{
case 0x0c : /* BIND ACK */
if (mri->mri_cmd[1] != 0x0b)
return 0;
break;
case 0x02 : /* RESPONSE */
if (mri->mri_cmd[1] != 0x00)
return 0;
break;
case 0x0b : /* BIND */
case 0x00 : /* REQUEST */
default:
return 0;
}
mri->mri_cmd[0] = mrh->mrh_type;
dlen -= sizeof(*mrh);
/*
* Only processes RESPONSE's
*/
if (mrh->mrh_type != 0x02)
return 0;
/*
* Skip over some bytes...what are these really ?
*/
if (dlen <= 44)
return 0;
s = (char *)(mrh + 1) + 20;
dlen -= 20;
bcopy(s, (char *)&len, sizeof(len));
if (len == 1) {
s += 20;
dlen -= 20;
} else if (len == 2) {
s += 24;
dlen -= 24;
} else
return 0;
if (dlen <= 10)
return 0;
dlen -= 10;
bcopy(s, (char *)&sz, sizeof(sz));
s += sizeof(sz);
bcopy(s, (char *)&sz2, sizeof(sz2));
s += sizeof(sz2);
if (sz2 != sz)
return 0;
if (sz > dlen)
return 0;
if (*s++ != 5)
return 0;
if (*s++ != 0)
return 0;
sz -= IPF_MSNRPCSKIP;
s += IPF_MSNRPCSKIP;
dlen -= IPF_MSNRPCSKIP;
do {
if (sz < 7 || dlen < 7)
break;
bcopy(s, (char *)&len, sizeof(len));
if (dlen < len)
break;
if (sz < len)
break;
if (len != 1)
break;
sz -= 3;
i = *(s + 2);
s += 3;
dlen -= 3;
bcopy(s, (char *)&len, sizeof(len));
if (dlen < len)
break;
if (sz < len)
break;
s += sizeof(len);
switch (i)
{
case 7 :
if (len == 2) {
bcopy(s, (char *)&mri->mri_rport, 2);
mri->mri_flags |= 1;
}
break;
case 9 :
if (len == 4) {
bcopy(s, (char *)&mri->mri_raddr, 4);
mri->mri_flags |= 2;
}
break;
default :
break;
}
sz -= len;
s += len;
dlen -= len;
} while (sz > 0);
if (mri->mri_flags == 3) {
int slen;
bcopy((char *)fin, (char *)&fi, sizeof(fi));
bzero((char *)tcp2, sizeof(*tcp2));
slen = ip->ip_len;
ip->ip_len = fin->fin_hlen + sizeof(*tcp2);
bcopy((char *)fin, (char *)&fi, sizeof(fi));
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_win = htons(8192);
TCP_OFF_A(tcp2, 5);
fi.fin_data[0] = htons(mri->mri_rport);
tcp2->th_sport = mri->mri_rport;
fi.fin_data[1] = 0;
tcp2->th_dport = 0;
fi.fin_state = NULL;
fi.fin_nat = NULL;
fi.fin_dlen = sizeof(*tcp2);
fi.fin_plen = fi.fin_hlen + sizeof(*tcp2);
fi.fin_dp = (char *)tcp2;
fi.fin_fi.fi_daddr = ip->ip_dst.s_addr;
fi.fin_fi.fi_saddr = mri->mri_raddr.s_addr;
if (!fi.fin_fr)
fi.fin_fr = &msnfr;
if (fr_stlookup(&fi, NULL, NULL)) {
RWLOCK_EXIT(&ipf_state);
} else {
(void) fr_addstate(&fi, NULL, SI_W_DPORT|SI_CLONE);
if (fi.fin_state != NULL)
fr_statederef(&fi, (ipstate_t **)&fi.fin_state);
}
ip->ip_len = slen;
}
mri->mri_flags = 0;
return 0;
}

403
contrib/ipfilter/ipf.h
View File

@ -1,403 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipf.h 1.12 6/5/96
* $Id$
*/
#ifndef __IPF_H__
#define __IPF_H__
#if defined(__osf__)
# define radix_mask ipf_radix_mask
# define radix_node ipf_radix_node
# define radix_node_head ipf_radix_node_head
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/file.h>
/*
* This is a workaround for <sys/uio.h> troubles on FreeBSD, HPUX, OpenBSD.
* Needed here because on some systems <sys/uio.h> gets included by things
* like <sys/socket.h>
*/
#ifndef _KERNEL
# define ADD_KERNEL
# define _KERNEL
# define KERNEL
#endif
#ifdef __OpenBSD__
struct file;
#endif
#include <sys/uio.h>
#ifdef ADD_KERNEL
# undef _KERNEL
# undef KERNEL
#endif
#include <sys/time.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#ifndef TCP_PAWS_IDLE /* IRIX */
# include <netinet/tcp.h>
#endif
#include <netinet/udp.h>
#include <arpa/inet.h>
#include <errno.h>
#include <limits.h>
#include <netdb.h>
#include <stdlib.h>
#include <stddef.h>
#include <stdio.h>
#if !defined(__SVR4) && !defined(__svr4__) && defined(sun)
# include <strings.h>
#endif
#include <string.h>
#include <unistd.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_frag.h"
#include "netinet/ip_state.h"
#include "netinet/ip_proxy.h"
#include "netinet/ip_auth.h"
#include "netinet/ip_lookup.h"
#include "netinet/ip_pool.h"
#include "netinet/ip_scan.h"
#include "netinet/ip_htable.h"
#include "netinet/ip_sync.h"
#include "netinet/ip_dstlist.h"
#include "opts.h"
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
#ifndef __STDC__
# undef const
# define const
#endif
#ifndef U_32_T
# define U_32_T 1
# if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \
defined(__sgi)
typedef u_int32_t u_32_t;
# else
# if defined(__alpha__) || defined(__alpha) || defined(_LP64)
typedef unsigned int u_32_t;
# else
# if SOLARIS2 >= 6
typedef uint32_t u_32_t;
# else
typedef unsigned int u_32_t;
# endif
# endif
# endif /* __NetBSD__ || __OpenBSD__ || __FreeBSD__ || __sgi */
#endif /* U_32_T */
#ifndef MAXHOSTNAMELEN
# define MAXHOSTNAMELEN 256
#endif
#define MAX_ICMPCODE 16
#define MAX_ICMPTYPE 19
#define PRINTF (void)printf
#define FPRINTF (void)fprintf
struct ipopt_names {
int on_value;
int on_bit;
int on_siz;
char *on_name;
};
typedef struct alist_s {
struct alist_s *al_next;
int al_not;
int al_family;
i6addr_t al_i6addr;
i6addr_t al_i6mask;
} alist_t;
#define al_addr al_i6addr.in4_addr
#define al_mask al_i6mask.in4_addr
#define al_1 al_addr
#define al_2 al_mask
typedef struct plist_s {
struct plist_s *pl_next;
int pl_compare;
u_short pl_port1;
u_short pl_port2;
} plist_t;
typedef struct {
u_short fb_c;
u_char fb_t;
u_char fb_f;
u_32_t fb_k;
} fakebpf_t;
typedef struct {
char *it_name;
int it_v4;
int it_v6;
} icmptype_t;
typedef struct wordtab {
char *w_word;
int w_value;
} wordtab_t;
typedef struct namelist {
struct namelist *na_next;
char *na_name;
int na_value;
} namelist_t;
typedef struct proxyrule {
struct proxyrule *pr_next;
char *pr_proxy;
char *pr_conf;
namelist_t *pr_names;
int pr_proto;
} proxyrule_t;
#if defined(__NetBSD__) || defined(__OpenBSD__) || \
(_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \
SOLARIS || defined(__sgi) || defined(__osf__) || defined(linux)
# include <stdarg.h>
typedef int (* ioctlfunc_t) __P((int, ioctlcmd_t, ...));
#else
typedef int (* ioctlfunc_t) __P((dev_t, ioctlcmd_t, void *));
#endif
typedef int (* addfunc_t) __P((int, ioctlfunc_t, void *));
typedef int (* copyfunc_t) __P((void *, void *, size_t));
/*
* SunOS4
*/
#if defined(sun) && !defined(__SVR4) && !defined(__svr4__)
extern int ioctl __P((int, int, void *));
#endif
extern char thishost[];
extern char flagset[];
extern u_char flags[];
extern struct ipopt_names ionames[];
extern struct ipopt_names secclass[];
extern char *icmpcodes[MAX_ICMPCODE + 1];
extern char *icmptypes[MAX_ICMPTYPE + 1];
extern int use_inet6;
extern int lineNum;
extern int debuglevel;
extern struct ipopt_names v6ionames[];
extern icmptype_t icmptypelist[];
extern wordtab_t statefields[];
extern wordtab_t natfields[];
extern wordtab_t poolfields[];
extern int addicmp __P((char ***, struct frentry *, int));
extern int addipopt __P((char *, struct ipopt_names *, int, char *));
extern int addkeep __P((char ***, struct frentry *, int));
extern alist_t *alist_new __P((int, char *));
extern void alist_free __P((alist_t *));
extern void assigndefined __P((char *));
extern void binprint __P((void *, size_t));
extern u_32_t buildopts __P((char *, char *, int));
extern int checkrev __P((char *));
extern int connecttcp __P((char *, int));
extern int count6bits __P((u_32_t *));
extern int count4bits __P((u_32_t));
extern char *fac_toname __P((int));
extern int fac_findname __P((char *));
extern const char *familyname __P((const int));
extern void fill6bits __P((int, u_int *));
extern wordtab_t *findword __P((wordtab_t *, char *));
extern int ftov __P((int));
extern char *ipf_geterror __P((int, ioctlfunc_t *));
extern int genmask __P((int, char *, i6addr_t *));
extern int gethost __P((int, char *, i6addr_t *));
extern int geticmptype __P((int, char *));
extern int getport __P((struct frentry *, char *, u_short *, char *));
extern int getportproto __P((char *, int));
extern int getproto __P((char *));
extern char *getnattype __P((struct nat *));
extern char *getsumd __P((u_32_t));
extern u_32_t getoptbyname __P((char *));
extern u_32_t getoptbyvalue __P((int));
extern u_32_t getv6optbyname __P((char *));
extern u_32_t getv6optbyvalue __P((int));
extern char *icmptypename __P((int, int));
extern void initparse __P((void));
extern void ipf_dotuning __P((int, char *, ioctlfunc_t));
extern int ipf_addrule __P((int, ioctlfunc_t, void *));
extern void ipf_mutex_clean __P((void));
extern int ipf_parsefile __P((int, addfunc_t, ioctlfunc_t *, char *));
extern int ipf_parsesome __P((int, addfunc_t, ioctlfunc_t *, FILE *));
extern void ipf_perror __P((int, char *));
extern int ipf_perror_fd __P(( int, ioctlfunc_t, char *));
extern void ipf_rwlock_clean __P((void));
extern char *ipf_strerror __P((int));
extern void ipferror __P((int, char *));
extern int ipmon_parsefile __P((char *));
extern int ipmon_parsesome __P((FILE *));
extern int ipnat_addrule __P((int, ioctlfunc_t, void *));
extern int ipnat_parsefile __P((int, addfunc_t, ioctlfunc_t, char *));
extern int ipnat_parsesome __P((int, addfunc_t, ioctlfunc_t, FILE *));
extern int ippool_parsefile __P((int, char *, ioctlfunc_t));
extern int ippool_parsesome __P((int, FILE *, ioctlfunc_t));
extern int kmemcpywrap __P((void *, void *, size_t));
extern char *kvatoname __P((ipfunc_t, ioctlfunc_t));
extern int load_dstlist __P((struct ippool_dst *, ioctlfunc_t,
ipf_dstnode_t *));
extern int load_dstlistnode __P((int, char *, struct ipf_dstnode *,
ioctlfunc_t));
extern alist_t *load_file __P((char *));
extern int load_hash __P((struct iphtable_s *, struct iphtent_s *,
ioctlfunc_t));
extern int load_hashnode __P((int, char *, struct iphtent_s *, int,
ioctlfunc_t));
extern alist_t *load_http __P((char *));
extern int load_pool __P((struct ip_pool_s *list, ioctlfunc_t));
extern int load_poolnode __P((int, char *, ip_pool_node_t *, int, ioctlfunc_t));
extern alist_t *load_url __P((char *));
extern alist_t *make_range __P((int, struct in_addr, struct in_addr));
extern void mb_hexdump __P((mb_t *, FILE *));
extern ipfunc_t nametokva __P((char *, ioctlfunc_t));
extern void nat_setgroupmap __P((struct ipnat *));
extern int ntomask __P((int, int, u_32_t *));
extern u_32_t optname __P((char ***, u_short *, int));
extern wordtab_t *parsefields __P((wordtab_t *, char *));
extern int *parseipfexpr __P((char *, char **));
extern int parsewhoisline __P((char *, addrfamily_t *, addrfamily_t *));
extern void pool_close __P((void));
extern int pool_fd __P((void));
extern int pool_ioctl __P((ioctlfunc_t, ioctlcmd_t, void *));
extern int pool_open __P((void));
extern char *portname __P((int, int));
extern int pri_findname __P((char *));
extern char *pri_toname __P((int));
extern void print_toif __P((int, char *, char *, struct frdest *));
extern void printaps __P((ap_session_t *, int, int));
extern void printaddr __P((int, int, char *, int, u_32_t *, u_32_t *));
extern void printbuf __P((char *, int, int));
extern void printfieldhdr __P((wordtab_t *, wordtab_t *));
extern void printfr __P((struct frentry *, ioctlfunc_t));
extern struct iphtable_s *printhash __P((struct iphtable_s *, copyfunc_t,
char *, int, wordtab_t *));
extern struct iphtable_s *printhash_live __P((iphtable_t *, int, char *,
int, wordtab_t *));
extern ippool_dst_t *printdstl_live __P((ippool_dst_t *, int, char *,
int, wordtab_t *));
extern void printhashdata __P((iphtable_t *, int));
extern struct iphtent_s *printhashnode __P((struct iphtable_s *,
struct iphtent_s *,
copyfunc_t, int, wordtab_t *));
extern void printhost __P((int, u_32_t *));
extern void printhostmask __P((int, u_32_t *, u_32_t *));
extern void printip __P((int, u_32_t *));
extern void printlog __P((struct frentry *));
extern void printlookup __P((char *, i6addr_t *addr, i6addr_t *mask));
extern void printmask __P((int, u_32_t *));
extern void printnataddr __P((int, char *, nat_addr_t *, int));
extern void printnatfield __P((nat_t *, int));
extern void printnatside __P((char *, nat_stat_side_t *));
extern void printpacket __P((int, mb_t *));
extern void printpacket6 __P((int, mb_t *));
extern struct ippool_dst *printdstlist __P((struct ippool_dst *, copyfunc_t,
char *, int, ipf_dstnode_t *,
wordtab_t *));
extern void printdstlistdata __P((ippool_dst_t *, int));
extern ipf_dstnode_t *printdstlistnode __P((ipf_dstnode_t *, copyfunc_t,
int, wordtab_t *));
extern void printdstlistpolicy __P((ippool_policy_t));
extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t,
char *, int, wordtab_t *));
extern struct ip_pool_s *printpool_live __P((struct ip_pool_s *, int,
char *, int, wordtab_t *));
extern void printpooldata __P((ip_pool_t *, int));
extern void printpoolfield __P((void *, int, int));
extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *,
int, wordtab_t *));
extern void printproto __P((struct protoent *, int, struct ipnat *));
extern void printportcmp __P((int, struct frpcmp *));
extern void printstatefield __P((ipstate_t *, int));
extern void printtqtable __P((ipftq_t *));
extern void printtunable __P((ipftune_t *));
extern void printunit __P((int));
extern void optprint __P((u_short *, u_long, u_long));
#ifdef USE_INET6
extern void optprintv6 __P((u_short *, u_long, u_long));
#endif
extern int remove_hash __P((struct iphtable_s *, ioctlfunc_t));
extern int remove_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t));
extern int remove_pool __P((ip_pool_t *, ioctlfunc_t));
extern int remove_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t));
extern u_char tcpflags __P((char *));
extern void printc __P((struct frentry *));
extern void printC __P((int));
extern void emit __P((int, int, void *, struct frentry *));
extern u_char secbit __P((int));
extern u_char seclevel __P((char *));
extern void printfraginfo __P((char *, struct ipfr *));
extern void printifname __P((char *, char *, void *));
extern char *hostname __P((int, void *));
extern struct ipstate *printstate __P((struct ipstate *, int, u_long));
extern void printsbuf __P((char *));
extern void printnat __P((struct ipnat *, int));
extern void printactiveaddress __P((int, char *, i6addr_t *, char *));
extern void printactivenat __P((struct nat *, int, u_long));
extern void printhostmap __P((struct hostmap *, u_int));
extern void printtcpflags __P((u_32_t, u_32_t));
extern void printipfexpr __P((int *));
extern void printstatefield __P((ipstate_t *, int));
extern void printstatefieldhdr __P((int));
extern int sendtrap_v1_0 __P((int, char *, char *, int, time_t));
extern int sendtrap_v2_0 __P((int, char *, char *, int));
extern int vtof __P((int));
extern void set_variable __P((char *, char *));
extern char *get_variable __P((char *, char **, int));
extern void resetlexer __P((void));
extern void debug __P((int, char *, ...));
extern void verbose __P((int, char *, ...));
extern void ipfkdebug __P((char *, ...));
extern void ipfkverbose __P((char *, ...));
#if SOLARIS
extern int gethostname __P((char *, int ));
extern void sync __P((void));
#endif
#endif /* __IPF_H__ */

364
contrib/ipfilter/ipf_rb.h
View File

@ -1,364 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
typedef enum rbcolour_e {
C_BLACK = 0,
C_RED = 1
} rbcolour_t;
#define RBI_LINK(_n, _t) \
struct _n##_rb_link { \
struct _t *left; \
struct _t *right; \
struct _t *parent; \
rbcolour_t colour; \
}
#define RBI_HEAD(_n, _t) \
struct _n##_rb_head { \
struct _t top; \
int count; \
int (* compare)(struct _t *, struct _t *); \
}
#define RBI_CODE(_n, _t, _f, _cmp) \
\
typedef void (*_n##_rb_walker_t)(_t *, void *); \
\
_t * _n##_rb_delete(struct _n##_rb_head *, _t *); \
void _n##_rb_init(struct _n##_rb_head *); \
void _n##_rb_insert(struct _n##_rb_head *, _t *); \
_t * _n##_rb_search(struct _n##_rb_head *, void *); \
void _n##_rb_walktree(struct _n##_rb_head *, _n##_rb_walker_t, void *);\
\
static void \
rotate_left(struct _n##_rb_head *head, _t *node) \
{ \
_t *parent, *tmp1, *tmp2; \
\
parent = node->_f.parent; \
tmp1 = node->_f.right; \
tmp2 = tmp1->_f.left; \
node->_f.right = tmp2; \
if (tmp2 != & _n##_rb_zero) \
tmp2->_f.parent = node; \
if (parent == & _n##_rb_zero) \
head->top._f.right = tmp1; \
else if (parent->_f.right == node) \
parent->_f.right = tmp1; \
else \
parent->_f.left = tmp1; \
tmp1->_f.left = node; \
tmp1->_f.parent = parent; \
node->_f.parent = tmp1; \
} \
\
static void \
rotate_right(struct _n##_rb_head *head, _t *node) \
{ \
_t *parent, *tmp1, *tmp2; \
\
parent = node->_f.parent; \
tmp1 = node->_f.left; \
tmp2 = tmp1->_f.right; \
node->_f.left = tmp2; \
if (tmp2 != &_n##_rb_zero) \
tmp2->_f.parent = node; \
if (parent == &_n##_rb_zero) \
head->top._f.right = tmp1; \
else if (parent->_f.right == node) \
parent->_f.right = tmp1; \
else \
parent->_f.left = tmp1; \
tmp1->_f.right = node; \
tmp1->_f.parent = parent; \
node->_f.parent = tmp1; \
} \
\
void \
_n##_rb_insert(struct _n##_rb_head *head, _t *node) \
{ \
_t *n, *parent, **p, *tmp1, *gparent; \
\
parent = &head->top; \
node->_f.left = &_n##_rb_zero; \
node->_f.right = &_n##_rb_zero; \
p = &head->top._f.right; \
while ((n = *p) != &_n##_rb_zero) { \
if (_cmp(node, n) < 0) \
p = &n->_f.left; \
else \
p = &n->_f.right; \
parent = n; \
} \
*p = node; \
node->_f.colour = C_RED; \
node->_f.parent = parent; \
\
while ((node != &_n##_rb_zero) && (parent->_f.colour == C_RED)){\
gparent = parent->_f.parent; \
if (parent == gparent->_f.left) { \
tmp1 = gparent->_f.right; \
if (tmp1->_f.colour == C_RED) { \
parent->_f.colour = C_BLACK; \
tmp1->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
node = gparent; \
} else { \
if (node == parent->_f.right) { \
node = parent; \
rotate_left(head, node); \
parent = node->_f.parent; \
} \
parent->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
rotate_right(head, gparent); \
} \
} else { \
tmp1 = gparent->_f.left; \
if (tmp1->_f.colour == C_RED) { \
parent->_f.colour = C_BLACK; \
tmp1->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
node = gparent; \
} else { \
if (node == parent->_f.left) { \
node = parent; \
rotate_right(head, node); \
parent = node->_f.parent; \
} \
parent->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
rotate_left(head, parent->_f.parent); \
} \
} \
parent = node->_f.parent; \
} \
head->top._f.right->_f.colour = C_BLACK; \
head->count++; \
} \
\
static void \
deleteblack(struct _n##_rb_head *head, _t *parent, _t *node) \
{ \
_t *tmp; \
\
while ((node == &_n##_rb_zero || node->_f.colour == C_BLACK) && \
node != &head->top) { \
if (parent->_f.left == node) { \
tmp = parent->_f.right; \
if (tmp->_f.colour == C_RED) { \
tmp->_f.colour = C_BLACK; \
parent->_f.colour = C_RED; \
rotate_left(head, parent); \
tmp = parent->_f.right; \
} \
if ((tmp->_f.left == &_n##_rb_zero || \
tmp->_f.left->_f.colour == C_BLACK) && \
(tmp->_f.right == &_n##_rb_zero || \
tmp->_f.right->_f.colour == C_BLACK)) { \
tmp->_f.colour = C_RED; \
node = parent; \
parent = node->_f.parent; \
} else { \
if (tmp->_f.right == &_n##_rb_zero || \
tmp->_f.right->_f.colour == C_BLACK) {\
_t *tmp2 = tmp->_f.left; \
\
if (tmp2 != &_n##_rb_zero) \
tmp2->_f.colour = C_BLACK;\
tmp->_f.colour = C_RED; \
rotate_right(head, tmp); \
tmp = parent->_f.right; \
} \
tmp->_f.colour = parent->_f.colour; \
parent->_f.colour = C_BLACK; \
if (tmp->_f.right != &_n##_rb_zero) \
tmp->_f.right->_f.colour = C_BLACK;\
rotate_left(head, parent); \
node = head->top._f.right; \
} \
} else { \
tmp = parent->_f.left; \
if (tmp->_f.colour == C_RED) { \
tmp->_f.colour = C_BLACK; \
parent->_f.colour = C_RED; \
rotate_right(head, parent); \
tmp = parent->_f.left; \
} \
if ((tmp->_f.left == &_n##_rb_zero || \
tmp->_f.left->_f.colour == C_BLACK) && \
(tmp->_f.right == &_n##_rb_zero || \
tmp->_f.right->_f.colour == C_BLACK)) { \
tmp->_f.colour = C_RED; \
node = parent; \
parent = node->_f.parent; \
} else { \
if (tmp->_f.left == &_n##_rb_zero || \
tmp->_f.left->_f.colour == C_BLACK) {\
_t *tmp2 = tmp->_f.right; \
\
if (tmp2 != &_n##_rb_zero) \
tmp2->_f.colour = C_BLACK;\
tmp->_f.colour = C_RED; \
rotate_left(head, tmp); \
tmp = parent->_f.left; \
} \
tmp->_f.colour = parent->_f.colour; \
parent->_f.colour = C_BLACK; \
if (tmp->_f.left != &_n##_rb_zero) \
tmp->_f.left->_f.colour = C_BLACK;\
rotate_right(head, parent); \
node = head->top._f.right; \
break; \
} \
} \
} \
if (node != &_n##_rb_zero) \
node->_f.colour = C_BLACK; \
} \
\
_t * \
_n##_rb_delete(struct _n##_rb_head *head, _t *node) \
{ \
_t *child, *parent, *old = node, *left; \
rbcolour_t color; \
\
if (node->_f.left == &_n##_rb_zero) { \
child = node->_f.right; \
} else if (node->_f.right == &_n##_rb_zero) { \
child = node->_f.left; \
} else { \
node = node->_f.right; \
while ((left = node->_f.left) != &_n##_rb_zero) \
node = left; \
child = node->_f.right; \
parent = node->_f.parent; \
color = node->_f.colour; \
if (child != &_n##_rb_zero) \
child->_f.parent = parent; \
if (parent != &_n##_rb_zero) { \
if (parent->_f.left == node) \
parent->_f.left = child; \
else \
parent->_f.right = child; \
} else { \
head->top._f.right = child; \
} \
if (node->_f.parent == old) \
parent = node; \
*node = *old; \
if (old->_f.parent != &_n##_rb_zero) { \
if (old->_f.parent->_f.left == old) \
old->_f.parent->_f.left = node; \
else \
old->_f.parent->_f.right = node; \
} else { \
head->top._f.right = child; \
} \
old->_f.left->_f.parent = node; \
if (old->_f.right != &_n##_rb_zero) \
old->_f.right->_f.parent = node; \
if (parent != &_n##_rb_zero) { \
left = parent; \
} \
goto colour; \
} \
parent = node->_f.parent; \
color= node->_f.colour; \
if (child != &_n##_rb_zero) \
child->_f.parent = parent; \
if (parent != &_n##_rb_zero) { \
if (parent->_f.left == node) \
parent->_f.left = child; \
else \
parent->_f.right = child; \
} else { \
head->top._f.right = child; \
} \
colour: \
if (color == C_BLACK) \
deleteblack(head, parent, node); \
head->count--; \
return old; \
} \
\
void \
_n##_rb_init(struct _n##_rb_head *head) \
{ \
memset(head, 0, sizeof(*head)); \
memset(&_n##_rb_zero, 0, sizeof(_n##_rb_zero)); \
head->top._f.left = &_n##_rb_zero; \
head->top._f.right = &_n##_rb_zero; \
head->top._f.parent = &head->top; \
_n##_rb_zero._f.left = &_n##_rb_zero; \
_n##_rb_zero._f.right = &_n##_rb_zero; \
_n##_rb_zero._f.parent = &_n##_rb_zero; \
} \
\
void \
_n##_rb_walktree(struct _n##_rb_head *head, _n##_rb_walker_t func, void *arg)\
{ \
_t *prev; \
_t *next; \
_t *node = head->top._f.right; \
_t *base; \
\
while (node != &_n##_rb_zero) \
node = node->_f.left; \
\
for (;;) { \
base = node; \
prev = node; \
while ((node->_f.parent->_f.right == node) && \
(node != &_n##_rb_zero)) { \
prev = node; \
node = node->_f.parent; \
} \
\
node = prev; \
for (node = node->_f.parent->_f.right; node != &_n##_rb_zero;\
node = node->_f.left) \
prev = node; \
next = prev; \
\
if (node != &_n##_rb_zero) \
func(node, arg); \
\
node = next; \
if (node == &_n##_rb_zero) \
break; \
} \
} \
\
_t * \
_n##_rb_search(struct _n##_rb_head *head, void *key) \
{ \
int match; \
_t *node; \
node = head->top._f.right; \
while (node != &_n##_rb_zero) { \
match = _cmp(key, node); \
if (match == 0) \
break; \
if (match< 0) \
node = node->_f.left; \
else \
node = node->_f.right; \
} \
if (node == &_n##_rb_zero || match != 0) \
return (NULL); \
return (node); \
}
#define RBI_DELETE(_n, _h, _v) _n##_rb_delete(_h, _v)
#define RBI_FIELD(_n) struct _n##_rb_link
#define RBI_INIT(_n, _h) _n##_rb_init(_h)
#define RBI_INSERT(_n, _h, _v) _n##_rb_insert(_h, _v)
#define RBI_ISEMPTY(_h) ((_h)->count == 0)
#define RBI_SEARCH(_n, _h, _k) _n##_rb_search(_h, _k)
#define RBI_WALK(_n, _h, _w, _a) _n##_rb_walktree(_h, _w, _a)
#define RBI_ZERO(_n) _n##_rb_zero

69
contrib/ipfilter/iplang/BNF
View File

@ -1,69 +0,0 @@
line ::= iface | arp | send | defrouter | ipv4line .
iface ::= ifhdr "{" ifaceopts "}" ";" .
ifhdr ::= "interface" | "iface" .
ifaceopts ::= "ifname" name | "mtu" mtu | "v4addr" ipaddr |
"eaddr" eaddr .
send ::= "send" ";" | "send" "{" sendbodyopts "}" ";" .
sendbodyopts ::= sendbody [ sendbodyopts ] .
sendbody ::= "ifname" name | "via" ipaddr .
defrouter ::= "router" ipaddr .
arp ::= "arp" "{" arpbodyopts "}" ";" .
arpbodyopts ::= arpbody [ arpbodyopts ] .
arpbody ::= "v4addr" ipaddr | "eaddr" eaddr .
bodyline ::= ipv4line | tcpline | udpline | icmpline | dataline .
ipv4line ::= "ipv4" "{" ipv4bodyopts "}" ";" .
ipv4bodyopts ::= ipv4body [ ipv4bodyopts ] | bodyline .
ipv4body ::= "proto" protocol | "src" ipaddr | "dst" ipaddr |
"off" number | "v" number | "hl" number| "id" number |
"ttl" number | "tos" number | "sum" number | "len" number |
"opt" "{" ipv4optlist "}" ";" .
ipv4optlist ::= ipv4option [ ipv4optlist ] .
ipv4optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" |
"tr" | "sec" | "lsrr" | "e-sec" | "cipso" | "satid" |
"ssrr" | "addext" | "visa" | "imitd" | "eip" | "finn" |
"secclass" ipv4secclass.
ipv4secclass := "unclass" | "confid" | "reserv-1" | "reserv-2" |
"reserv-3" | "reserv-4" | "secret" | "topsecret" .
tcpline ::= "tcp" "{" tcpbodyopts "}" ";" .
tcpbodyopts ::= tcpbody [ tcpbodyopts ] | bodyline .
tcpbody ::= "sport" port | "dport" port | "seq" number | "ack" number |
"off" number | "urp" number | "win" number | "sum" number |
"flags" tcpflags | data .
udpline ::= "udp" "{" udpbodyopts "}" ";" .
udpbodyopts ::= udpbody [ udpbodyopts ] | bodyline .
udpbody ::= "sport" port | "dport" port | "len" number | "sum" number |
data .
icmpline ::= "icmp" "{" icmpbodyopts "}" ";" .
icmpbodyopts ::= icmpbody [ icmpbodyopts ] | bodyline .
icmpbody ::= "type" icmptype [ "code" icmpcode ] .
icmptype ::= "echorep" | "echorep" "{" echoopts "}" ";" | "unreach" |
"unreach" "{" unreachtype "}" ";" | "squench" | "redir" |
"redir" "{" redirtype "}" ";" | "echo" "{" echoopts "}" ";" |
"echo" | "routerad" | "routersol" | "timex" |
"timex" "{" timextype "}" ";" | "paramprob" |
"paramprob" "{" parapptype "}" ";" | "timest" | "timestrep" |
"inforeq" | "inforep" | "maskreq" | "maskrep" .
echoopts ::= echoopts [ icmpechoopts ] .
unreachtype ::= "net-unr" | "host-unr" | "proto-unr" | "port-unr" |
"needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" |
"net-prohib" | "host-prohib" | "net-tos" | "host-tos" |
"filter-prohib" | "host-preced" | "cutoff-preced" .
redirtype ::= "net-redir" | "host-redir" | "tos-net-redir" |
"tos-host-redir" .
timextype ::= "intrans" | "reass" .
paramptype ::= "optabsent" .
data ::= "data" "{" databodyopts "}" ";" .
databodyopts ::= "len" number | "value" string | "file" filename .
icmpechoopts ::= "icmpseq" number | "icmpid" number .

31
contrib/ipfilter/iplang/Makefile
View File

@ -1,31 +0,0 @@
#
# See the IPFILTER.LICENCE file for details on licencing.
#
#CC=gcc -Wuninitialized -Wstrict-prototypes -Werror -O
CFLAGS=-I..
all: $(DESTDIR)/iplang_y.o $(DESTDIR)/iplang_l.o
$(DESTDIR)/iplang_y.o: $(DESTDIR)/iplang_y.c
$(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/iplang_y.c -o $@
$(DESTDIR)/iplang_l.o: $(DESTDIR)/iplang_l.c
$(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/iplang_l.c -o $@
iplang_y.o: iplang_y.c
$(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c $< -o $@
iplang_l.o: iplang_l.c
$(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c $< -o $@
$(DESTDIR)/iplang_l.c: iplang_l.l $(DESTDIR)/iplang_y.h
lex iplang_l.l
mv lex.yy.c $(DESTDIR)/iplang_l.c
$(DESTDIR)/iplang_y.c $(DESTDIR)/iplang_y.h: iplang_y.y
yacc -d iplang_y.y
mv y.tab.c $(DESTDIR)/iplang_y.c
mv y.tab.h $(DESTDIR)/iplang_y.h
clean:
/bin/rm -f *.o lex.yy.c y.tab.c y.tab.h

54
contrib/ipfilter/iplang/iplang.h
View File

@ -1,54 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
typedef struct iface {
int if_MTU;
char *if_name;
struct in_addr if_addr;
struct ether_addr if_eaddr;
struct iface *if_next;
int if_fd;
} iface_t;
typedef struct send {
struct iface *snd_if;
struct in_addr snd_gw;
} send_t;
typedef struct arp {
struct in_addr arp_addr;
struct ether_addr arp_eaddr;
struct arp *arp_next;
} arp_t;
typedef struct aniphdr {
union {
ip_t *ahu_ip;
char *ahu_data;
tcphdr_t *ahu_tcp;
udphdr_t *ahu_udp;
icmphdr_t *ahu_icmp;
} ah_un;
int ah_optlen;
int ah_lastopt;
int ah_p;
size_t ah_len;
struct aniphdr *ah_next;
struct aniphdr *ah_prev;
} aniphdr_t;
#define ah_ip ah_un.ahu_ip
#define ah_data ah_un.ahu_data
#define ah_tcp ah_un.ahu_tcp
#define ah_udp ah_un.ahu_udp
#define ah_icmp ah_un.ahu_icmp
extern int get_arpipv4 __P((char *, char *));

11
contrib/ipfilter/iplang/iplang.tst
View File

@ -1,11 +0,0 @@
#
interface { ifname le0; mtu 1500; } ;
ipv4 {
src 1.1.1.1; dst 2.2.2.2;
tcp {
seq 12345; ack 0; sport 9999; dport 23; flags S;
data { value "abcdef"; } ;
} ;
} ;
send { via 10.1.1.1; } ;

322
contrib/ipfilter/iplang/iplang_l.l
View File

@ -1,322 +0,0 @@
/* $FreeBSD$ */
%{
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include <stdio.h>
#include <string.h>
#include <sys/param.h>
#if defined(__SVR4) || defined(__sysv__)
#include <sys/stream.h>
#endif
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include "iplang_y.h"
#include "ipf.h"
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
extern int opts;
int lineNum = 0, ipproto = 0, oldipproto = 0, next = -1, laststate = 0;
int *prstack = NULL, numpr = 0, state = 0, token = 0;
void yyerror __P((char *));
void push_proto __P((void));
void pop_proto __P((void));
int next_state __P((int, int));
int next_item __P((int));
int save_token __P((void));
void swallow __P((void));
int yylex __P((void));
struct lwordtab {
char *word;
int state;
int next;
};
struct lwordtab words[] = {
{ "interface", IL_INTERFACE, -1 },
{ "iface", IL_INTERFACE, -1 },
{ "name", IL_IFNAME, IL_TOKEN },
{ "ifname", IL_IFNAME, IL_TOKEN },
{ "router", IL_DEFROUTER, IL_TOKEN },
{ "mtu", IL_MTU, IL_NUMBER },
{ "eaddr", IL_EADDR, IL_TOKEN },
{ "v4addr", IL_V4ADDR, IL_TOKEN },
{ "ipv4", IL_IPV4, -1 },
{ "v", IL_V4V, IL_TOKEN },
{ "proto", IL_V4PROTO, IL_TOKEN },
{ "hl", IL_V4HL, IL_TOKEN },
{ "id", IL_V4ID, IL_TOKEN },
{ "ttl", IL_V4TTL, IL_TOKEN },
{ "tos", IL_V4TOS, IL_TOKEN },
{ "src", IL_V4SRC, IL_TOKEN },
{ "dst", IL_V4DST, IL_TOKEN },
{ "opt", IL_OPT, -1 },
{ "len", IL_LEN, IL_TOKEN },
{ "off", IL_OFF, IL_TOKEN },
{ "sum", IL_SUM, IL_TOKEN },
{ "tcp", IL_TCP, -1 },
{ "sport", IL_SPORT, IL_TOKEN },
{ "dport", IL_DPORT, IL_TOKEN },
{ "seq", IL_TCPSEQ, IL_TOKEN },
{ "ack", IL_TCPACK, IL_TOKEN },
{ "flags", IL_TCPFL, IL_TOKEN },
{ "urp", IL_TCPURP, IL_TOKEN },
{ "win", IL_TCPWIN, IL_TOKEN },
{ "udp", IL_UDP, -1 },
{ "send", IL_SEND, -1 },
{ "via", IL_VIA, IL_TOKEN },
{ "arp", IL_ARP, -1 },
{ "data", IL_DATA, -1 },
{ "value", IL_DVALUE, IL_TOKEN },
{ "file", IL_DFILE, IL_TOKEN },
{ "nop", IL_IPO_NOP, -1 },
{ "eol", IL_IPO_EOL, -1 },
{ "rr", IL_IPO_RR, -1 },
{ "zsu", IL_IPO_ZSU, -1 },
{ "mtup", IL_IPO_MTUP, -1 },
{ "mtur", IL_IPO_MTUR, -1 },
{ "encode", IL_IPO_ENCODE, -1 },
{ "ts", IL_IPO_TS, -1 },
{ "tr", IL_IPO_TR, -1 },
{ "sec", IL_IPO_SEC, -1 },
{ "secclass", IL_IPO_SECCLASS, IL_TOKEN },
{ "lsrr", IL_IPO_LSRR, -1 },
{ "esec", IL_IPO_ESEC, -1 },
{ "cipso", IL_IPO_CIPSO, -1 },
{ "satid", IL_IPO_SATID, -1 },
{ "ssrr", IL_IPO_SSRR, -1 },
{ "addext", IL_IPO_ADDEXT, -1 },
{ "visa", IL_IPO_VISA, -1 },
{ "imitd", IL_IPO_IMITD, -1 },
{ "eip", IL_IPO_EIP, -1 },
{ "finn", IL_IPO_FINN, -1 },
{ "mss", IL_TCPO_MSS, IL_TOKEN },
{ "wscale", IL_TCPO_WSCALE, IL_TOKEN },
{ "reserv-4", IL_IPS_RESERV4, -1 },
{ "topsecret", IL_IPS_TOPSECRET, -1 },
{ "secret", IL_IPS_SECRET, -1 },
{ "reserv-3", IL_IPS_RESERV3, -1 },
{ "confid", IL_IPS_CONFID, -1 },
{ "unclass", IL_IPS_UNCLASS, -1 },
{ "reserv-2", IL_IPS_RESERV2, -1 },
{ "reserv-1", IL_IPS_RESERV1, -1 },
{ "icmp", IL_ICMP, -1 },
{ "type", IL_ICMPTYPE, -1 },
{ "code", IL_ICMPCODE, -1 },
{ "echorep", IL_ICMP_ECHOREPLY, -1 },
{ "unreach", IL_ICMP_UNREACH, -1 },
{ "squench", IL_ICMP_SOURCEQUENCH, -1 },
{ "redir", IL_ICMP_REDIRECT, -1 },
{ "echo", IL_ICMP_ECHO, -1 },
{ "routerad", IL_ICMP_ROUTERADVERT, -1 },
{ "routersol", IL_ICMP_ROUTERSOLICIT, -1 },
{ "timex", IL_ICMP_TIMXCEED, -1 },
{ "paramprob", IL_ICMP_PARAMPROB, -1 },
{ "timest", IL_ICMP_TSTAMP, -1 },
{ "timestrep", IL_ICMP_TSTAMPREPLY, -1 },
{ "inforeq", IL_ICMP_IREQ, -1 },
{ "inforep", IL_ICMP_IREQREPLY, -1 },
{ "maskreq", IL_ICMP_MASKREQ, -1 },
{ "maskrep", IL_ICMP_MASKREPLY, -1 },
{ "net-unr", IL_ICMP_UNREACH_NET, -1 },
{ "host-unr", IL_ICMP_UNREACH_HOST, -1 },
{ "proto-unr", IL_ICMP_UNREACH_PROTOCOL, -1 },
{ "port-unr", IL_ICMP_UNREACH_PORT, -1 },
{ "needfrag", IL_ICMP_UNREACH_NEEDFRAG, -1 },
{ "srcfail", IL_ICMP_UNREACH_SRCFAIL, -1 },
{ "net-unk", IL_ICMP_UNREACH_NET_UNKNOWN, -1 },
{ "host-unk", IL_ICMP_UNREACH_HOST_UNKNOWN, -1 },
{ "isolate", IL_ICMP_UNREACH_ISOLATED, -1 },
{ "net-prohib", IL_ICMP_UNREACH_NET_PROHIB, -1 },
{ "host-prohib", IL_ICMP_UNREACH_HOST_PROHIB, -1 },
{ "net-tos", IL_ICMP_UNREACH_TOSNET, -1 },
{ "host-tos", IL_ICMP_UNREACH_TOSHOST, -1 },
{ "filter-prohib", IL_ICMP_UNREACH_FILTER_PROHIB, -1 },
{ "host-preced", IL_ICMP_UNREACH_HOST_PRECEDENCE, -1 },
{ "cutoff-preced", IL_ICMP_UNREACH_PRECEDENCE_CUTOFF, -1 },
{ "net-redir", IL_ICMP_REDIRECT_NET, -1 },
{ "host-redir", IL_ICMP_REDIRECT_HOST, -1 },
{ "tos-net-redir", IL_ICMP_REDIRECT_TOSNET, -1 },
{ "tos-host-redir", IL_ICMP_REDIRECT_TOSHOST, -1 },
{ "intrans", IL_ICMP_TIMXCEED_INTRANS, -1 },
{ "reass", IL_ICMP_TIMXCEED_REASS, -1 },
{ "optabsent", IL_ICMP_PARAMPROB_OPTABSENT, -1 },
{ "otime", IL_ICMP_OTIME, -1 },
{ "rtime", IL_ICMP_RTIME, -1 },
{ "ttime", IL_ICMP_TTIME, -1 },
{ "icmpseq", IL_ICMP_SEQ, -1 },
{ "icmpid", IL_ICMP_SEQ, -1 },
{ ".", IL_DOT, -1 },
{ NULL, 0, 0 }
};
%}
white [ \t\r]+
%%
{white} ;
\n { lineNum++; swallow(); }
\{ { push_proto(); return next_item('{'); }
\} { pop_proto(); return next_item('}'); }
; { return next_item(';'); }
[0-9]+ { return next_item(IL_NUMBER); }
[0-9a-fA-F] { return next_item(IL_HEXDIGIT); }
: { return next_item(IL_COLON); }
#[^\n]* { return next_item(IL_COMMENT); }
[^ \{\}\n\t;:{}]* { return next_item(IL_TOKEN); }
\"[^\"]*\" { return next_item(IL_TOKEN); }
%%
void yyerror(msg)
char *msg;
{
fprintf(stderr, "%s error at \"%s\", line %d\n", msg, yytext,
lineNum + 1);
exit(1);
}
void push_proto()
{
numpr++;
if (!prstack)
prstack = (int *)malloc(sizeof(int));
else
prstack = (int *)realloc((char *)prstack, numpr * sizeof(int));
prstack[numpr - 1] = oldipproto;
}
void pop_proto()
{
numpr--;
ipproto = prstack[numpr];
if (!numpr) {
free(prstack);
prstack = NULL;
return;
}
prstack = (int *)realloc((char *)prstack, numpr * sizeof(int));
}
int save_token()
{
yylval.str = strdup((char *)yytext);
return IL_TOKEN;
}
int next_item(nstate)
int nstate;
{
struct lwordtab *wt;
if (opts & OPT_DEBUG)
printf("text=[%s] id=%d next=%d\n", yytext, nstate, next);
if (next == IL_TOKEN) {
next = -1;
return save_token();
}
token++;
for (wt = words; wt->word; wt++)
if (!strcasecmp(wt->word, (char *)yytext))
return next_state(wt->state, wt->next);
if (opts & OPT_DEBUG)
printf("unknown keyword=[%s]\n", yytext);
next = -1;
if (nstate == IL_NUMBER)
yylval.num = atoi((char *)yytext);
token++;
return nstate;
}
int next_state(nstate, fornext)
int nstate, fornext;
{
next = fornext;
switch (nstate)
{
case IL_IPV4 :
case IL_TCP :
case IL_UDP :
case IL_ICMP :
case IL_DATA :
case IL_INTERFACE :
case IL_ARP :
oldipproto = ipproto;
ipproto = nstate;
break;
case IL_SUM :
if (ipproto == IL_IPV4)
nstate = IL_V4SUM;
else if (ipproto == IL_TCP)
nstate = IL_TCPSUM;
else if (ipproto == IL_UDP)
nstate = IL_UDPSUM;
break;
case IL_OPT :
if (ipproto == IL_IPV4)
nstate = IL_V4OPT;
else if (ipproto == IL_TCP)
nstate = IL_TCPOPT;
break;
case IL_IPO_NOP :
if (ipproto == IL_TCP)
nstate = IL_TCPO_NOP;
break;
case IL_IPO_EOL :
if (ipproto == IL_TCP)
nstate = IL_TCPO_EOL;
break;
case IL_IPO_TS :
if (ipproto == IL_TCP)
nstate = IL_TCPO_TS;
break;
case IL_OFF :
if (ipproto == IL_IPV4)
nstate = IL_V4OFF;
else if (ipproto == IL_TCP)
nstate = IL_TCPOFF;
break;
case IL_LEN :
if (ipproto == IL_IPV4)
nstate = IL_V4LEN;
else if (ipproto == IL_UDP)
nstate = IL_UDPLEN;
break;
}
return nstate;
}
void swallow()
{
int c;
c = input();
if (c == '#') {
while ((c != '\n') && (c != EOF))
c = input();
}
if (c != EOF)
unput(c);
}

1858
contrib/ipfilter/iplang/iplang_y.y
View File

File diff suppressed because it is too large Load Diff

142
contrib/ipfilter/ipmon.h
View File

@ -1,142 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_fil.h 1.35 6/5/96
* $Id$
*/
typedef struct ipmon_msg_s {
int imm_msglen;
char *imm_msg;
int imm_dsize;
void *imm_data;
time_t imm_when;
int imm_loglevel;
} ipmon_msg_t;
typedef void (*ims_destroy_func_t)(void *);
typedef void *(*ims_dup_func_t)(void *);
typedef int (*ims_match_func_t)(void *, void *);
typedef void *(*ims_parse_func_t)(char **);
typedef void (*ims_print_func_t)(void *);
typedef int (*ims_store_func_t)(void *, ipmon_msg_t *);
typedef struct ipmon_saver_s {
char *ims_name;
ims_destroy_func_t ims_destroy;
ims_dup_func_t ims_dup;
ims_match_func_t ims_match;
ims_parse_func_t ims_parse;
ims_print_func_t ims_print;
ims_store_func_t ims_store;
} ipmon_saver_t;
typedef struct ipmon_saver_int_s {
struct ipmon_saver_int_s *imsi_next;
ipmon_saver_t *imsi_stor;
void *imsi_handle;
} ipmon_saver_int_t;
typedef struct ipmon_doing_s {
struct ipmon_doing_s *ipmd_next;
void *ipmd_token;
ipmon_saver_t *ipmd_saver;
/*
* ipmd_store is "cached" in this structure to avoid a double
* deref when doing saves....
*/
int (*ipmd_store)(void *, ipmon_msg_t *);
} ipmon_doing_t;
typedef struct ipmon_action {
struct ipmon_action *ac_next;
int ac_mflag; /* collection of things to compare */
int ac_dflag; /* flags to compliment the doing fields */
int ac_logpri;
int ac_direction;
char ac_group[FR_GROUPLEN];
char ac_nattag[16];
u_32_t ac_logtag;
int ac_type; /* nat/state/ipf */
int ac_proto;
int ac_rule;
int ac_packet;
int ac_second;
int ac_result;
u_32_t ac_sip;
u_32_t ac_smsk;
u_32_t ac_dip;
u_32_t ac_dmsk;
u_short ac_sport;
u_short ac_dport;
char *ac_iface;
/*
* used with ac_packet/ac_second
*/
struct timeval ac_last;
int ac_pktcnt;
/*
* What to do with matches
*/
ipmon_doing_t *ac_doing;
} ipmon_action_t;
#define ac_lastsec ac_last.tv_sec
#define ac_lastusec ac_last.tv_usec
/*
* Flags indicating what fields to do matching upon (ac_mflag).
*/
#define IPMAC_DIRECTION 0x0001
#define IPMAC_DSTIP 0x0002
#define IPMAC_DSTPORT 0x0004
#define IPMAC_EVERY 0x0008
#define IPMAC_GROUP 0x0010
#define IPMAC_INTERFACE 0x0020
#define IPMAC_LOGTAG 0x0040
#define IPMAC_NATTAG 0x0080
#define IPMAC_PROTOCOL 0x0100
#define IPMAC_RESULT 0x0200
#define IPMAC_RULE 0x0400
#define IPMAC_SRCIP 0x0800
#define IPMAC_SRCPORT 0x1000
#define IPMAC_TYPE 0x2000
#define IPMAC_WITH 0x4000
#define IPMR_BLOCK 1
#define IPMR_PASS 2
#define IPMR_NOMATCH 3
#define IPMR_LOG 4
#define IPMON_SYSLOG 0x001
#define IPMON_RESOLVE 0x002
#define IPMON_HEXBODY 0x004
#define IPMON_HEXHDR 0x010
#define IPMON_TAIL 0x020
#define IPMON_VERBOSE 0x040
#define IPMON_NAT 0x080
#define IPMON_STATE 0x100
#define IPMON_FILTER 0x200
#define IPMON_PORTNUM 0x400
#define IPMON_LOGALL (IPMON_NAT|IPMON_STATE|IPMON_FILTER)
#define IPMON_LOGBODY 0x800
#define HOSTNAME_V4(a,b) hostname((a), 4, (u_32_t *)&(b))
#ifndef LOGFAC
#define LOGFAC LOG_LOCAL0
#endif
extern void dump_config __P((void));
extern int load_config __P((char *));
extern void unload_config __P((void));
extern void dumphex __P((FILE *, int, char *, int));
extern int check_action __P((char *, char *, int, int));
extern char *getword __P((int));
extern void *add_doing __P((ipmon_saver_t *));

203
contrib/ipfilter/ipsd/Celler/ip_compat.h
View File

@ -1,203 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1995 by Darren Reed.
*
* This code may be freely distributed as long as it retains this notice
* and is not changed in any way. The author accepts no responsibility
* for the use of this software. I hate legaleese, don't you ?
*
* @(#)ip_compat.h 1.1 9/14/95
*/
/*
* These #ifdef's are here mainly for linux, but who knows, they may
* not be in other places or maybe one day linux will grow up and some
* of these will turn up there too.
*/
#ifndef ICMP_UNREACH
# define ICMP_UNREACH ICMP_DEST_UNREACH
#endif
#ifndef ICMP_SOURCEQUENCH
# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH
#endif
#ifndef ICMP_TIMXCEED
# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED
#endif
#ifndef ICMP_PARAMPROB
# define ICMP_PARAMPROB ICMP_PARAMETERPROB
#endif
#ifndef IPVERSION
# define IPVERSION 4
#endif
#ifndef IPOPT_MINOFF
# define IPOPT_MINOFF 4
#endif
#ifndef IPOPT_COPIED
# define IPOPT_COPIED(x) ((x)&0x80)
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#endif
#ifndef IP_MF
# define IP_MF ((u_short)0x2000)
#endif
#ifndef ETHERTYPE_IP
# define ETHERTYPE_IP ((u_short)0x0800)
#endif
#ifndef TH_FIN
# define TH_FIN 0x01
#endif
#ifndef TH_SYN
# define TH_SYN 0x02
#endif
#ifndef TH_RST
# define TH_RST 0x04
#endif
#ifndef TH_PUSH
# define TH_PUSH 0x08
#endif
#ifndef TH_ACK
# define TH_ACK 0x10
#endif
#ifndef TH_URG
# define TH_URG 0x20
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#endif
#ifndef IPOPT_RR
# define IPOPT_RR 7
#endif
#ifndef IPOPT_TS
# define IPOPT_TS 68
#endif
#ifndef IPOPT_SECURITY
# define IPOPT_SECURITY 130
#endif
#ifndef IPOPT_LSRR
# define IPOPT_LSRR 131
#endif
#ifndef IPOPT_SATID
# define IPOPT_SATID 136
#endif
#ifndef IPOPT_SSRR
# define IPOPT_SSRR 137
#endif
#ifndef IPOPT_SECUR_UNCLASS
# define IPOPT_SECUR_UNCLASS ((u_short)0x0000)
#endif
#ifndef IPOPT_SECUR_CONFID
# define IPOPT_SECUR_CONFID ((u_short)0xf135)
#endif
#ifndef IPOPT_SECUR_EFTO
# define IPOPT_SECUR_EFTO ((u_short)0x789a)
#endif
#ifndef IPOPT_SECUR_MMMM
# define IPOPT_SECUR_MMMM ((u_short)0xbc4d)
#endif
#ifndef IPOPT_SECUR_RESTR
# define IPOPT_SECUR_RESTR ((u_short)0xaf13)
#endif
#ifndef IPOPT_SECUR_SECRET
# define IPOPT_SECUR_SECRET ((u_short)0xd788)
#endif
#ifndef IPOPT_SECUR_TOPSECRET
# define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5)
#endif
#ifdef linux
# define icmp icmphdr
# define icmp_type type
# define icmp_code code
/*
* From /usr/include/netinet/ip_var.h
* !%@#!$@# linux...
*/
struct ipovly {
caddr_t ih_next, ih_prev; /* for protocol sequence q's */
u_char ih_x1; /* (unused) */
u_char ih_pr; /* protocol */
short ih_len; /* protocol length */
struct in_addr ih_src; /* source internet address */
struct in_addr ih_dst; /* destination internet address */
};
typedef struct {
__u16 th_sport;
__u16 th_dport;
__u32 th_seq;
__u32 th_ack;
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
defined(vax)
__u8 th_res:4;
__u8 th_off:4;
#else
__u8 th_off:4;
__u8 th_res:4;
#endif
__u8 th_flags;
__u16 th_win;
__u16 th_sum;
__u16 th_urp;
} tcphdr_t;
typedef struct {
__u16 uh_sport;
__u16 uh_dport;
__s16 uh_ulen;
__u16 uh_sum;
} udphdr_t;
typedef struct {
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
defined(vax)
__u8 ip_hl:4;
__u8 ip_v:4;
# else
__u8 ip_hl:4;
__u8 ip_v:4;
# endif
__u8 ip_tos;
__u16 ip_len;
__u16 ip_id;
__u16 ip_off;
__u8 ip_ttl;
__u8 ip_p;
__u16 ip_sum;
struct in_addr ip_src;
struct in_addr ip_dst;
} ip_t;
typedef struct {
__u8 ether_dhost[6];
__u8 ether_shost[6];
__u16 ether_type;
} ether_header_t;
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define ifnet device
#else
typedef struct udphdr udphdr_t;
typedef struct tcphdr tcphdr_t;
typedef struct ip ip_t;
typedef struct ether_header ether_header_t;
#endif
#ifdef solaris
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define bzero(a,b) memset(a,0,b)
#endif

61
contrib/ipfilter/ipsd/Makefile
View File

@ -1,61 +0,0 @@
#
# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
OBJS=ipsd.o
BINDEST=/usr/local/bin
SBINDEST=/sbin
MANDIR=/usr/share/man
BPF=sbpf.o
NIT=snit.o
SUNOS4=
BSD=
LINUX=slinux.o
SUNOS5=dlcommon.o sdlpi.o
CC=gcc
CFLAGS=-g -I.. -I../ipsend
all:
@echo "Use one of these targets:"
@echo " sunos4-nit (standard SunOS 4.1.x)"
@echo " sunos4-bpf (SunOS4.1.x with BPF in the kernel)"
@echo " bsd-bpf (4.4BSD variant with BPF in the kernel)"
@echo " linux (Linux kernels)"
@echo " sunos5 (Solaris 2.x)"
.c.o:
$(CC) $(CFLAGS) -c $< -o $@
ipsdr: ipsdr.o
$(CC) ipsdr.o -o $@ $(LIBS)
bpf sunos4-bpf :
make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS)"
nit sunos4 sunos4-nit :
make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS)"
sunos5 :
make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \
CFLAGS="$(CFLAGS) -Dsolaris" "LIBS=-lsocket -lnsl"
bsd-bpf :
make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS)"
linux :
make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS) -I /usr/src/linux"
ipsd: $(OBJS) $(UNIXOBJS)
$(CC) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS)
../ipft_sn.o ../ipft_pc.o:
(cd ..; make $(@:../%=%))
clean:
rm -rf *.o core a.out ipsd ipsdr

32
contrib/ipfilter/ipsd/README
View File

@ -1,32 +0,0 @@
IP Scan Detetor.
----------------
This program is designed to be a passive listener for TCP packets sent to
the host. It does not exercise the promiscous mode of interfaces. For
routing Unix boxes (and firewalls which route/proxy) this is sufficient to
detect all packets going to/through them.
Upon compiling, a predefined set of "sensitive" ports are configured into
the program. Any TCP packets which are seen sent to these ports are counted
and the IP# of the sending host recorded, along with the time of the first
packet to that port for that IP#.
After a given number of "hits", it will write the current table of packets
out to disk. This number defaults to 10,000.
To analyze the information written to disk, a sample program called "ipsdr"
is used (should but doesn't implement a tree algorithm for storing data)
which reads all log files it recognises and totals up the number of ports
each host hit. By default, all ports have the same weighting (1). Another
group of passes is then made over this table using a netmask of 0xfffffffe,
grouping all results which fall under the same resulting IP#. This netmask
is then shrunk back to 0, with a output for each level given. This is aimed
at detecting port scans done from different hosts on the same subnet (although
I've not seen this done, if one was trying to do it obscurely...)
Lastly, being passive means that no action is taken to stop port scans being
done or discourage them.
Darren
darrenr@pobox.com

296
contrib/ipfilter/ipsd/ipsd.c
View File

@ -1,296 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1995-1998 Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>
#include <fcntl.h>
#include <signal.h>
#include <stdlib.h>
#include <netdb.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#ifndef linux
#include <netinet/ip_var.h>
#include <netinet/tcpip.h>
#endif
#include "ip_compat.h"
#ifdef linux
#include <linux/sockios.h>
#include "tcpip.h"
#endif
#include "ipsd.h"
#ifndef lint
static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
extern char *optarg;
extern int optind;
#ifdef linux
char default_device[] = "eth0";
#else
# ifdef sun
char default_device[] = "le0";
# else
# ifdef ultrix
char default_device[] = "ln0";
# else
char default_device[] = "lan0";
# endif
# endif
#endif
#define NPORTS 21
u_short defports[NPORTS] = {
7, 9, 20, 21, 23, 25, 53, 69, 79, 111,
123, 161, 162, 512, 513, 514, 515, 520, 540, 6000, 0
};
ipsd_t *iphits[NPORTS];
int writes = 0;
int ipcmp(sh1, sh2)
sdhit_t *sh1, *sh2;
{
return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr;
}
/*
* Check to see if we've already received a packet from this host for this
* port.
*/
int findhit(ihp, src, dport)
ipsd_t *ihp;
struct in_addr src;
u_short dport;
{
int i, j, k;
sdhit_t *sh;
sh = NULL;
if (ihp->sd_sz == 4) {
for (i = 0, sh = ihp->sd_hit; i < ihp->sd_cnt; i++, sh++)
if (src.s_addr == sh->sh_ip.s_addr)
return 1;
} else {
for (i = ihp->sd_cnt / 2, j = (i / 2) - 1; j >= 0; j--) {
k = ihp->sd_hit[i].sh_ip.s_addr - src.s_addr;
if (!k)
return 1;
else if (k < 0)
i -= j;
else
i += j;
}
}
return 0;
}
/*
* Search for port number amongst the sorted array of targets we're
* interested in.
*/
int detect(ip, tcp)
ip_t *ip;
tcphdr_t *tcp;
{
ipsd_t *ihp;
sdhit_t *sh;
int i, j, k;
for (i = 10, j = 4; j >= 0; j--) {
k = tcp->th_dport - defports[i];
if (!k) {
ihp = iphits[i];
if (findhit(ihp, ip->ip_src, tcp->th_dport))
return 0;
sh = ihp->sd_hit + ihp->sd_cnt;
sh->sh_date = time(NULL);
sh->sh_ip.s_addr = ip->ip_src.s_addr;
if (++ihp->sd_cnt == ihp->sd_sz)
{
ihp->sd_sz += 8;
sh = realloc(sh, ihp->sd_sz * sizeof(*sh));
ihp->sd_hit = sh;
}
qsort(sh, ihp->sd_cnt, sizeof(*sh), ipcmp);
return 0;
}
if (k < 0)
i -= j;
else
i += j;
}
return -1;
}
/*
* Allocate initial storage for hosts
*/
setuphits()
{
int i;
for (i = 0; i < NPORTS; i++) {
if (iphits[i]) {
if (iphits[i]->sd_hit)
free(iphits[i]->sd_hit);
free(iphits[i]);
}
iphits[i] = (ipsd_t *)malloc(sizeof(ipsd_t));
iphits[i]->sd_port = defports[i];
iphits[i]->sd_cnt = 0;
iphits[i]->sd_sz = 4;
iphits[i]->sd_hit = (sdhit_t *)malloc(sizeof(sdhit_t) * 4);
}
}
/*
* cleanup exits
*/
waiter()
{
wait(0);
}
/*
* Write statistics out to a file
*/
writestats(nwrites)
int nwrites;
{
ipsd_t **ipsd, *ips;
char fname[32];
int i, fd;
(void) sprintf(fname, "/var/log/ipsd/ipsd-hits.%d", nwrites);
fd = open(fname, O_RDWR|O_CREAT|O_TRUNC|O_EXCL, 0644);
for (i = 0, ipsd = iphits; i < NPORTS; i++, ipsd++) {
ips = *ipsd;
if (ips->sd_cnt) {
write(fd, ips, sizeof(ipsd_t));
write(fd, ips->sd_hit, sizeof(sdhit_t) * ips->sd_sz);
}
}
(void) close(fd);
exit(0);
}
void writenow()
{
signal(SIGCHLD, waiter);
switch (fork())
{
case 0 :
writestats(writes);
exit(0);
case -1 :
perror("vfork");
break;
default :
writes++;
setuphits();
break;
}
}
void usage(prog)
char *prog;
{
fprintf(stderr, "Usage: %s [-d device]\n", prog);
exit(1);
}
void detecthits(fd, writecount)
int fd, writecount;
{
struct in_addr ip;
int hits = 0;
while (1) {
hits += readloop(fd, ip);
if (hits > writecount) {
writenow();
hits = 0;
}
}
}
main(argc, argv)
int argc;
char *argv[];
{
char *name = argv[0], *dev = NULL;
int fd, writeafter = 10000, angelic = 0, c;
while ((c = getopt(argc, argv, "ad:n:")) != -1)
switch (c)
{
case 'a' :
angelic = 1;
break;
case 'd' :
dev = optarg;
break;
case 'n' :
writeafter = atoi(optarg);
break;
default :
fprintf(stderr, "Unknown option \"%c\"\n", c);
usage(name);
}
bzero(iphits, sizeof(iphits));
setuphits();
if (!dev)
dev = default_device;
printf("Device: %s\n", dev);
fd = initdevice(dev, 60);
if (!angelic) {
switch (fork())
{
case 0 :
(void) close(0);
(void) close(1);
(void) close(2);
(void) setpgrp(0, getpgrp());
(void) setsid();
break;
case -1:
perror("fork");
exit(-1);
default:
exit(0);
}
}
signal(SIGUSR1, writenow);
detecthits(fd, writeafter);
}

28
contrib/ipfilter/ipsd/ipsd.h
View File

@ -1,28 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1995-1998 Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipsd.h 1.3 12/3/95
*/
typedef struct {
time_t sh_date;
struct in_addr sh_ip;
} sdhit_t;
typedef struct {
u_int sd_sz;
u_int sd_cnt;
u_short sd_port;
sdhit_t *sd_hit;
} ipsd_t;
typedef struct {
struct in_addr ss_ip;
int ss_hits;
u_long ss_ports;
} ipss_t;

314
contrib/ipfilter/ipsd/ipsdr.c
View File

@ -1,314 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1995-1998 Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>
#include <fcntl.h>
#include <signal.h>
#include <malloc.h>
#include <netdb.h>
#include <string.h>
#include <sys/dir.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#ifndef linux
#include <netinet/ip_var.h>
#include <netinet/tcpip.h>
#endif
#include "ip_compat.h"
#ifdef linux
#include <linux/sockios.h>
#include "tcpip.h"
#endif
#include "ipsd.h"
#ifndef lint
static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
extern char *optarg;
extern int optind;
#define NPORTS 21
u_short defports[NPORTS] = {
7, 9, 20, 21, 23, 25, 53, 69, 79, 111,
123, 161, 162, 512, 513, 513, 515, 520, 540, 6000, 0
};
u_short pweights[NPORTS] = {
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1
};
ipsd_t *iphits[NPORTS];
int pkts;
int ipcmp(sh1, sh2)
sdhit_t *sh1, *sh2;
{
return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr;
}
int ssipcmp(sh1, sh2)
ipss_t *sh1, *sh2;
{
return sh1->ss_ip.s_addr - sh2->ss_ip.s_addr;
}
int countpbits(num)
u_long num;
{
int i, j;
for (i = 1, j = 0; i; i <<= 1)
if (num & i)
j++;
return j;
}
/*
* Check to see if we've already received a packet from this host for this
* port.
*/
int findhit(ihp, src, dport)
ipsd_t *ihp;
struct in_addr src;
u_short dport;
{
int i, j, k;
sdhit_t *sh;
sh = NULL;
if (ihp->sd_sz == 4) {
for (i = 0, sh = ihp->sd_hit; i < ihp->sd_cnt; i++, sh++)
if (src.s_addr == sh->sh_ip.s_addr)
return 1;
} else {
for (i = ihp->sd_cnt / 2, j = (i / 2) - 1; j >= 0; j--) {
k = ihp->sd_hit[i].sh_ip.s_addr - src.s_addr;
if (!k)
return 1;
else if (k < 0)
i -= j;
else
i += j;
}
}
return 0;
}
/*
* Search for port number amongst the sorted array of targets we're
* interested in.
*/
int detect(srcip, dport, date)
struct in_addr srcip;
u_short dport;
time_t date;
{
ipsd_t *ihp;
sdhit_t *sh;
int i, j, k;
for (i = 10, j = 4; j >= 0; j--) {
k = dport - defports[i];
if (!k) {
ihp = iphits[i];
if (findhit(ihp, srcip, dport))
return 0;
sh = ihp->sd_hit + ihp->sd_cnt;
sh->sh_date = date;
sh->sh_ip = srcip;
if (++ihp->sd_cnt == ihp->sd_sz)
{
ihp->sd_sz += 8;
sh = realloc(sh, ihp->sd_sz * sizeof(*sh));
ihp->sd_hit = sh;
}
qsort(sh, ihp->sd_cnt, sizeof(*sh), ipcmp);
return 0;
}
if (k < 0)
i -= j;
else
i += j;
}
return -1;
}
/*
* Allocate initial storage for hosts
*/
setuphits()
{
int i;
for (i = 0; i < NPORTS; i++) {
if (iphits[i]) {
if (iphits[i]->sd_hit)
free(iphits[i]->sd_hit);
free(iphits[i]);
}
iphits[i] = (ipsd_t *)malloc(sizeof(ipsd_t));
iphits[i]->sd_port = defports[i];
iphits[i]->sd_cnt = 0;
iphits[i]->sd_sz = 4;
iphits[i]->sd_hit = (sdhit_t *)malloc(sizeof(sdhit_t) * 4);
}
}
/*
* Write statistics out to a file
*/
addfile(file)
char *file;
{
ipsd_t ipsd, *ips = &ipsd;
sdhit_t hit, *hp;
char fname[32];
int i, fd, sz;
if ((fd = open(file, O_RDONLY)) == -1) {
perror("open");
return;
}
printf("opened %s\n", file);
do {
if (read(fd, ips, sizeof(*ips)) != sizeof(*ips))
break;
sz = ips->sd_sz * sizeof(*hp);
hp = (sdhit_t *)malloc(sz);
if (read(fd, hp, sz) != sz)
break;
for (i = 0; i < ips->sd_cnt; i++)
detect(hp[i].sh_ip, ips->sd_port, hp[i].sh_date);
} while (1);
(void) close(fd);
}
readfiles(dir)
char *dir;
{
struct direct **d;
int i, j;
d = NULL;
i = scandir(dir, &d, NULL, NULL);
for (j = 0; j < i; j++) {
if (strncmp(d[j]->d_name, "ipsd-hits.", 10))
continue;
addfile(d[j]->d_name);
}
}
void printreport(ss, num)
ipss_t *ss;
int num;
{
struct in_addr ip;
ipss_t *sp;
int i, j, mask;
u_long ports;
printf("Hosts detected: %d\n", num);
if (!num)
return;
for (i = 0; i < num; i++)
printf("%s %d %d\n", inet_ntoa(ss[i].ss_ip), ss[i].ss_hits,
countpbits(ss[i].ss_ports));
printf("--------------------------\n");
for (mask = 0xfffffffe, j = 32; j; j--, mask <<= 1) {
ip.s_addr = ss[0].ss_ip.s_addr & mask;
ports = ss[0].ss_ports;
for (i = 1; i < num; i++) {
sp = ss + i;
if (ip.s_addr != (sp->ss_ip.s_addr & mask)) {
printf("Netmask: 0x%08x\n", mask);
printf("%s %d\n", inet_ntoa(ip),
countpbits(ports));
ip.s_addr = sp->ss_ip.s_addr & mask;
ports = 0;
}
ports |= sp->ss_ports;
}
if (ports) {
printf("Netmask: 0x%08x\n", mask);
printf("%s %d\n", inet_ntoa(ip), countpbits(ports));
}
}
}
collectips()
{
ipsd_t *ips;
ipss_t *ss;
int i, num, nip, in, j, k;
for (i = 0; i < NPORTS; i++)
nip += iphits[i]->sd_cnt;
ss = (ipss_t *)malloc(sizeof(ipss_t) * nip);
for (in = 0, i = 0, num = 0; i < NPORTS; i++) {
ips = iphits[i];
for (j = 0; j < ips->sd_cnt; j++) {
for (k = 0; k < num; k++)
if (!bcmp(&ss[k].ss_ip, &ips->sd_hit[j].sh_ip,
sizeof(struct in_addr))) {
ss[k].ss_hits += pweights[i];
ss[k].ss_ports |= (1 << i);
break;
}
if (k == num) {
ss[num].ss_ip = ips->sd_hit[j].sh_ip;
ss[num].ss_hits = pweights[i];
ss[k].ss_ports |= (1 << i);
num++;
}
}
}
qsort(ss, num, sizeof(*ss), ssipcmp);
printreport(ss, num);
}
main(argc, argv)
int argc;
char *argv[];
{
char c, *name = argv[0], *dir = NULL;
int fd;
setuphits();
dir = dir ? dir : ".";
readfiles(dir);
collectips();
}

17
contrib/ipfilter/ipsd/linux.h
View File

@ -1,17 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)linux.h 1.1 8/19/95
*/
#include <linux/config.h>
#ifdef MODULE
#include <linux/module.h>
#include <linux/version.h>
#endif /* MODULE */
#include "ip_compat.h"

210
contrib/ipfilter/ipsd/sbpf.c
View File

@ -1,210 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1995-1998 Darren Reed. (from tcplog)
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>
#include <netdb.h>
#include <ctype.h>
#include <signal.h>
#include <errno.h>
#ifdef __NetBSD__
# include <paths.h>
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/mbuf.h>
#include <sys/time.h>
#include <sys/timeb.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#if BSD < 199103
#include <sys/fcntlcom.h>
#endif
#include <sys/dir.h>
#include <net/bpf.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/if_ether.h>
#include <netinet/ip_var.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include "ip_compat.h"
#ifndef lint
static char sbpf[] = "@(#)sbpf.c 1.2 12/3/95 (C)1995 Darren Reed";
#endif
/*
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 5
(002) ldb [23]
(003) jeq #0x6 jt 4 jf 5
(004) ret #68
(005) ret #0
*/
struct bpf_insn filter[] = {
/* 0. */ { BPF_LD|BPF_H|BPF_ABS, 0, 0, 12 },
/* 1. */ { BPF_JMP|BPF_JEQ, 0, 3, 0x0800 },
/* 2. */ { BPF_LD|BPF_B|BPF_ABS, 0, 0, 23 },
/* 3. */ { BPF_JMP|BPF_JEQ, 0, 1, 0x06 },
/* 4. */ { BPF_RET, 0, 0, 68 },
/* 5. */ { BPF_RET, 0, 0, 0 }
};
/*
* the code herein is dervied from libpcap.
*/
static u_char *buf = NULL;
static u_int bufsize = 32768, timeout = 1;
int ack_recv(ep)
char *ep;
{
struct tcpiphdr tip;
tcphdr_t *tcp;
ip_t *ip;
ip = (ip_t *)&tip;
tcp = (tcphdr_t *)(ip + 1);
bcopy(ep + 14, (char *)ip, sizeof(*ip));
bcopy(ep + 14 + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp));
if (ip->ip_p != IPPROTO_TCP && ip->ip_p != IPPROTO_UDP)
return -1;
if (ip->ip_p & 0x1fff != 0)
return 0;
if (0 == detect(ip, tcp))
return 1;
return 0;
}
int readloop(fd, port, dst)
int fd, port;
struct in_addr dst;
{
register u_char *bp, *cp, *bufend;
register struct bpf_hdr *bh;
register int cc;
time_t in = time(NULL);
int done = 0;
while ((cc = read(fd, buf, bufsize)) >= 0) {
if (!cc && (time(NULL) - in) > timeout)
return done;
bp = buf;
bufend = buf + cc;
/*
* loop through each snapshot in the chunk
*/
while (bp < bufend) {
bh = (struct bpf_hdr *)bp;
cp = bp + bh->bh_hdrlen;
done += ack_recv(cp);
bp += BPF_WORDALIGN(bh->bh_caplen + bh->bh_hdrlen);
}
return done;
}
perror("read");
exit(-1);
}
int initdevice(device, tout)
char *device;
int tout;
{
struct bpf_program prog;
struct bpf_version bv;
struct timeval to;
struct ifreq ifr;
#ifdef _PATH_BPF
char *bpfname = _PATH_BPF;
int fd;
if ((fd = open(bpfname, O_RDWR)) < 0)
{
fprintf(stderr, "no bpf devices available as /dev/bpfxx\n");
return -1;
}
#else
char bpfname[16];
int fd = -1, i;
for (i = 0; i < 16; i++)
{
(void) sprintf(bpfname, "/dev/bpf%d", i);
if ((fd = open(bpfname, O_RDWR)) >= 0)
break;
}
if (i == 16)
{
fprintf(stderr, "no bpf devices available as /dev/bpfxx\n");
return -1;
}
#endif
if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0)
{
perror("BIOCVERSION");
return -1;
}
if (bv.bv_major != BPF_MAJOR_VERSION ||
bv.bv_minor < BPF_MINOR_VERSION)
{
fprintf(stderr, "kernel bpf (v%d.%d) filter out of date:\n",
bv.bv_major, bv.bv_minor);
fprintf(stderr, "current version: %d.%d\n",
BPF_MAJOR_VERSION, BPF_MINOR_VERSION);
return -1;
}
(void) strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
if (ioctl(fd, BIOCSETIF, &ifr) == -1)
{
fprintf(stderr, "%s(%d):", ifr.ifr_name, fd);
perror("BIOCSETIF");
exit(1);
}
/*
* set the timeout
*/
timeout = tout;
to.tv_sec = 1;
to.tv_usec = 0;
if (ioctl(fd, BIOCSRTIMEOUT, (caddr_t)&to) == -1)
{
perror("BIOCSRTIMEOUT");
exit(-1);
}
/*
* get kernel buffer size
*/
if (ioctl(fd, BIOCSBLEN, &bufsize) == -1)
perror("BIOCSBLEN");
if (ioctl(fd, BIOCGBLEN, &bufsize) == -1)
{
perror("BIOCGBLEN");
exit(-1);
}
printf("BPF buffer size: %d\n", bufsize);
buf = (u_char*)malloc(bufsize);
prog.bf_len = sizeof(filter) / sizeof(struct bpf_insn);
prog.bf_insns = filter;
if (ioctl(fd, BIOCSETF, (caddr_t)&prog) == -1)
{
perror("BIOCSETF");
exit(-1);
}
(void) ioctl(fd, BIOCFLUSH, 0);
return fd;
}

261
contrib/ipfilter/ipsd/sdlpi.c
View File

@ -1,261 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>
#include <netdb.h>
#include <ctype.h>
#include <fcntl.h>
#include <signal.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/timeb.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/stropts.h>
#include <sys/pfmod.h>
#include <sys/bufmod.h>
#include <sys/dlpi.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/if_ether.h>
#include <netinet/ip_var.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include "ip_compat.h"
#ifndef lint
static char snitid[] = "%W% %G% (C)1995 Darren Reed";
#endif
#define BUFSPACE 32768
static int solfd;
/*
* Be careful to only include those defined in the flags option for the
* interface are included in the header size.
*/
static int timeout;
void nullbell()
{
return 0;
}
int ack_recv(ep)
char *ep;
{
struct tcpiphdr tip;
tcphdr_t *tcp;
ip_t *ip;
ip = (ip_t *)&tip;
tcp = (tcphdr_t *)(ip + 1);
bcopy(ep, (char *)ip, sizeof(*ip));
bcopy(ep + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp));
if (ip->ip_off & 0x1fff != 0)
return 0;
if (0 == detect(ip, tcp))
return 1;
return 0;
}
int readloop(fd, port, dst)
int fd, port;
struct in_addr dst;
{
static u_char buf[BUFSPACE];
register u_char *bp, *cp, *bufend;
register struct sb_hdr *hp;
register int cc;
struct strbuf dbuf;
ether_header_t eh;
time_t now = time(NULL);
int flags = 0, i, done = 0;
fd = solfd;
dbuf.len = 0;
dbuf.buf = buf;
dbuf.maxlen = sizeof(buf);
/*
* no control data buffer...
*/
while (1) {
(void) signal(SIGALRM, nullbell);
alarm(1);
i = getmsg(fd, NULL, &dbuf, &flags);
alarm(0);
(void) signal(SIGALRM, nullbell);
cc = dbuf.len;
if ((time(NULL) - now) > timeout)
return done;
if (i == -1)
if (errno == EINTR)
continue;
else
break;
bp = buf;
bufend = buf + cc;
/*
* loop through each snapshot in the chunk
*/
while (bp < bufend) {
/*
* get past bufmod header
*/
hp = (struct sb_hdr *)bp;
cp = (u_char *)((char *)bp + sizeof(*hp));
bcopy(cp, (char *)&eh, sizeof(eh));
/*
* next snapshot
*/
bp += hp->sbh_totlen;
cc -= hp->sbh_totlen;
if (eh.ether_type != ETHERTYPE_IP)
continue;
cp += sizeof(eh);
done += ack_recv(cp);
}
alarm(1);
}
perror("getmsg");
exit(-1);
}
int initdevice(device, tout)
char *device;
int tout;
{
struct strioctl si;
struct timeval to;
struct ifreq ifr;
struct packetfilt pfil;
u_long if_flags;
u_short *fwp = pfil.Pf_Filter;
char devname[16], *s, buf[256];
int i, offset, fd, snaplen= 58, chunksize = BUFSPACE;
(void) sprintf(devname, "/dev/%s", device);
s = devname + 5;
while (*s && !ISDIGIT(*s))
s++;
if (!*s)
{
fprintf(stderr, "bad device name %s\n", devname);
exit(-1);
}
i = atoi(s);
*s = '\0';
/*
* For reading
*/
if ((fd = open(devname, O_RDWR)) < 0)
{
fprintf(stderr, "O_RDWR(0) ");
perror(devname);
exit(-1);
}
if (dlattachreq(fd, i) == -1 || dlokack(fd, buf) == -1)
{
fprintf(stderr, "DLPI error\n");
exit(-1);
}
dlbindreq(fd, ETHERTYPE_IP, 0, DL_CLDLS, 0, 0);
dlbindack(fd, buf);
/*
* read full headers
*/
if (strioctl(fd, DLIOCRAW, -1, 0, NULL) == -1)
{
fprintf(stderr, "DLIOCRAW error\n");
exit(-1);
}
/*
* Create some filter rules for our TCP watcher. We only want ethernet
* pacets which are IP protocol and only the TCP packets from IP.
*/
offset = 6;
*fwp++ = ENF_PUSHWORD + offset;
*fwp++ = ENF_PUSHLIT | ENF_CAND;
*fwp++ = htons(ETHERTYPE_IP);
*fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4;
*fwp++ = ENF_PUSHLIT | ENF_AND;
*fwp++ = htons(0x00ff);
*fwp++ = ENF_PUSHLIT | ENF_COR;
*fwp++ = htons(IPPROTO_TCP);
*fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4;
*fwp++ = ENF_PUSHLIT | ENF_AND;
*fwp++ = htons(0x00ff);
*fwp++ = ENF_PUSHLIT | ENF_CAND;
*fwp++ = htons(IPPROTO_UDP);
pfil.Pf_FilterLen = (fwp - &pfil.Pf_Filter[0]);
/*
* put filter in place.
*/
if (ioctl(fd, I_PUSH, "pfmod") == -1)
{
perror("ioctl: I_PUSH pf");
exit(1);
}
if (strioctl(fd, PFIOCSETF, -1, sizeof(pfil), (char *)&pfil) == -1)
{
perror("ioctl: PFIOCSETF");
exit(1);
}
/*
* arrange to get messages from the NIT STREAM and use NIT_BUF option
*/
if (ioctl(fd, I_PUSH, "bufmod") == -1)
{
perror("ioctl: I_PUSH bufmod");
exit(1);
}
i = 128;
strioctl(fd, SBIOCSSNAP, -1, sizeof(i), (char *)&i);
/*
* set the timeout
*/
to.tv_sec = 1;
to.tv_usec = 0;
if (strioctl(fd, SBIOCSTIME, -1, sizeof(to), (char *)&to) == -1)
{
perror("strioctl(SBIOCSTIME)");
exit(-1);
}
/*
* flush read queue
*/
if (ioctl(fd, I_FLUSH, FLUSHR) == -1)
{
perror("I_FLUSHR");
exit(-1);
}
timeout = tout;
solfd = fd;
return fd;
}

118
contrib/ipfilter/ipsd/slinux.c
View File

@ -1,118 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>
#include <netdb.h>
#include <ctype.h>
#include <signal.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/timeb.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/dir.h>
#include <linux/netdevice.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include "ip_compat.h"
#include "tcpip.h"
#ifndef lint
static const char sccsid[] = "@(#)slinux.c 1.1 12/3/95 (C) 1995 Darren Reed";
#endif
#define BUFSPACE 32768
/*
* Be careful to only include those defined in the flags option for the
* interface are included in the header size.
*/
static int timeout;
static char *eth_dev = NULL;
int ack_recv(bp)
char *bp;
{
struct tcpip tip;
tcphdr_t *tcp;
ip_t *ip;
ip = (struct ip *)&tip;
tcp = (tcphdr_t *)(ip + 1);
bcopy(bp, (char *)&tip, sizeof(tip));
bcopy(bp + (ip.ip_hl << 2), (char *)tcp, sizeof(*tcp));
if (0 == detect(ip, tcp))
return 1;
return 0;
}
void readloop(fd, port, dst)
int fd, port;
struct in_addr dst;
{
static u_char buf[BUFSPACE];
struct sockaddr dest;
register u_char *bp = buf;
register int cc;
int dlen, done = 0;
time_t now = time(NULL);
do {
fflush(stdout);
dlen = sizeof(dest);
bzero((char *)&dest, dlen);
cc = recvfrom(fd, buf, BUFSPACE, 0, &dest, &dlen);
if (!cc)
if ((time(NULL) - now) > timeout)
return done;
else
continue;
if (bp[12] != 0x8 || bp[13] != 0)
continue; /* not ip */
/*
* get rid of non-tcp or fragmented packets here.
*/
if (cc >= sizeof(struct tcpiphdr))
{
if (((bp[14+9] != IPPROTO_TCP) &&
(bp[14+9] != IPPROTO_UDP)) ||
(bp[14+6] & 0x1f) || (bp[14+6] & 0xff))
continue;
done += ack_recv(bp + 14);
}
} while (cc >= 0);
perror("read");
exit(-1);
}
int initdevice(dev, tout)
char *dev;
int tout;
{
int fd;
eth_dev = strdup(dev);
if ((fd = socket(AF_INET, SOCK_PACKET, htons(ETHERTYPE_IP))) == -1)
{
perror("socket(SOCK_PACKET)");
exit(-1);
}
return fd;
}

228
contrib/ipfilter/ipsd/snit.c
View File

@ -1,228 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>
#include <netdb.h>
#include <ctype.h>
#include <signal.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/timeb.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <net/nit.h>
#include <sys/fcntlcom.h>
#include <sys/dir.h>
#include <net/nit_if.h>
#include <net/nit_pf.h>
#include <net/nit_buf.h>
#include <net/packetfilt.h>
#include <sys/stropts.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/if_ether.h>
#include <netinet/ip_var.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#ifndef lint
static char snitid[] = "@(#)snit.c 1.2 12/3/95 (C)1995 Darren Reed";
#endif
#define BUFSPACE 32768
/*
* Be careful to only include those defined in the flags option for the
* interface are included in the header size.
*/
#define BUFHDR_SIZE (sizeof(struct nit_bufhdr))
#define NIT_HDRSIZE (BUFHDR_SIZE)
static int timeout;
int ack_recv(ep)
char *ep;
{
struct tcpiphdr tip;
struct tcphdr *tcp;
struct ip *ip;
ip = (struct ip *)&tip;
tcp = (struct tcphdr *)(ip + 1);
bcopy(ep + 14, (char *)ip, sizeof(*ip));
bcopy(ep + 14 + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp));
if (ip->ip_off & 0x1fff != 0)
return 0;
if (0 == detect(ip, tcp))
return 1;
return 0;
}
int readloop(fd, dst)
int fd;
struct in_addr dst;
{
static u_char buf[BUFSPACE];
register u_char *bp, *cp, *bufend;
register struct nit_bufhdr *hp;
register int cc;
time_t now = time(NULL);
int done = 0;
while ((cc = read(fd, buf, BUFSPACE-1)) >= 0) {
if (!cc)
if ((time(NULL) - now) > timeout)
return done;
else
continue;
bp = buf;
bufend = buf + cc;
/*
* loop through each snapshot in the chunk
*/
while (bp < bufend) {
cp = (u_char *)((char *)bp + NIT_HDRSIZE);
/*
* get past NIT buffer
*/
hp = (struct nit_bufhdr *)bp;
/*
* next snapshot
*/
bp += hp->nhb_totlen;
done += ack_recv(cp);
}
return done;
}
perror("read");
exit(-1);
}
int initdevice(device, tout)
char *device;
int tout;
{
struct strioctl si;
struct timeval to;
struct ifreq ifr;
struct packetfilt pfil;
u_long if_flags;
u_short *fwp = pfil.Pf_Filter;
int ret, offset, fd, snaplen= 76, chunksize = BUFSPACE;
if ((fd = open("/dev/nit", O_RDWR)) < 0)
{
perror("/dev/nit");
exit(-1);
}
/*
* Create some filter rules for our TCP watcher. We only want ethernet
* pacets which are IP protocol and only the TCP packets from IP.
*/
offset = 6;
*fwp++ = ENF_PUSHWORD + offset;
*fwp++ = ENF_PUSHLIT | ENF_CAND;
*fwp++ = htons(ETHERTYPE_IP);
*fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4;
*fwp++ = ENF_PUSHLIT | ENF_AND;
*fwp++ = htons(0x00ff);
*fwp++ = ENF_PUSHLIT | ENF_COR;
*fwp++ = htons(IPPROTO_TCP);
*fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4;
*fwp++ = ENF_PUSHLIT | ENF_AND;
*fwp++ = htons(0x00ff);
*fwp++ = ENF_PUSHLIT | ENF_CAND;
*fwp++ = htons(IPPROTO_UDP);
pfil.Pf_FilterLen = fwp - &pfil.Pf_Filter[0];
/*
* put filter in place.
*/
if (ioctl(fd, I_PUSH, "pf") == -1)
{
perror("ioctl: I_PUSH pf");
exit(1);
}
if (ioctl(fd, NIOCSETF, &pfil) == -1)
{
perror("ioctl: NIOCSETF");
exit(1);
}
/*
* arrange to get messages from the NIT STREAM and use NIT_BUF option
*/
ioctl(fd, I_SRDOPT, (char*)RMSGD);
ioctl(fd, I_PUSH, "nbuf");
/*
* set the timeout
*/
timeout = tout;
si.ic_timout = 1;
to.tv_sec = 1;
to.tv_usec = 0;
si.ic_cmd = NIOCSTIME;
si.ic_len = sizeof(to);
si.ic_dp = (char*)&to;
if (ioctl(fd, I_STR, (char*)&si) == -1)
{
perror("ioctl: NIT timeout");
exit(-1);
}
/*
* set the chunksize
*/
si.ic_cmd = NIOCSCHUNK;
si.ic_len = sizeof(chunksize);
si.ic_dp = (char*)&chunksize;
if (ioctl(fd, I_STR, (char*)&si) == -1)
perror("ioctl: NIT chunksize");
if (ioctl(fd, NIOCGCHUNK, (char*)&chunksize) == -1)
{
perror("ioctl: NIT chunksize");
exit(-1);
}
printf("NIT buffer size: %d\n", chunksize);
/*
* request the interface
*/
strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = ' ';
si.ic_cmd = NIOCBIND;
si.ic_len = sizeof(ifr);
si.ic_dp = (char*)&ifr;
if (ioctl(fd, I_STR, (char*)&si) == -1)
{
perror(ifr.ifr_name);
exit(1);
}
/*
* set the snapshot length
*/
si.ic_cmd = NIOCSSNAP;
si.ic_len = sizeof(snaplen);
si.ic_dp = (char*)&snaplen;
if (ioctl(fd, I_STR, (char*)&si) == -1)
{
perror("ioctl: NIT snaplen");
exit(1);
}
(void) ioctl(fd, I_FLUSH, (char*)FLUSHR);
return fd;
}

244
contrib/ipfilter/ipsend/.OLD/ip_compat.h
View File

@ -1,244 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1995 by Darren Reed.
*
* This code may be freely distributed as long as it retains this notice
* and is not changed in any way. The author accepts no responsibility
* for the use of this software. I hate legaleese, don't you ?
*
* @(#)ip_compat.h 1.2 12/7/95
*/
/*
* These #ifdef's are here mainly for linux, but who knows, they may
* not be in other places or maybe one day linux will grow up and some
* of these will turn up there too.
*/
#ifndef ICMP_UNREACH
# define ICMP_UNREACH ICMP_DEST_UNREACH
#endif
#ifndef ICMP_SOURCEQUENCH
# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH
#endif
#ifndef ICMP_TIMXCEED
# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED
#endif
#ifndef ICMP_PARAMPROB
# define ICMP_PARAMPROB ICMP_PARAMETERPROB
#endif
#ifndef IPVERSION
# define IPVERSION 4
#endif
#ifndef IPOPT_MINOFF
# define IPOPT_MINOFF 4
#endif
#ifndef IPOPT_COPIED
# define IPOPT_COPIED(x) ((x)&0x80)
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#endif
#ifndef IP_MF
# define IP_MF ((u_short)0x2000)
#endif
#ifndef ETHERTYPE_IP
# define ETHERTYPE_IP ((u_short)0x0800)
#endif
#ifndef TH_FIN
# define TH_FIN 0x01
#endif
#ifndef TH_SYN
# define TH_SYN 0x02
#endif
#ifndef TH_RST
# define TH_RST 0x04
#endif
#ifndef TH_PUSH
# define TH_PUSH 0x08
#endif
#ifndef TH_ACK
# define TH_ACK 0x10
#endif
#ifndef TH_URG
# define TH_URG 0x20
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#endif
#ifndef IPOPT_RR
# define IPOPT_RR 7
#endif
#ifndef IPOPT_TS
# define IPOPT_TS 68
#endif
#ifndef IPOPT_SECURITY
# define IPOPT_SECURITY 130
#endif
#ifndef IPOPT_LSRR
# define IPOPT_LSRR 131
#endif
#ifndef IPOPT_SATID
# define IPOPT_SATID 136
#endif
#ifndef IPOPT_SSRR
# define IPOPT_SSRR 137
#endif
#ifndef IPOPT_SECUR_UNCLASS
# define IPOPT_SECUR_UNCLASS ((u_short)0x0000)
#endif
#ifndef IPOPT_SECUR_CONFID
# define IPOPT_SECUR_CONFID ((u_short)0xf135)
#endif
#ifndef IPOPT_SECUR_EFTO
# define IPOPT_SECUR_EFTO ((u_short)0x789a)
#endif
#ifndef IPOPT_SECUR_MMMM
# define IPOPT_SECUR_MMMM ((u_short)0xbc4d)
#endif
#ifndef IPOPT_SECUR_RESTR
# define IPOPT_SECUR_RESTR ((u_short)0xaf13)
#endif
#ifndef IPOPT_SECUR_SECRET
# define IPOPT_SECUR_SECRET ((u_short)0xd788)
#endif
#ifndef IPOPT_SECUR_TOPSECRET
# define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5)
#endif
#ifdef linux
# if LINUX < 0200
# define icmp icmphdr
# define icmp_type type
# define icmp_code code
# endif
/*
* From /usr/include/netinet/ip_var.h
* !%@#!$@# linux...
*/
struct ipovly {
caddr_t ih_next, ih_prev; /* for protocol sequence q's */
u_char ih_x1; /* (unused) */
u_char ih_pr; /* protocol */
short ih_len; /* protocol length */
struct in_addr ih_src; /* source internet address */
struct in_addr ih_dst; /* destination internet address */
};
typedef struct {
__u16 th_sport;
__u16 th_dport;
__u32 th_seq;
__u32 th_ack;
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
defined(vax)
__u8 th_res:4;
__u8 th_off:4;
#else
__u8 th_off:4;
__u8 th_res:4;
#endif
__u8 th_flags;
__u16 th_win;
__u16 th_sum;
__u16 th_urp;
} tcphdr_t;
typedef struct {
__u16 uh_sport;
__u16 uh_dport;
__s16 uh_ulen;
__u16 uh_sum;
} udphdr_t;
typedef struct {
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
defined(vax)
__u8 ip_hl:4;
__u8 ip_v:4;
# else
__u8 ip_hl:4;
__u8 ip_v:4;
# endif
__u8 ip_tos;
__u16 ip_len;
__u16 ip_id;
__u16 ip_off;
__u8 ip_ttl;
__u8 ip_p;
__u16 ip_sum;
struct in_addr ip_src;
struct in_addr ip_dst;
} ip_t;
typedef struct {
__u8 ether_dhost[6];
__u8 ether_shost[6];
__u16 ether_type;
} ether_header_t;
typedef struct icmp {
u_char icmp_type; /* type of message, see below */
u_char icmp_code; /* type sub code */
u_short icmp_cksum; /* ones complement cksum of struct */
union {
u_char ih_pptr; /* ICMP_PARAMPROB */
struct in_addr ih_gwaddr; /* ICMP_REDIRECT */
struct ih_idseq {
n_short icd_id;
n_short icd_seq;
} ih_idseq;
int ih_void;
} icmp_hun;
#define icmp_pptr icmp_hun.ih_pptr
#define icmp_gwaddr icmp_hun.ih_gwaddr
#define icmp_id icmp_hun.ih_idseq.icd_id
#define icmp_seq icmp_hun.ih_idseq.icd_seq
#define icmp_void icmp_hun.ih_void
union {
struct id_ts {
n_time its_otime;
n_time its_rtime;
n_time its_ttime;
} id_ts;
struct id_ip {
ip_t idi_ip;
/* options and then 64 bits of data */
} id_ip;
u_long id_mask;
char id_data[1];
} icmp_dun;
#define icmp_otime icmp_dun.id_ts.its_otime
#define icmp_rtime icmp_dun.id_ts.its_rtime
#define icmp_ttime icmp_dun.id_ts.its_ttime
#define icmp_ip icmp_dun.id_ip.idi_ip
#define icmp_mask icmp_dun.id_mask
#define icmp_data icmp_dun.id_data
} icmphdr_t;
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define ifnet device
#else
typedef struct udphdr udphdr_t;
typedef struct tcphdr tcphdr_t;
typedef struct ip ip_t;
typedef struct ether_header ether_header_t;
#endif
#if defined(__SVR4) || defined(__svr4__)
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define bzero(a,b) memset(a,0,b)
#endif

120
contrib/ipfilter/ipsend/44arp.c
View File

@ -1,120 +0,0 @@
/* $FreeBSD$ */
/*
* Based upon 4.4BSD's /usr/sbin/arp
*/
#include <sys/param.h>
#include <sys/file.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <net/if.h>
#include <net/if_dl.h>
#include <net/if_types.h>
#ifndef __osf__
# include <net/route.h>
#endif
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <netdb.h>
#include <errno.h>
#include <nlist.h>
#include <stdio.h>
#include "ipsend.h"
#include "iplang/iplang.h"
/*
* lookup host and return
* its IP address in address
* (4 bytes)
*/
int resolve(host, address)
char *host, *address;
{
struct hostent *hp;
u_long add;
add = inet_addr(host);
if (add == -1)
{
if (!(hp = gethostbyname(host)))
{
fprintf(stderr, "unknown host: %s\n", host);
return -1;
}
bcopy((char *)hp->h_addr, (char *)address, 4);
return 0;
}
bcopy((char*)&add, address, 4);
return 0;
}
int arp(addr, eaddr)
char *addr, *eaddr;
{
int mib[6];
size_t needed;
char *lim, *buf, *next;
struct rt_msghdr *rtm;
struct sockaddr_in *sin;
struct sockaddr_dl *sdl;
#ifdef IPSEND
if (arp_getipv4(addr, ether) == 0)
return 0;
#endif
if (!addr)
return -1;
mib[0] = CTL_NET;
mib[1] = PF_ROUTE;
mib[2] = 0;
mib[3] = AF_INET;
mib[4] = NET_RT_FLAGS;
#ifdef RTF_LLINFO
mib[5] = RTF_LLINFO;
#else
mib[5] = 0;
#endif
if (sysctl(mib, 6, NULL, &needed, NULL, 0) == -1)
{
perror("route-sysctl-estimate");
exit(-1);
}
if ((buf = malloc(needed)) == NULL)
{
perror("malloc");
exit(-1);
}
if (sysctl(mib, 6, buf, &needed, NULL, 0) == -1)
{
perror("actual retrieval of routing table");
exit(-1);
}
lim = buf + needed;
for (next = buf; next < lim; next += rtm->rtm_msglen)
{
rtm = (struct rt_msghdr *)next;
sin = (struct sockaddr_in *)(rtm + 1);
sdl = (struct sockaddr_dl *)(sin + 1);
if (!bcmp(addr, (char *)&sin->sin_addr,
sizeof(struct in_addr)))
{
bcopy(LLADDR(sdl), eaddr, sdl->sdl_alen);
return 0;
}
}
return -1;
}

21
contrib/ipfilter/ipsend/Crashable
View File

@ -1,21 +0,0 @@
Test 1:
Solaris 2.4 - upto and including 101945-34, > 34 ?
Solaris 2.5 - 11/95
Linux 1.2.13, < 1.3.45(?)
3com/sonix bridge
Instant Internet
KA9Q NOS
Netblazer 40i, Version 3.2 OS
Irix 6.x
HP-UX 9.0
HP-UX 10.1
LivingstonsComOS
MacOS 7.x, 8.x
Test 6:
SunOS 4.1.x
ULtrix 4.3
Test 7:
SunOS 4.1.x
Linux <= 1.3.84

183
contrib/ipfilter/ipsend/Makefile
View File

@ -1,183 +0,0 @@
#
# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
IPFT=ipft_ef.o ipft_hx.o ipft_pc.o ipft_sn.o ipft_td.o ipft_tx.o opt.o
OBJS=ipsend.o ip.o ipsopt.o y.tab.o lex.yy.o
ROBJS=ipresend.o ip.o resend.o $(IPFT)
TOBJS=iptest.o iptests.o ip.o
BPF=sbpf.o
NIT=snit.o
SUNOS4=sock.o arp.o inet_addr.o
BSD=sock.o 44arp.o
LINUX=lsock.o slinux.o larp.o
LINUXK=
TOP=..
SUNOS5=dlcommon.o sdlpi.o arp.o inet_addr.o
ULTRIX=ultrix.o sock.o arp.o inet_addr.o
HPUX=hpux.o sock.o arp.o inet_addr.o
#CC=gcc
DEBUG=-g
CFLAGS=$(DEBUG) -I. -Iipf
#
MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
"IPFLKM=$(IPFLKM)" \
"IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
"CPUDIR=$(CPUDIR)"
#
all:
@echo "Use one of these targets:"
@echo " sunos4-nit (standard SunOS 4.1.x)"
@echo " sunos4-bpf (SunOS4.1.x with BPF in the kernel)"
@echo " bsd-bpf (4.4BSD variant with BPF in the kernel)"
@echo " linux10 (Linux 1.0 kernels)"
@echo " linux12 (Linux 1.2 kernels)"
@echo " linux20 (Linux 2.0 kernels)"
@echo " sunos5 (Solaris 2.x)"
ipf:
-if [ ! -d iplang ] ; then ln -s ../iplang iplang; fi
-if [ ! -d netinet ] ; then ln -s ../netinet netinet; fi
-if [ ! -d ipf ] ; then ln -s .. ipf; fi
y.tab.o: iplang/iplang_y.y
-if [ -h iplang ] ; then \
(cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=../ipsend' ) \
else \
(cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=..' ) \
fi
lex.yy.o: iplang/iplang_l.l
-if [ -h iplang ] ; then \
(cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=../ipsend' ) \
else \
(cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=..' ) \
fi
.c.o:
$(CC) $(CFLAGS) $(LINUXK) -c $< -o $@
install:
-$(INSTALL) -cs -g wheel -m 755 -o root ipsend ipresend iptest $(BINDEST)
bpf sunos4-bpf :
make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS) -DDOSOCKET -DIPSEND" "LLIB=-ll"
make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS) -DDOSOCKET"
make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS) -DDOSOCKET"
nit sunos4 sunos4-nit :
make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS) -DDOSOCKET -DIPSEND" "LLIB=-ll"
make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS) -DDOSOCKET"
make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS) -DDOSOCKET"
dlpi sunos5 :
make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \
CFLAGS="$(CFLAGS) -Dsolaris -DIPSEND" "LIBS=-lsocket -lnsl" \
"LLIB=-ll"
make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \
CFLAGS="$(CFLAGS) -Dsolaris" "LIBS=-lsocket -lnsl"
make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \
CFLAGS="$(CFLAGS) -Dsolaris" "LIBS=-lsocket -lnsl"
bsd-bpf :
make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS) -DDOSOCKET -DIPSEND" "LLIB=-ll"
make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS) -DDOSOCKET"
make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \
"CFLAGS=$(CFLAGS) -DDOSOCKET"
linuxrev :
make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS) $(INC) -DDOSOCKET -DIPSEND" $(LINUXK)
make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS) $(INC) -DDOSOCKET" $(LINUXK)
make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS) $(INC) -DDOSOCKET" $(LINUXK)
linux10:
make linuxrev 'LINUXK="LINUXK=-DLINUX=0100"' \
"INC=-I/usr/src/linux/include" "LLIB=-lfl"
linux12:
make linuxrev 'LINUXK="LINUXK=-DLINUX=0102"' "INC=-I/usr/src/linux" \
"LLIB=-lfl"
linux20:
make linuxrev 'LINUXK="LINUXK=-DLINUX=0200"' \
"INC=-I/usr/src/linux/include" "LLIB=-lfl" "ELIB=-lelf"
ultrix :
make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(ULTRIX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS) -DIPSEND" "LIBS=" "LLIB=-ll"
make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(ULTRIX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS)" "LIBS="
make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(ULTRIX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS)" "LIBS="
hpux9 :
make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS) -DIPSEND" "LIBS="
make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS)" "LIBS="
make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS)" "LIBS="
hpux11 :
make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS) -DIPSEND" "LIBS="
make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS)" "LIBS="
make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \
CFLAGS="$(CFLAGS)" "LIBS="
ipsend: ipf $(OBJS) $(UNIXOBJS)
$(CC) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) $(LLIB) $(ELIB)
ipresend: $(ROBJS) $(UNIXOBJS)
$(CC) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS) $(ELIB)
iptest: $(TOBJS) $(UNIXOBJS)
$(CC) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS) $(ELIB)
ipft_ef.o: ipf/ipft_ef.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h
$(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_ef.c -o $@
ipft_hx.o: ipf/ipft_hx.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h
$(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_hx.c -o $@
ipft_pc.o: ipf/ipft_pc.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h
$(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_pc.c -o $@
ipft_sn.o: ipf/ipft_sn.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h
$(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_sn.c -o $@
ipft_td.o: ipf/ipft_td.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h
$(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_td.c -o $@
ipft_tx.o: ipf/ipft_tx.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h
$(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_tx.c -o $@
opt.o: ipf/opt.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h
$(CC) $(CFLAGS) $(LINUXK) -c ipf/opt.c -o $@
inet_addr.o: ipf/inet_addr.c
$(CC) $(CFLAGS) $(LINUXK) -c ipf/inet_addr.c -o $@
clean:
rm -rf *.o *core a.out ipsend ipresend iptest
if [ -d iplang ]; then (cd iplang; $(MAKE) $(MFLAGS) clean); fi
if [ -d $(TOP)/iplang ]; then (cd $(TOP)/iplang; $(MAKE) $(MFLAGS) clean); fi
do-cvs:
find . -type d -name CVS -print | xargs /bin/rm -rf
find . -type f -name .cvsignore -print | xargs /bin/rm -f

141
contrib/ipfilter/ipsend/arp.c
View File

@ -1,141 +0,0 @@
/* $FreeBSD$ */
/*
* arp.c (C) 1995-1998 Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/types.h>
#include <sys/socket.h>
#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) && !defined(_AIX51)
# include <sys/sockio.h>
#endif
#include <sys/ioctl.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <net/if.h>
#include <netinet/if_ether.h>
#ifndef ultrix
# include <net/if_arp.h>
#endif
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <stdio.h>
#include <errno.h>
#include <netdb.h>
#include "ipsend.h"
#include "iplang/iplang.h"
/*
* lookup host and return
* its IP address in address
* (4 bytes)
*/
int resolve(host, address)
char *host, *address;
{
struct hostent *hp;
u_long add;
add = inet_addr(host);
if (add == -1)
{
if (!(hp = gethostbyname(host)))
{
fprintf(stderr, "unknown host: %s\n", host);
return -1;
}
bcopy((char *)hp->h_addr, (char *)address, 4);
return 0;
}
bcopy((char*)&add, address, 4);
return 0;
}
/*
* ARP for the MAC address corresponding
* to the IP address. This taken from
* some BSD program, I cant remember which.
*/
int arp(ip, ether)
char *ip;
char *ether;
{
static int sfd = -1;
static char ethersave[6], ipsave[4];
struct arpreq ar;
struct sockaddr_in *sin, san;
struct hostent *hp;
int fd;
#ifdef IPSEND
if (arp_getipv4(ip, ether) == 0)
return 0;
#endif
if (!bcmp(ipsave, ip, 4)) {
bcopy(ethersave, ether, 6);
return 0;
}
fd = -1;
bzero((char *)&ar, sizeof(ar));
sin = (struct sockaddr_in *)&ar.arp_pa;
sin->sin_family = AF_INET;
bcopy(ip, (char *)&sin->sin_addr.s_addr, 4);
#ifndef hpux
if ((hp = gethostbyaddr(ip, 4, AF_INET)))
# if SOLARIS && (SOLARIS2 >= 10)
if (!(ether_hostton(hp->h_name, (struct ether_addr *)ether)))
# else
if (!(ether_hostton(hp->h_name, ether)))
# endif
goto savearp;
#endif
if (sfd == -1)
if ((sfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
{
perror("arp: socket");
return -1;
}
tryagain:
if (ioctl(sfd, SIOCGARP, (caddr_t)&ar) == -1)
{
if (fd == -1)
{
bzero((char *)&san, sizeof(san));
san.sin_family = AF_INET;
san.sin_port = htons(1);
bcopy(ip, &san.sin_addr.s_addr, 4);
fd = socket(AF_INET, SOCK_DGRAM, 0);
(void) sendto(fd, ip, 4, 0,
(struct sockaddr *)&san, sizeof(san));
sleep(1);
(void) close(fd);
goto tryagain;
}
fprintf(stderr, "(%s):", inet_ntoa(sin->sin_addr));
if (errno != ENXIO)
perror("SIOCGARP");
return -1;
}
if ((ar.arp_ha.sa_data[0] == 0) && (ar.arp_ha.sa_data[1] == 0) &&
(ar.arp_ha.sa_data[2] == 0) && (ar.arp_ha.sa_data[3] == 0) &&
(ar.arp_ha.sa_data[4] == 0) && (ar.arp_ha.sa_data[5] == 0)) {
fprintf(stderr, "(%s):", inet_ntoa(sin->sin_addr));
return -1;
}
bcopy(ar.arp_ha.sa_data, ether, 6);
savearp:
bcopy(ether, ethersave, 6);
bcopy(ip, ipsave, 4);
return 0;
}

1383
contrib/ipfilter/ipsend/dlcommon.c
View File

File diff suppressed because it is too large Load Diff

34
contrib/ipfilter/ipsend/dltest.h
View File

@ -1,34 +0,0 @@
/* $FreeBSD$ */
/*
* Common DLPI Test Suite header file
*
*/
/*
* Maximum control/data buffer size (in long's !!) for getmsg().
*/
#define MAXDLBUF 8192
/*
* Maximum number of seconds we'll wait for any
* particular DLPI acknowledgment from the provider
* after issuing a request.
*/
#define MAXWAIT 15
/*
* Maximum address buffer length.
*/
#define MAXDLADDR 1024
/*
* Handy macro.
*/
#define OFFADDR(s, n) (u_char*)((char*)(s) + (int)(n))
/*
* externs go here
*/
extern void sigalrm();

364
contrib/ipfilter/ipsend/ip.c
View File

@ -1,364 +0,0 @@
/* $FreeBSD$ */
/*
* ip.c (C) 1995-1998 Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <sys/param.h>
#ifndef linux
# include <net/route.h>
# include <netinet/if_ether.h>
# include <netinet/ip_var.h>
#endif
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include "ipsend.h"
static char *ipbuf = NULL, *ethbuf = NULL;
u_short chksum(buf,len)
u_short *buf;
int len;
{
u_long sum = 0;
int nwords = len >> 1;
for(; nwords > 0; nwords--)
sum += *buf++;
sum = (sum>>16) + (sum & 0xffff);
sum += (sum >>16);
return (~sum);
}
int send_ether(nfd, buf, len, gwip)
int nfd, len;
char *buf;
struct in_addr gwip;
{
static struct in_addr last_gw;
static char last_arp[6] = { 0, 0, 0, 0, 0, 0};
ether_header_t *eh;
char *s;
int err;
if (!ethbuf)
ethbuf = (char *)calloc(1, 65536+1024);
s = ethbuf;
eh = (ether_header_t *)s;
bcopy((char *)buf, s + sizeof(*eh), len);
if (gwip.s_addr == last_gw.s_addr)
{
bcopy(last_arp, (char *)A_A eh->ether_dhost, 6);
}
else if (arp((char *)&gwip, (char *)A_A eh->ether_dhost) == -1)
{
perror("arp");
return -2;
}
eh->ether_type = htons(ETHERTYPE_IP);
last_gw.s_addr = gwip.s_addr;
err = sendip(nfd, s, sizeof(*eh) + len);
return err;
}
/*
*/
int send_ip(nfd, mtu, ip, gwip, frag)
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
int frag;
{
static struct in_addr last_gw, local_ip;
static char local_arp[6] = { 0, 0, 0, 0, 0, 0};
static char last_arp[6] = { 0, 0, 0, 0, 0, 0};
static u_short id = 0;
ether_header_t *eh;
ip_t ipsv;
int err, iplen;
if (!ipbuf)
{
ipbuf = (char *)malloc(65536);
if (!ipbuf)
{
perror("malloc failed");
return -2;
}
}
eh = (ether_header_t *)ipbuf;
bzero((char *)A_A eh->ether_shost, sizeof(eh->ether_shost));
if (last_gw.s_addr && (gwip.s_addr == last_gw.s_addr))
{
bcopy(last_arp, (char *)A_A eh->ether_dhost, 6);
}
else if (arp((char *)&gwip, (char *)A_A eh->ether_dhost) == -1)
{
perror("arp");
return -2;
}
bcopy((char *)A_A eh->ether_dhost, last_arp, sizeof(last_arp));
eh->ether_type = htons(ETHERTYPE_IP);
bcopy((char *)ip, (char *)&ipsv, sizeof(*ip));
last_gw.s_addr = gwip.s_addr;
iplen = ip->ip_len;
ip->ip_len = htons(iplen);
if (!(frag & 2)) {
if (!IP_V(ip))
IP_V_A(ip, IPVERSION);
if (!ip->ip_id)
ip->ip_id = htons(id++);
if (!ip->ip_ttl)
ip->ip_ttl = 60;
}
if (ip->ip_src.s_addr != local_ip.s_addr) {
(void) arp((char *)&ip->ip_src, (char *)A_A local_arp);
bcopy(local_arp, (char *)A_A eh->ether_shost,sizeof(last_arp));
local_ip = ip->ip_src;
} else
bcopy(local_arp, (char *)A_A eh->ether_shost, 6);
if (!frag || (sizeof(*eh) + iplen < mtu))
{
ip->ip_sum = 0;
ip->ip_sum = chksum((u_short *)ip, IP_HL(ip) << 2);
bcopy((char *)ip, ipbuf + sizeof(*eh), iplen);
err = sendip(nfd, ipbuf, sizeof(*eh) + iplen);
}
else
{
/*
* Actually, this is bogus because we're putting all IP
* options in every packet, which isn't always what should be
* done. Will do for now.
*/
ether_header_t eth;
char optcpy[48], ol;
char *s;
int i, sent = 0, ts, hlen, olen;
hlen = IP_HL(ip) << 2;
if (mtu < (hlen + 8)) {
fprintf(stderr, "mtu (%d) < ip header size (%d) + 8\n",
mtu, hlen);
fprintf(stderr, "can't fragment data\n");
return -2;
}
ol = (IP_HL(ip) << 2) - sizeof(*ip);
for (i = 0, s = (char*)(ip + 1); ol > 0; )
if (*s == IPOPT_EOL) {
optcpy[i++] = *s;
break;
} else if (*s == IPOPT_NOP) {
s++;
ol--;
} else
{
olen = (int)(*(u_char *)(s + 1));
ol -= olen;
if (IPOPT_COPIED(*s))
{
bcopy(s, optcpy + i, olen);
i += olen;
s += olen;
}
}
if (i)
{
/*
* pad out
*/
while ((i & 3) && (i & 3) != 3)
optcpy[i++] = IPOPT_NOP;
if ((i & 3) == 3)
optcpy[i++] = IPOPT_EOL;
}
bcopy((char *)eh, (char *)&eth, sizeof(eth));
s = (char *)ip + hlen;
iplen = ntohs(ip->ip_len) - hlen;
ip->ip_off |= htons(IP_MF);
while (1)
{
if ((sent + (mtu - hlen)) >= iplen)
{
ip->ip_off ^= htons(IP_MF);
ts = iplen - sent;
}
else
ts = (mtu - hlen);
ip->ip_off &= htons(0xe000);
ip->ip_off |= htons(sent >> 3);
ts += hlen;
ip->ip_len = htons(ts);
ip->ip_sum = 0;
ip->ip_sum = chksum((u_short *)ip, hlen);
bcopy((char *)ip, ipbuf + sizeof(*eh), hlen);
bcopy(s + sent, ipbuf + sizeof(*eh) + hlen, ts - hlen);
err = sendip(nfd, ipbuf, sizeof(*eh) + ts);
bcopy((char *)&eth, ipbuf, sizeof(eth));
sent += (ts - hlen);
if (!(ntohs(ip->ip_off) & IP_MF))
break;
else if (!(ip->ip_off & htons(0x1fff)))
{
hlen = i + sizeof(*ip);
IP_HL_A(ip, (sizeof(*ip) + i) >> 2);
bcopy(optcpy, (char *)(ip + 1), i);
}
}
}
bcopy((char *)&ipsv, (char *)ip, sizeof(*ip));
return err;
}
/*
* send a tcp packet.
*/
int send_tcp(nfd, mtu, ip, gwip)
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
{
static tcp_seq iss = 2;
tcphdr_t *t, *t2;
int thlen, i, iplen, hlen;
u_32_t lbuf[20];
ip_t *ip2;
iplen = ip->ip_len;
hlen = IP_HL(ip) << 2;
t = (tcphdr_t *)((char *)ip + hlen);
ip2 = (struct ip *)lbuf;
t2 = (tcphdr_t *)((char *)ip2 + hlen);
thlen = TCP_OFF(t) << 2;
if (!thlen)
thlen = sizeof(tcphdr_t);
bzero((char *)ip2, sizeof(*ip2) + sizeof(*t2));
ip->ip_p = IPPROTO_TCP;
ip2->ip_p = ip->ip_p;
ip2->ip_src = ip->ip_src;
ip2->ip_dst = ip->ip_dst;
bcopy((char *)ip + hlen, (char *)t2, thlen);
if (!t2->th_win)
t2->th_win = htons(4096);
iss += 63;
i = sizeof(struct tcpiphdr) / sizeof(long);
if ((t2->th_flags == TH_SYN) && !ntohs(ip->ip_off) &&
(lbuf[i] != htonl(0x020405b4))) {
lbuf[i] = htonl(0x020405b4);
bcopy((char *)ip + hlen + thlen, (char *)ip + hlen + thlen + 4,
iplen - thlen - hlen);
thlen += 4;
}
TCP_OFF_A(t2, thlen >> 2);
ip2->ip_len = htons(thlen);
ip->ip_len = hlen + thlen;
t2->th_sum = 0;
t2->th_sum = chksum((u_short *)ip2, thlen + sizeof(ip_t));
bcopy((char *)t2, (char *)ip + hlen, thlen);
return send_ip(nfd, mtu, ip, gwip, 1);
}
/*
* send a udp packet.
*/
int send_udp(nfd, mtu, ip, gwip)
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
{
struct tcpiphdr *ti;
int thlen;
u_long lbuf[20];
ti = (struct tcpiphdr *)lbuf;
bzero((char *)ti, sizeof(*ti));
thlen = sizeof(udphdr_t);
ti->ti_pr = ip->ip_p;
ti->ti_src = ip->ip_src;
ti->ti_dst = ip->ip_dst;
bcopy((char *)ip + (IP_HL(ip) << 2),
(char *)&ti->ti_sport, sizeof(udphdr_t));
ti->ti_len = htons(thlen);
ip->ip_len = (IP_HL(ip) << 2) + thlen;
ti->ti_sum = 0;
ti->ti_sum = chksum((u_short *)ti, thlen + sizeof(ip_t));
bcopy((char *)&ti->ti_sport,
(char *)ip + (IP_HL(ip) << 2), sizeof(udphdr_t));
return send_ip(nfd, mtu, ip, gwip, 1);
}
/*
* send an icmp packet.
*/
int send_icmp(nfd, mtu, ip, gwip)
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
{
struct icmp *ic;
ic = (struct icmp *)((char *)ip + (IP_HL(ip) << 2));
ic->icmp_cksum = 0;
ic->icmp_cksum = chksum((u_short *)ic, sizeof(struct icmp));
return send_ip(nfd, mtu, ip, gwip, 1);
}
int send_packet(nfd, mtu, ip, gwip)
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
{
switch (ip->ip_p)
{
case IPPROTO_TCP :
return send_tcp(nfd, mtu, ip, gwip);
case IPPROTO_UDP :
return send_udp(nfd, mtu, ip, gwip);
case IPPROTO_ICMP :
return send_icmp(nfd, mtu, ip, gwip);
default :
return send_ip(nfd, mtu, ip, gwip, 1);
}
}

108
contrib/ipfilter/ipsend/ipresend.1
View File

@ -1,108 +0,0 @@
.\" $FreeBSD$
.\"
.TH IPRESEND 1
.SH NAME
ipresend \- resend IP packets out to network
.SH SYNOPSIS
.B ipresend
[
.B \-EHPRSTX
] [
.B \-d
<device>
] [
.B \-g
<\fIgateway\fP>
] [
.B \-m
<\fIMTU\fP>
] [
.B \-r
<\fIfilename\fP>
]
.SH DESCRIPTION
.PP
\fBipresend\fP was designed to allow packets to be resent, once captured,
back out onto the network for use in testing. \fIipresend\fP supports a
number of different file formats as input, including saved snoop/tcpdump
binary data.
.SH OPTIONS
.TP
.BR \-d \0<interface>
Set the interface name to be the name supplied. This is useful with the
\fB\-P, \-S, \-T\fP and \fB\-E\fP options, where it is not otherwise possible
to associate a packet with an interface. Normal "text packets" can override
this setting.
.TP
.BR \-g \0<gateway>
Specify the hostname of the gateway through which to route packets. This
is required whenever the destination host isn't directly attached to the
same network as the host from which you're sending.
.TP
.BR \-m \0<MTU>
Specify the MTU to be used when sending out packets. This option allows you
to set a fake MTU, allowing the simulation of network interfaces with small
MTU's without setting them so.
.TP
.BR \-r \0<filename>
Specify the filename from which to take input. Default is stdin.
.TP
.B \-E
The input file is to be text output from etherfind. The text formats which
are currently supported are those which result from the following etherfind
option combinations:
.PP
.nf
etherfind -n
etherfind -n -t
.fi
.LP
.TP
.B \-H
The input file is to be hex digits, representing the binary makeup of the
packet. No length correction is made, if an incorrect length is put in
the IP header.
.TP
.B \-P
The input file specified by \fB\-i\fP is a binary file produced using libpcap
(i.e., tcpdump version 3). Packets are read from this file as being input
(for rule purposes).
.TP
.B \-R
When sending packets out, send them out "raw" (the way they came in). The
only real significance here is that it will expect the link layer (i.e.
ethernet) headers to be prepended to the IP packet being output.
.TP
.B \-S
The input file is to be in "snoop" format (see RFC 1761). Packets are read
from this file and used as input from any interface. This is perhaps the
most useful input type, currently.
.TP
.B \-T
The input file is to be text output from tcpdump. The text formats which
are currently supported are those which result from the following tcpdump
option combinations:
.PP
.nf
tcpdump -n
tcpdump -nq
tcpdump -nqt
tcpdump -nqtt
tcpdump -nqte
.fi
.LP
.TP
.B \-X
The input file is composed of text descriptions of IP packets.
.DT
.SH SEE ALSO
snoop(1m), tcpdump(8), etherfind(8c), ipftest(1), ipresend(1), iptest(1), bpf(4), dlpi(7p)
.SH DIAGNOSTICS
.PP
Needs to be run as root.
.SH BUGS
.PP
Not all of the input formats are sufficiently capable of introducing a
wide enough variety of packets for them to be all useful in testing.
If you find any, please send email to me at darrenr@pobox.com

151
contrib/ipfilter/ipsend/ipresend.c
View File

@ -1,151 +0,0 @@
/* $FreeBSD$ */
/*
* ipresend.c (C) 1995-1998 Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <string.h>
#include "ipsend.h"
extern char *optarg;
extern int optind;
#ifndef NO_IPF
extern struct ipread pcap, iphex, iptext;
#endif
int opts = 0;
#ifndef DEFAULT_DEVICE
# ifdef linux
char default_device[] = "eth0";
# else
# ifdef sun
char default_device[] = "le0";
# else
# ifdef ultrix
char default_device[] = "ln0";
# else
# ifdef __bsdi__
char default_device[] = "ef0";
# else
# ifdef __sgi
char default_device[] = "ec0";
# else
char default_device[] = "lan0";
# endif
# endif
# endif
# endif
# endif
#else
char default_device[] = DEFAULT_DEVICE;
#endif
static void usage __P((char *));
int main __P((int, char **));
static void usage(prog)
char *prog;
{
fprintf(stderr, "Usage: %s [options] <-r filename|-R filename>\n\
\t\t-r filename\tsnoop data file to resend\n\
\t\t-R filename\tlibpcap data file to resend\n\
\toptions:\n\
\t\t-d device\tSend out on this device\n\
\t\t-g gateway\tIP gateway to use if non-local dest.\n\
\t\t-m mtu\t\tfake MTU to use when sending out\n\
", prog);
exit(1);
}
int main(argc, argv)
int argc;
char **argv;
{
struct in_addr gwip;
struct ipread *ipr = NULL;
char *name = argv[0], *gateway = NULL, *dev = NULL;
char *resend = NULL;
int mtu = 1500, c;
while ((c = getopt(argc, argv, "EHPRSTXd:g:m:r:")) != -1)
switch (c)
{
case 'd' :
dev = optarg;
break;
case 'g' :
gateway = optarg;
break;
case 'm' :
mtu = atoi(optarg);
if (mtu < 28)
{
fprintf(stderr, "mtu must be > 28\n");
exit(1);
}
case 'r' :
resend = optarg;
break;
case 'R' :
opts |= OPT_RAW;
break;
#ifndef NO_IPF
case 'H' :
ipr = &iphex;
break;
case 'P' :
ipr = &pcap;
break;
case 'X' :
ipr = &iptext;
break;
#endif
default :
fprintf(stderr, "Unknown option \"%c\"\n", c);
usage(name);
}
if (!ipr || !resend)
usage(name);
gwip.s_addr = 0;
if (gateway && resolve(gateway, (char *)&gwip) == -1)
{
fprintf(stderr,"Cant resolve %s\n", gateway);
exit(2);
}
if (!dev)
dev = default_device;
printf("Device: %s\n", dev);
printf("Gateway: %s\n", inet_ntoa(gwip));
printf("mtu: %d\n", mtu);
return ip_resend(dev, mtu, ipr, gwip, resend);
}

111
contrib/ipfilter/ipsend/ipsend.1
View File

@ -1,111 +0,0 @@
.\" $FreeBSD$
.\"
.TH IPSEND 1
.SH NAME
ipsend \- sends IP packets
.SH SYNOPSIS
.B ipsend
[
.B \-dITUv
] [
.B \-i
<interface>
] [
.B \-f
<\fIoffset\fP>
] [
.B \-g
<\fIgateway\fP>
] [
.B \-m
<\fIMTU\fP>
] [
.B \-o
<\fIoption\fP>
] [
.B \-P
<protocol>
] [
.B \-s
<\fIsource\fP>
] [
.B \-t
<\fIdest. port\fP>
] [
.B \-w
<\fIwindow\fP>
] <destination> [TCP-flags]
.SH DESCRIPTION
.PP
\fBipsend\fP can be compiled in two ways. The first is used to send one-off
packets to a destination host, using command line options to specify various
attributes present in the headers. The \fIdestination\fP must be given as
the last command line option, except for when TCP flags are specified as
a combination of A, S, F, U, P and R, last.
.PP
The other way it may be compiled, with DOSOCKET defined, is to allow an
attempt at making a TCP connection using a with ipsend resending the SYN
packet as per the command line options.
.SH OPTIONS
.TP
.BR \-d
enable debugging mode.
.TP
.BR \-f \0<offset>
The \fI-f\fP allows the IP offset field in the IP header to be set to an
arbitrary value, which can be specified in decimal or hexadecimal.
.TP
.BR \-g \0<gateway>
Specify the hostname of the gateway through which to route packets. This
is required whenever the destination host isn't directly attached to the
same network as the host from which you're sending.
.TP
.BR \-i \0<interface>
Set the interface name to be the name supplied.
.TP
.TP
.BR \-m \0<MTU>
Specify the MTU to be used when sending out packets. This option allows you
to set a fake MTU, allowing the simulation of network interfaces with small
MTU's without setting them so.
.TP
.BR \-o \0<option>
Specify options to be included at the end of the IP header. An EOL option
is automatically appended and need not be given. If an option would also
have data associated with it (source as an IP# for a lsrr option), then
this will not be initialised.
.TP
.BR \-s \0<source>
Set the source address in the packet to that provided - maybe either a
hostname or IP#.
.TP
.BR \-t \0<dest. port>
Set the destination port for TCP/UDP packets.
.TP
.BR \-w \0<window>
Set the window size for TCP packets.
.TP
.B \-I
Set the protocol to ICMP.
.TP
.B \-P <protocol>
Set the protocol to the value given. If the parameter is a name, the name
is looked up in the \fI/etc/protocols\fP file.
.TP
.B \-T
Set the protocol to TCP.
.TP
.B \-U
Set the protocol to UDP.
.TP
.BR \-v
enable verbose mode.
.DT
.SH SEE ALSO
ipsend(1), ipresend(1), iptest(1), protocols(4), bpf(4), dlpi(7p)
.SH DIAGNOSTICS
.PP
Needs to be run as root.
.SH BUGS
.PP
If you find any, please send email to me at darrenr@pobox.com

402
contrib/ipfilter/ipsend/ipsend.5
View File

@ -1,402 +0,0 @@
.\" $FreeBSD$
.TH IPSEND 5
.SH NAME
ipsend \- IP packet description language
.SH DESCRIPTION
The \fBipsend\fP program expects, with the \fB-L\fP option, input to be a
text file which fits the grammar described below. The purpose of this
grammar is to allow IP packets to be described in an arbitary way which
also allows encapsulation to be so done to an arbitary level.
.SH GRAMMAR
.LP
.nf
line ::= iface | arp | send | defrouter | ipv4line .
iface ::= ifhdr "{" ifaceopts "}" ";" .
ifhdr ::= "interface" | "iface" .
ifaceopts ::= "ifname" name | "mtu" mtu | "v4addr" ipaddr |
"eaddr" eaddr .
send ::= "send" ";" | "send" "{" sendbodyopts "}" ";" .
sendbodyopts ::= sendbody [ sendbodyopts ] .
sendbody ::= "ifname" name | "via" ipaddr .
defrouter ::= "router" ipaddr .
arp ::= "arp" "{" arpbodyopts "}" ";" .
arpbodyopts ::= arpbody [ arpbodyopts ] .
arpbody ::= "v4addr" ipaddr | "eaddr" eaddr .
bodyline ::= ipv4line | tcpline | udpline | icmpline | dataline .
ipv4line ::= "ipv4" "{" ipv4bodyopts "}" ";" .
ipv4bodyopts ::= ipv4body [ ipv4bodyopts ] | bodyline .
ipv4body ::= "proto" protocol | "src" ipaddr | "dst" ipaddr |
"off" number | "v" number | "hl" number| "id" number |
"ttl" number | "tos" number | "sum" number | "len" number |
"opt" "{" ipv4optlist "}" ";" .
ipv4optlist ::= ipv4option [ ipv4optlist ] .
ipv4optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" |
"tr" | "sec" | "lsrr" | "e-sec" | "cipso" | "satid" |
"ssrr" | "addext" | "visa" | "imitd" | "eip" | "finn" |
"secclass" ipv4secclass.
ipv4secclass := "unclass" | "confid" | "reserv-1" | "reserv-2" |
"reserv-3" | "reserv-4" | "secret" | "topsecret" .
tcpline ::= "tcp" "{" tcpbodyopts "}" ";" .
tcpbodyopts ::= tcpbody [ tcpbodyopts ] | bodyline .
tcpbody ::= "sport" port | "dport" port | "seq" number | "ack" number |
"off" number | "urp" number | "win" number | "sum" number |
"flags" tcpflags | data .
udpline ::= "udp" "{" udpbodyopts "}" ";" .
udpbodyopts ::= udpbody [ udpbodyopts ] | bodyline .
udpbody ::= "sport" port | "dport" port | "len" number | "sum" number |
data .
icmpline ::= "icmp" "{" icmpbodyopts "}" ";" .
icmpbodyopts ::= icmpbody [ icmpbodyopts ] | bodyline .
icmpbody ::= "type" icmptype [ "code" icmpcode ] .
icmptype ::= "echorep" | "echorep" "{" echoopts "}" ";" | "unreach" |
"unreach" "{" unreachtype "}" ";" | "squench" | "redir" |
"redir" "{" redirtype "}" ";" | "echo" "{" echoopts "}" ";" |
"echo" | "routerad" | "routersol" | "timex" |
"timex" "{" timextype "}" ";" | "paramprob" |
"paramprob" "{" parapptype "}" ";" | "timest" | "timestrep" |
"inforeq" | "inforep" | "maskreq" | "maskrep" .
echoopts ::= echoopts [ icmpechoopts ] .
unreachtype ::= "net-unr" | "host-unr" | "proto-unr" | "port-unr" |
"needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" |
"net-prohib" | "host-prohib" | "net-tos" | "host-tos" |
"filter-prohib" | "host-preced" | "cutoff-preced" .
redirtype ::= "net-redir" | "host-redir" | "tos-net-redir" |
"tos-host-redir" .
timextype ::= "intrans" | "reass" .
paramptype ::= "optabsent" .
data ::= "data" "{" databodyopts "}" ";" .
databodyopts ::= "len" number | "value" string | "file" filename .
icmpechoopts ::= "icmpseq" number | "icmpid" number .
.fi
.SH COMMANDS
.PP
Before sending any packets or defining any packets, it is necessary to
describe the interface(s) which will be used to send packets out.
.TP
.B interface
is used to describe a network interface. The description included need
not match the actual configuration currently employed by the operating
system.
.TP
.B send
is used to actually send out a packet across the network. If the
destination is not specified, it will attempt to send the packet
directly out on the network to the destination without routing it.
.TP
.B router
configures the default router for ipsend, as distinct from the default
route installed in the kernel.
.TP
.B ipv4
is used to describe an IP (version 4) packet. IP header fields can be
specified, including options, followed by a data section which may contain
further protocol headers.
.SH IPv4
.TP
.B hl <number>
manually specifies the IP header length (automatically adjusts with the
presence of IP options and defaults to 5);
.TP
.B v <number>
set the IP version. Default is 4.
.TP
.B tos <number>
set the type of service (TOS) field in the IP header. Default is 0.
.TP
.B len <number>
manually specifies the length of the IP packet. The length will automatically
be adjusted to accommodate data or further protocol headers.
.TP
.B off <number>
sets the fragment offset field of the IP packet. Default is 0.
.TP
.B ttl <number>
sets the time to live (TTL) field of the IP header. Default is 60.
.TP
.B proto <protocol>
sets the protocol field of the IP header. The protocol can either be a
number or a name found in \fB/etc/protocols\fP.
.TP
.B sum
manually specifies the checksum for the IP header. If left unset (0), it
will be calculated prior to being sent.
.TP
.B src
manually specifies the source address of the IP header. If left unset, it
will default to the host's IP address.
.TP
.B dst
sets the destination of the IP packet. The default is 0.0.0.0.
.TP
.B opt
is used to include IP options in the IP header.
.TP
.B tcp
is used to indicate the a TCP protocol header is to follow. See the \fBTCP\fP
section for TCP header options.
.TP
.B udp
is used to indicate the a UDP protocol header is to follow. See the \fBUDP\fP
section for UDP header options.
.TP
.B icmp
is used to indicate the a ICMP protocol header is to follow. See the
\fBICMP\fP section for ICMP header options.
.TP
.B data
is used to indicate that raw data is to be included in the IP packet. See the
\fBDATA\fP section for details on options available.
.SH "IPv4 Options"
these keywords indicate that the relevant IP option should be added to the
IP header (the header length field will be adjusted appropriately).
.TP
.B nop
No Operation [RFC 791] (space filler).
.TP
.B rr <number>
Record Router [RFC 791]. The number given specifies the number of
\fBbytes\fP to be used for storage. This should be a multiple of 4 for
proper operation.
.TP
.B zsu
Experimental Measurement.
.TP
.B mtup [RFC 1191].
MTU Probe.
.TP
.B mtur [RFC 1191].
MTU Ready.
.TP
.B encode
.TP
.B ts
Timestamp [RFC 791].
.TP
.B tr
Traceroute [RFC 1393].
.TP
.B "sec-class <security-level>, sec"
Security [RFC 1108]. This option specifies the security label for the packet.
Using \fBsec\fP sets up the framework of the security option but unless
\fBsec-class\fP is given, the level may not be set.
.TP
.B "lsrr <ip-address>"
Loose Source Route [RFC 791].
.TP
.B e-sec
Extended Security [RFC 1108].
.TP
.B cipso
Commercial Security.
.TP
.B satid
Stream ID [RFC 791].
.TP
.B "ssrr <ip-address>"
Strict Source Route [RFC 791].
.TP
.B addext
Address Extension
.TP
.B visa
Experimental Access Control.
.TP
.B imitd
IMI Traffic Descriptor.
.TP
.B eip
[RFC 1358].
.TP
.B finn
Experimental Flow Control.
.SH TCP
.TP
.B sport <port>
sets the source port to the number/name given. Default is 0.
.TP
.B dport <port>
sets the destination port to the number/name given. Default is 0.
.TP
.B seq <number>
sets the sequence number to the number specified. Default is 0.
.TP
.B ack <number>
sets the acknowledge number to the number specified. Default is 0.
.TP
.B off <number>
sets the offset value for the start of data to the number specified. This
implies the size of the TCP header. It is automatically adjusted if TCP
options are included and defaults to 5.
.TP
.B urp <number>
sets the value of the urgent data pointer to the number specified. Default
is 0.
.TP
.B win <number>
sets the size of the TCP window to the number specified. Default is 4096.
.TP
.B sum <number>
manually specifies the checksum for the TCP pseudo-header and data. If left
unset, it defaults to 0 and is automatically calculated.
.TP
.B flags <tcp-flags>
sets the TCP flags field to match the flags specified. Valid flags are
"S" (SYN), "A" (ACK), "R" (RST), "F" (FIN), "U" (URG), "P" (PUSH).
.TP
.B opt
indicates that TCP header options follow. As TCP options are added to the
TCP header, the \fBoff\fP field is updated to match.
.TP
.B data
indicates that a data section is to follow and is to be included as raw
data, being appended to the header.
.SH "TCP options"
With a TCP header, it is possible to append a number of header options.
The TCP header offset will be updated automatically to reflect the change
in size. The valid options are: \fBnop\fP No Operation,
\fBeol\fP End Of (option) List, \fBmss [ size ]\fP Maximum Segment Size - this
sets the maximum receivable size of a packet containing data,
\fBwscale\fP Window Scale, \fBts\fP Timestamp.
.SH UDP
.TP
.B sport <port>
sets the source port to the number/name given. Default is 0.
.TP
.B dport <port>
sets the destination port to the number/name given. Default is 0.
.TP
.B len <number>
manually specifies the length of the UDP header and data. If left unset,
it is automatically adjusted to match the header presence and any data if
present.
.TP
.B sum <number>
manually specifies the checksum for the UDP pseudo-header and data. If left
unset, it defaults to 0 and is automatically calculated.
.TP
.B data
indicates that a data section is to follow and is to be included as raw
data, being appended to the header.
.SH ICMP
.TP
.B type <icmptype>
sets the ICMP type according the to the icmptype tag. This may either be
a number or one of the recognised tags (see the \fBICMP TYPES\fP section for a
list of names recognised).
.TP
.B code <icmpcode>
sets the ICMP code.
.TP
.B data
indicates that a data section is to follow and is to be included as raw
data, being appended to the header.
.SH DATA
Each of the following extend the packet in a different way. \fBLen\fP just
increases the length (without adding any content), \fBvalue\fP uses a string
and \fBfile\fP a file.
.TP
.B len <number>
extend the length of the packet by \fBnumber\fP bytes (without filling those
bytes with any particular data).
.TP
.B value <string>
indicates that the string provided should be added to the current packet as
data. A string may be a consecutive list of characters and numbers (with
no white spaces) or bounded by "'s (may not contain them, even if \\'d).
The \\ character is recognised with the appropriate C escaped values, including
octal numbers.
.TP
.B file <filename>
reads data in from the specified file and appends it to the current packet.
If the new total length would exceed 64k, an error will be reported.
.SH "ICMP TYPES"
.TP
.B echorep
Echo Reply.
.TP
.B "unreach [ unreachable-code ]"
Generic Unreachable error. This is used to indicate that an error has
occurred whilst trying to send the packet across the network and that the
destination cannot be reached. The unreachable code names are:
\fBnet-unr\fP network unreachable, \fBhost-unr\fP host unreachable,
\fBproto-unr\fP protocol unreachable, \fBport-unr\fP port unreachable,
\fBneedfrag\fP, \fBsrcfail\fP source route failed,
\fBnet-unk\fP network unknown, \fBhost-unk\fP host unknown,
\fBisolate\fP, \fBnet-prohib\fP administratively prohibited contact with
network,
\fBhost-prohib\fP administratively prohibited contact with host,
\fBnet-tos\fP network unreachable with given TOS,
\fBhost-tos\fP host unreachable with given TOS,
\fBfilter-prohib\fP packet prohibited by packet filter,
\fBhost-preced\fP,
\fBcutoff-preced\fP.
.TP
.B squench
Source Quence.
.TP
.B "redir [ redirect-code ]"
Redirect (routing). This is used to indicate that the route being chosen
for forwarding the packet is suboptimal and that the sender of the packet
should be routing packets via another route. The redirect code names are:
\fBnet-redir\fP redirect packets for a network,
\fBhost-redir\fP redirect packets for a host,
\fBtos-net-redir\fP redirect packets for a network with a given TOS,
\fBtos-host-redir\fP redirect packets for a host with a given TOS.
.TP
.B echo
Echo.
.TP
.B routerad
Router Advertisement.
.TP
.B routersol
Router solicitation.
.TP
.B "timex [ timexceed-code ]"
Time Exceeded. This is used to indicate that the packet failed to reach the
destination because it was in transit too long (i.e. ttl reached 0). The
valid code names are: \fBintrans\fP,
\fBreass\fP could not reassemble packet from fragments within a given time.
.TP
.B "paramprob [ paramprob-code ]"
Parameter problem. There is only one available parameter problem code name:
\fBoptabsent\fP.
.TP
.B timest
Time stamp request.
.TP
.B "timestrep [ { timestamp-code } ]"
Time stamp reply. In a timestamp reply, it is possible to supply the
following values: \fBrtime\fP, \fBotime\fP, \fBttime\fP.
.TP
.B inforeq
Information request.
.TP
.B inforep
Information reply.
.TP
.B maskreq
Address mask request.
.TP
.B maskrep
Address mask reply.
.SH FILES
/etc/hosts
.br
/etc/protocols
.br
/etc/services
.SH SEE ALSO
ipsend(1), iptest(1), hosts(5), protocols(5), services(5)

440
contrib/ipfilter/ipsend/ipsend.c
View File

@ -1,440 +0,0 @@
/* $FreeBSD$ */
/*
* ipsend.c (C) 1995-1998 Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <string.h>
#include <netinet/ip.h>
#ifndef linux
# include <netinet/ip_var.h>
#endif
#include "ipsend.h"
#include "ipf.h"
#ifndef linux
# include <netinet/udp_var.h>
#endif
extern char *optarg;
extern int optind;
extern void iplang __P((FILE *));
char options[68];
int opts;
#ifdef linux
char default_device[] = "eth0";
#else
# ifdef ultrix
char default_device[] = "ln0";
# else
# ifdef __bsdi__
char default_device[] = "ef0";
# else
# ifdef __sgi
char default_device[] = "ec0";
# else
# ifdef __hpux
char default_device[] = "lan0";
# else
char default_device[] = "le0";
# endif /* __hpux */
# endif /* __sgi */
# endif /* __bsdi__ */
# endif /* ultrix */
#endif /* linux */
static void usage __P((char *));
static void do_icmp __P((ip_t *, char *));
void udpcksum(ip_t *, struct udphdr *, int);
int main __P((int, char **));
static void usage(prog)
char *prog;
{
fprintf(stderr, "Usage: %s [options] dest [flags]\n\
\toptions:\n\
\t\t-d\tdebug mode\n\
\t\t-i device\tSend out on this device\n\
\t\t-f fragflags\tcan set IP_MF or IP_DF\n\
\t\t-g gateway\tIP gateway to use if non-local dest.\n\
\t\t-I code,type[,gw[,dst[,src]]]\tSet ICMP protocol\n\
\t\t-m mtu\t\tfake MTU to use when sending out\n\
\t\t-P protocol\tSet protocol by name\n\
\t\t-s src\t\tsource address for IP packet\n\
\t\t-T\t\tSet TCP protocol\n\
\t\t-t port\t\tdestination port\n\
\t\t-U\t\tSet UDP protocol\n\
\t\t-v\tverbose mode\n\
\t\t-w <window>\tSet the TCP window size\n\
", prog);
fprintf(stderr, "Usage: %s [-dv] -L <filename>\n\
\toptions:\n\
\t\t-d\tdebug mode\n\
\t\t-L filename\tUse IP language for sending packets\n\
\t\t-v\tverbose mode\n\
", prog);
exit(1);
}
static void do_icmp(ip, args)
ip_t *ip;
char *args;
{
struct icmp *ic;
char *s;
ip->ip_p = IPPROTO_ICMP;
ip->ip_len += sizeof(*ic);
ic = (struct icmp *)(ip + 1);
bzero((char *)ic, sizeof(*ic));
if (!(s = strchr(args, ',')))
{
fprintf(stderr, "ICMP args missing: ,\n");
return;
}
*s++ = '\0';
ic->icmp_type = atoi(args);
ic->icmp_code = atoi(s);
if (ic->icmp_type == ICMP_REDIRECT && strchr(s, ','))
{
char *t;
t = strtok(s, ",");
t = strtok(NULL, ",");
if (resolve(t, (char *)&ic->icmp_gwaddr) == -1)
{
fprintf(stderr,"Cant resolve %s\n", t);
exit(2);
}
if ((t = strtok(NULL, ",")))
{
if (resolve(t, (char *)&ic->icmp_ip.ip_dst) == -1)
{
fprintf(stderr,"Cant resolve %s\n", t);
exit(2);
}
if ((t = strtok(NULL, ",")))
{
if (resolve(t,
(char *)&ic->icmp_ip.ip_src) == -1)
{
fprintf(stderr,"Cant resolve %s\n", t);
exit(2);
}
}
}
}
}
int send_packets(dev, mtu, ip, gwip)
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
{
int wfd;
wfd = initdevice(dev, 5);
if (wfd == -1)
return -1;
return send_packet(wfd, mtu, ip, gwip);
}
void
udpcksum(ip_t *ip, struct udphdr *udp, int len)
{
union pseudoh {
struct hdr {
u_short len;
u_char ttl;
u_char proto;
u_32_t src;
u_32_t dst;
} h;
u_short w[6];
} ph;
u_32_t temp32;
u_short *opts;
ph.h.len = htons(len);
ph.h.ttl = 0;
ph.h.proto = IPPROTO_UDP;
ph.h.src = ip->ip_src.s_addr;
ph.h.dst = ip->ip_dst.s_addr;
temp32 = 0;
opts = &ph.w[0];
temp32 += opts[0] + opts[1] + opts[2] + opts[3] + opts[4] + opts[5];
temp32 = (temp32 >> 16) + (temp32 & 65535);
temp32 += (temp32 >> 16);
udp->uh_sum = temp32 & 65535;
udp->uh_sum = chksum((u_short *)udp, len);
if (udp->uh_sum == 0)
udp->uh_sum = 0xffff;
}
int main(argc, argv)
int argc;
char **argv;
{
FILE *langfile = NULL;
struct in_addr gwip;
tcphdr_t *tcp;
udphdr_t *udp;
ip_t *ip;
char *name = argv[0], host[MAXHOSTNAMELEN + 1];
char *gateway = NULL, *dev = NULL;
char *src = NULL, *dst, *s;
int mtu = 1500, olen = 0, c, nonl = 0;
/*
* 65535 is maximum packet size...you never know...
*/
ip = (ip_t *)calloc(1, 65536);
tcp = (tcphdr_t *)(ip + 1);
udp = (udphdr_t *)tcp;
ip->ip_len = sizeof(*ip);
IP_HL_A(ip, sizeof(*ip) >> 2);
while ((c = getopt(argc, argv, "I:L:P:TUdf:i:g:m:o:s:t:vw:")) != -1) {
switch (c)
{
case 'I' :
nonl++;
if (ip->ip_p)
{
fprintf(stderr, "Protocol already set: %d\n",
ip->ip_p);
break;
}
do_icmp(ip, optarg);
break;
case 'L' :
if (nonl) {
fprintf(stderr,
"Incorrect usage of -L option.\n");
usage(name);
}
if (!strcmp(optarg, "-"))
langfile = stdin;
else if (!(langfile = fopen(optarg, "r"))) {
fprintf(stderr, "can't open file %s\n",
optarg);
exit(1);
}
iplang(langfile);
return 0;
case 'P' :
{
struct protoent *p;
nonl++;
if (ip->ip_p)
{
fprintf(stderr, "Protocol already set: %d\n",
ip->ip_p);
break;
}
if ((p = getprotobyname(optarg)))
ip->ip_p = p->p_proto;
else
fprintf(stderr, "Unknown protocol: %s\n",
optarg);
break;
}
case 'T' :
nonl++;
if (ip->ip_p)
{
fprintf(stderr, "Protocol already set: %d\n",
ip->ip_p);
break;
}
ip->ip_p = IPPROTO_TCP;
ip->ip_len += sizeof(tcphdr_t);
break;
case 'U' :
nonl++;
if (ip->ip_p)
{
fprintf(stderr, "Protocol already set: %d\n",
ip->ip_p);
break;
}
ip->ip_p = IPPROTO_UDP;
ip->ip_len += sizeof(udphdr_t);
break;
case 'd' :
opts |= OPT_DEBUG;
break;
case 'f' :
nonl++;
ip->ip_off = strtol(optarg, NULL, 0);
break;
case 'g' :
nonl++;
gateway = optarg;
break;
case 'i' :
nonl++;
dev = optarg;
break;
case 'm' :
nonl++;
mtu = atoi(optarg);
if (mtu < 28)
{
fprintf(stderr, "mtu must be > 28\n");
exit(1);
}
break;
case 'o' :
nonl++;
olen = buildopts(optarg, options, (IP_HL(ip) - 5) << 2);
break;
case 's' :
nonl++;
src = optarg;
break;
case 't' :
nonl++;
if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP)
tcp->th_dport = htons(atoi(optarg));
break;
case 'v' :
opts |= OPT_VERBOSE;
break;
case 'w' :
nonl++;
if (ip->ip_p == IPPROTO_TCP)
tcp->th_win = atoi(optarg);
else
fprintf(stderr, "set protocol to TCP first\n");
break;
default :
fprintf(stderr, "Unknown option \"%c\"\n", c);
usage(name);
}
}
if (argc - optind < 1)
usage(name);
dst = argv[optind++];
if (!src)
{
gethostname(host, sizeof(host));
src = host;
}
if (resolve(src, (char *)&ip->ip_src) == -1)
{
fprintf(stderr,"Cant resolve %s\n", src);
exit(2);
}
if (resolve(dst, (char *)&ip->ip_dst) == -1)
{
fprintf(stderr,"Cant resolve %s\n", dst);
exit(2);
}
if (!gateway)
gwip = ip->ip_dst;
else if (resolve(gateway, (char *)&gwip) == -1)
{
fprintf(stderr,"Cant resolve %s\n", gateway);
exit(2);
}
if (olen)
{
int hlen;
char *p;
printf("Options: %d\n", olen);
hlen = sizeof(*ip) + olen;
IP_HL_A(ip, hlen >> 2);
ip->ip_len += olen;
p = (char *)malloc(65536);
if (p == NULL)
{
fprintf(stderr, "malloc failed\n");
exit(2);
}
bcopy(ip, p, sizeof(*ip));
bcopy(options, p + sizeof(*ip), olen);
bcopy(ip + 1, p + hlen, ip->ip_len - hlen);
ip = (ip_t *)p;
if (ip->ip_p == IPPROTO_TCP) {
tcp = (tcphdr_t *)(p + hlen);
} else if (ip->ip_p == IPPROTO_UDP) {
udp = (udphdr_t *)(p + hlen);
}
}
if (ip->ip_p == IPPROTO_TCP)
for (s = argv[optind]; s && (c = *s); s++)
switch(c)
{
case 'S' : case 's' :
tcp->th_flags |= TH_SYN;
break;
case 'A' : case 'a' :
tcp->th_flags |= TH_ACK;
break;
case 'F' : case 'f' :
tcp->th_flags |= TH_FIN;
break;
case 'R' : case 'r' :
tcp->th_flags |= TH_RST;
break;
case 'P' : case 'p' :
tcp->th_flags |= TH_PUSH;
break;
case 'U' : case 'u' :
tcp->th_flags |= TH_URG;
break;
}
if (!dev)
dev = default_device;
printf("Device: %s\n", dev);
printf("Source: %s\n", inet_ntoa(ip->ip_src));
printf("Dest: %s\n", inet_ntoa(ip->ip_dst));
printf("Gateway: %s\n", inet_ntoa(gwip));
if (ip->ip_p == IPPROTO_TCP && tcp->th_flags)
printf("Flags: %#x\n", tcp->th_flags);
printf("mtu: %d\n", mtu);
if (ip->ip_p == IPPROTO_UDP) {
udp->uh_sum = 0;
udpcksum(ip, udp, ip->ip_len - (IP_HL(ip) << 2));
}
#ifdef DOSOCKET
if (ip->ip_p == IPPROTO_TCP && tcp->th_dport)
return do_socket(dev, mtu, ip, gwip);
#endif
return send_packets(dev, mtu, ip, gwip);
}

73
contrib/ipfilter/ipsend/ipsend.h
View File

@ -1,73 +0,0 @@
/* $FreeBSD$ */
/*
* ipsend.h (C) 1997-1998 Darren Reed
*
* This was written to test what size TCP fragments would get through
* various TCP/IP packet filters, as used in IP firewalls. In certain
* conditions, enough of the TCP header is missing for unpredictable
* results unless the filter is aware that this can happen.
*
* The author provides this program as-is, with no gaurantee for its
* suitability for any specific purpose. The author takes no responsibility
* for the misuse/abuse of this program and provides it for the sole purpose
* of testing packet filter policies. This file maybe distributed freely
* providing it is not modified and that this notice remains in tact.
*
*/
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
#include <net/if.h>
#include "ipf.h"
#ifdef linux
#include <linux/sockios.h>
#endif
/* XXX: The following is needed by tcpip.h */
#include <netinet/ip_var.h>
#include "netinet/tcpip.h"
#include "ipt.h"
extern int resolve __P((char *, char *));
extern int arp __P((char *, char *));
extern u_short chksum __P((u_short *, int));
extern int send_ether __P((int, char *, int, struct in_addr));
extern int send_ip __P((int, int, ip_t *, struct in_addr, int));
extern int send_tcp __P((int, int, ip_t *, struct in_addr));
extern int send_udp __P((int, int, ip_t *, struct in_addr));
extern int send_icmp __P((int, int, ip_t *, struct in_addr));
extern int send_packet __P((int, int, ip_t *, struct in_addr));
extern int send_packets __P((char *, int, ip_t *, struct in_addr));
extern u_short ipseclevel __P((char *));
extern u_32_t buildopts __P((char *, char *, int));
extern int addipopt __P((char *, struct ipopt_names *, int, char *));
extern int initdevice __P((char *, int));
extern int sendip __P((int, char *, int));
#ifdef linux
extern struct sock *find_tcp __P((int, struct tcpiphdr *));
#else
extern struct tcpcb *find_tcp __P((int, struct tcpiphdr *));
#endif
extern int ip_resend __P((char *, int, struct ipread *, struct in_addr, char *));
extern void ip_test1 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test2 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test3 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test4 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test5 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test6 __P((char *, int, ip_t *, struct in_addr, int));
extern void ip_test7 __P((char *, int, ip_t *, struct in_addr, int));
extern int do_socket __P((char *, int, struct tcpiphdr *, struct in_addr));
extern int kmemcpy __P((char *, void *, int));
#define KMCPY(a,b,c) kmemcpy((char *)(a), (void *)(b), (int)(c))
#ifndef OPT_RAW
#define OPT_RAW 0x80000
#endif

200
contrib/ipfilter/ipsend/ipsopt.c
View File

@ -1,200 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include "ipsend.h"
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
struct ipopt_names ionames[] = {
{ IPOPT_EOL, 0x01, 1, "eol" },
{ IPOPT_NOP, 0x02, 1, "nop" },
{ IPOPT_RR, 0x04, 3, "rr" }, /* 1 route */
{ IPOPT_TS, 0x08, 8, "ts" }, /* 1 TS */
{ IPOPT_SECURITY, 0x08, 11, "sec-level" },
{ IPOPT_LSRR, 0x10, 7, "lsrr" }, /* 1 route */
{ IPOPT_SATID, 0x20, 4, "satid" },
{ IPOPT_SSRR, 0x40, 7, "ssrr" }, /* 1 route */
{ 0, 0, 0, NULL } /* must be last */
};
struct ipopt_names secnames[] = {
{ IPOPT_SECUR_UNCLASS, 0x0100, 0, "unclass" },
{ IPOPT_SECUR_CONFID, 0x0200, 0, "confid" },
{ IPOPT_SECUR_EFTO, 0x0400, 0, "efto" },
{ IPOPT_SECUR_MMMM, 0x0800, 0, "mmmm" },
{ IPOPT_SECUR_RESTR, 0x1000, 0, "restr" },
{ IPOPT_SECUR_SECRET, 0x2000, 0, "secret" },
{ IPOPT_SECUR_TOPSECRET, 0x4000,0, "topsecret" },
{ 0, 0, 0, NULL } /* must be last */
};
u_short ipseclevel(slevel)
char *slevel;
{
struct ipopt_names *so;
for (so = secnames; so->on_name; so++)
if (!strcasecmp(slevel, so->on_name))
break;
if (!so->on_name) {
fprintf(stderr, "no such security level: %s\n", slevel);
return 0;
}
return so->on_value;
}
int addipopt(op, io, len, class)
char *op;
struct ipopt_names *io;
int len;
char *class;
{
struct in_addr ipadr;
int olen = len, srr = 0;
u_short val;
u_char lvl;
char *s = op, *t;
if ((len + io->on_siz) > 48) {
fprintf(stderr, "options too long\n");
return 0;
}
len += io->on_siz;
*op++ = io->on_value;
if (io->on_siz > 1) {
/*
* Allow option to specify RR buffer length in bytes.
*/
if (io->on_value == IPOPT_RR) {
val = (class && *class) ? atoi(class) : 4;
*op++ = val + io->on_siz;
len += val;
} else
*op++ = io->on_siz;
if (io->on_value == IPOPT_TS)
*op++ = IPOPT_MINOFF + 1;
else
*op++ = IPOPT_MINOFF;
while (class && *class) {
t = NULL;
switch (io->on_value)
{
case IPOPT_SECURITY :
lvl = ipseclevel(class);
*(op - 1) = lvl;
break;
case IPOPT_LSRR :
case IPOPT_SSRR :
if ((t = strchr(class, ',')))
*t = '\0';
ipadr.s_addr = inet_addr(class);
srr++;
bcopy((char *)&ipadr, op, sizeof(ipadr));
op += sizeof(ipadr);
break;
case IPOPT_SATID :
val = atoi(class);
bcopy((char *)&val, op, 2);
break;
}
if (t)
*t++ = ',';
class = t;
}
if (srr)
s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4 * srr;
if (io->on_value == IPOPT_RR)
op += val;
else
op += io->on_siz - 3;
}
return len - olen;
}
u_32_t buildopts(cp, op, len)
char *cp, *op;
int len;
{
struct ipopt_names *io;
u_32_t msk = 0;
char *s, *t;
int inc, lastop = -1;
for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) {
if ((t = strchr(s, '=')))
*t++ = '\0';
for (io = ionames; io->on_name; io++) {
if (strcasecmp(s, io->on_name) || (msk & io->on_bit))
continue;
lastop = io->on_value;
if ((inc = addipopt(op, io, len, t))) {
op += inc;
len += inc;
}
msk |= io->on_bit;
break;
}
if (!io->on_name) {
fprintf(stderr, "unknown IP option name %s\n", s);
return 0;
}
}
if (len & 3) {
while (len & 3) {
*op++ = ((len & 3) == 3) ? IPOPT_EOL : IPOPT_NOP;
len++;
}
} else {
if (lastop != IPOPT_EOL) {
if (lastop == IPOPT_NOP)
*(op - 1) = IPOPT_EOL;
else {
*op++ = IPOPT_NOP;
*op++ = IPOPT_NOP;
*op++ = IPOPT_NOP;
*op = IPOPT_EOL;
len += 4;
}
}
}
return len;
}

103
contrib/ipfilter/ipsend/iptest.1
View File

@ -1,103 +0,0 @@
.\" $FreeBSD$
.\"
.TH IPTEST 1
.SH NAME
iptest \- automatically generate a packets to test IP functionality
.SH SYNOPSIS
.B iptest
[
.B \-1234567
] [
.B \-d
<device>
] [
.B \-g
<gateway>
] [
.B \-m
<\fIMTU\fP>
] [
.B \-p
<\fIpointtest\fP>
] [
.B \-s
<\fIsource\fP>
] <destination>
.SH DESCRIPTION
.PP
\fBiptest\fP ...
.SH OPTIONS
.TP
.B \-1
Run IP test group #1. This group of tests generates packets with the IP
header fields set to invalid values given other packet characteristics.
The point tests are: 1 (ip_hl < ip_len), 2 (ip_hl > ip_len),
3 (ip_v < 4), 4 (ip_v > 4), 5 (ip_len < packetsize, long packets),
6 (ip_len > packet size, short packets), 7 (Zero length fragments),
8 (packet > 64k after reassembly), 9 (IP offset with MSB set), 10 (ttl
variations).
.TP
.B \-2
Run IP test group #2. This group of tests generates packets with the IP
options constructed with invalid values given other packet characteristics.
The point tests are: 1 (option length > packet length), 2 (option length = 0).
.TP
.B \-3
Run IP test group #3. This group of tests generates packets with the ICMP
header fields set to non-standard values. The point tests are: 1 (ICMP types
0-31 & 255), 2 (type 3 & code 0 - 31), 3 (type 4 & code 0, 127, 128, 255),
4 (type 5 & code 0, 127, 128, 255), 5 (types 8-10,13-18 with codes 0, 127,
128 and 255), 6 (type 12 & code 0, 127, 128, 129, 255) and 7 (type 3 & codes
9-10, 13-14 and 17-18 - shortened packets).
.TP
.B \-4
Run IP test group #4. This group of tests generates packets with the UDP
header fields set to non-standard values. The point tests are: 1 (UDP length
> packet size), 2 (UDP length < packetsize), 3 (sport = 0, 1, 32767, 32768,
65535), 4 (dport = 0, 1, 32767, 32768, 65535) and 5 (sizeof(struct ip) <= MTU
<= sizeof(struct udphdr) + sizeof(struct ip)).
.TP
.B \-5
Run IP test group #5. This group of tests generates packets with the TCP
header fields set to non-standard values. The point tests are: 1 (TCP flags
variations, all combinations), 2 (seq = 0, 0x7fffffff, 0x8000000, 0xa0000000,
0xffffffff), 3 (ack = 0, 0x7fffffff, 0x8000000, 0xa0000000, 0xffffffff),
4 (SYN packet with window of 0, 32768, 65535), 5 (set urgent pointer to 1,
0x7fff, 0x8000, 0xffff), 6 (data offset), 7 (sport = 0, 1, 32767, 32768,
65535) and 8 (dport = 0, 1, 32767, 32768, 65535).
.TP
.B \-6
Run IP test group #6. This test generates a large number of fragments in
an attempt to exhaust the network buffers used for holding packets for later
reassembly. WARNING: this may crash or cause serious performance degradation
to the target host.
.TP
.B \-7
Run IP test group #7. This test generates 1024 random IP packets with only
the IP version, checksum, length and IP offset field correct.
.TP
.BR \-d \0<interface>
Set the interface name to be the name supplied.
.TP
.BR \-g \0<gateway>
Specify the hostname of the gateway through which to route packets. This
is required whenever the destination host isn't directly attached to the
same network as the host from which you're sending.
.TP
.BR \-m \0<MTU>
Specify the MTU to be used when sending out packets. This option allows you
to set a fake MTU, allowing the simulation of network interfaces with small
MTU's without setting them so.
.TP
.B \-p <test>
Run a...
.DT
.SH SEE ALSO
ipsend(1), ipresend(1), bpf(4), ipsend(5), dlpi(7p)
.SH DIAGNOSTICS
Only one of the numeric test options may be given when \fIiptest\fP is run.
.PP
Needs to be run as root.
.SH BUGS
.PP
If you find any, please send email to me at darrenr@pobox.com

218
contrib/ipfilter/ipsend/iptest.c
View File

@ -1,218 +0,0 @@
/* $FreeBSD$ */
/*
* ipsend.c (C) 1995-1998 Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#ifdef linux
#include <linux/sockios.h>
#endif
#include <stdio.h>
#include <netdb.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include "ipsend.h"
extern char *optarg;
extern int optind;
char options[68];
#ifdef linux
char default_device[] = "eth0";
#else
# ifdef sun
char default_device[] = "le0";
# else
# ifdef ultrix
char default_device[] = "ln0";
# else
# ifdef __bsdi__
char default_device[] = "ef0";
# else
# ifdef __sgi
char default_device[] = "ec0";
# else
char default_device[] = "lan0";
# endif
# endif
# endif
# endif
#endif
static void usage __P((char *));
int main __P((int, char **));
static void usage(prog)
char *prog;
{
fprintf(stderr, "Usage: %s [options] dest\n\
\toptions:\n\
\t\t-d device\tSend out on this device\n\
\t\t-g gateway\tIP gateway to use if non-local dest.\n\
\t\t-m mtu\t\tfake MTU to use when sending out\n\
\t\t-p pointtest\t\n\
\t\t-s src\t\tsource address for IP packet\n\
\t\t-1 \t\tPerform test 1 (IP header)\n\
\t\t-2 \t\tPerform test 2 (IP options)\n\
\t\t-3 \t\tPerform test 3 (ICMP)\n\
\t\t-4 \t\tPerform test 4 (UDP)\n\
\t\t-5 \t\tPerform test 5 (TCP)\n\
\t\t-6 \t\tPerform test 6 (overlapping fragments)\n\
\t\t-7 \t\tPerform test 7 (random packets)\n\
", prog);
exit(1);
}
int main(argc, argv)
int argc;
char **argv;
{
struct tcpiphdr *ti;
struct in_addr gwip;
ip_t *ip;
char *name = argv[0], host[MAXHOSTNAMELEN + 1];
char *gateway = NULL, *dev = NULL;
char *src = NULL, *dst;
int mtu = 1500, tests = 0, pointtest = 0, c;
/*
* 65535 is maximum packet size...you never know...
*/
ip = (ip_t *)calloc(1, 65536);
ti = (struct tcpiphdr *)ip;
ip->ip_len = sizeof(*ip);
IP_HL_A(ip, sizeof(*ip) >> 2);
while ((c = getopt(argc, argv, "1234567d:g:m:p:s:")) != -1)
switch (c)
{
case '1' :
case '2' :
case '3' :
case '4' :
case '5' :
case '6' :
case '7' :
tests = c - '0';
break;
case 'd' :
dev = optarg;
break;
case 'g' :
gateway = optarg;
break;
case 'm' :
mtu = atoi(optarg);
if (mtu < 28)
{
fprintf(stderr, "mtu must be > 28\n");
exit(1);
}
break;
case 'p' :
pointtest = atoi(optarg);
break;
case 's' :
src = optarg;
break;
default :
fprintf(stderr, "Unknown option \"%c\"\n", c);
usage(name);
}
if ((argc <= optind) || !argv[optind])
usage(name);
dst = argv[optind++];
if (!src)
{
gethostname(host, sizeof(host));
host[sizeof(host) - 1] = '\0';
src = host;
}
if (resolve(dst, (char *)&ip->ip_dst) == -1)
{
fprintf(stderr,"Cant resolve %s\n", dst);
exit(2);
}
if (resolve(src, (char *)&ip->ip_src) == -1)
{
fprintf(stderr,"Cant resolve %s\n", src);
exit(2);
}
if (!gateway)
gwip = ip->ip_dst;
else if (resolve(gateway, (char *)&gwip) == -1)
{
fprintf(stderr,"Cant resolve %s\n", gateway);
exit(2);
}
if (!dev)
dev = default_device;
printf("Device: %s\n", dev);
printf("Source: %s\n", inet_ntoa(ip->ip_src));
printf("Dest: %s\n", inet_ntoa(ip->ip_dst));
printf("Gateway: %s\n", inet_ntoa(gwip));
printf("mtu: %d\n", mtu);
switch (tests)
{
case 1 :
ip_test1(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 2 :
ip_test2(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 3 :
ip_test3(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 4 :
ip_test4(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 5 :
ip_test5(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 6 :
ip_test6(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
case 7 :
ip_test7(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
default :
ip_test1(dev, mtu, (ip_t *)ti, gwip, pointtest);
ip_test2(dev, mtu, (ip_t *)ti, gwip, pointtest);
ip_test3(dev, mtu, (ip_t *)ti, gwip, pointtest);
ip_test4(dev, mtu, (ip_t *)ti, gwip, pointtest);
ip_test5(dev, mtu, (ip_t *)ti, gwip, pointtest);
ip_test6(dev, mtu, (ip_t *)ti, gwip, pointtest);
ip_test7(dev, mtu, (ip_t *)ti, gwip, pointtest);
break;
}
return 0;
}

1426
contrib/ipfilter/ipsend/iptests.c
View File

File diff suppressed because it is too large Load Diff

93
contrib/ipfilter/ipsend/larp.c
View File

@ -1,93 +0,0 @@
/* $FreeBSD$ */
/*
* larp.c (C) 1995-1998 Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#if !defined(lint)
static const char sccsid[] = "@(#)larp.c 1.1 8/19/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <net/if.h>
#include <net/if_arp.h>
#include <stdio.h>
#include <netdb.h>
#include <errno.h>
#include "ip_compat.h"
#include "iplang/iplang.h"
/*
* lookup host and return
* its IP address in address
* (4 bytes)
*/
int resolve(host, address)
char *host, *address;
{
struct hostent *hp;
u_long add;
add = inet_addr(host);
if (add == -1)
{
if (!(hp = gethostbyname(host)))
{
fprintf(stderr, "unknown host: %s\n", host);
return -1;
}
bcopy((char *)hp->h_addr, (char *)address, 4);
return 0;
}
bcopy((char*)&add, address, 4);
return 0;
}
/*
* ARP for the MAC address corresponding
* to the IP address. This taken from
* some BSD program, I cant remember which.
*/
int arp(ip, ether)
char *ip;
char *ether;
{
static int s = -1;
struct arpreq ar;
struct sockaddr_in *sin;
char *inet_ntoa();
#ifdef IP_SEND
if (arp_getipv4(ip, ether) == 0)
return 0;
#endif
bzero((char *)&ar, sizeof(ar));
sin = (struct sockaddr_in *)&ar.arp_pa;
sin->sin_family = AF_INET;
bcopy(ip, (char *)&sin->sin_addr.s_addr, 4);
if (s == -1)
if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
{
perror("arp: socket");
return -1;
}
if (ioctl(s, SIOCGARP, (caddr_t)&ar) == -1)
{
fprintf(stderr, "(%s):", inet_ntoa(sin->sin_addr));
if (errno != ENXIO)
perror("SIOCGARP");
return -1;
}
bcopy(ar.arp_ha.sa_data, ether, 6);
return 0;
}

19
contrib/ipfilter/ipsend/linux.h
View File

@ -1,19 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* This code may be freely distributed as long as it retains this notice
* and is not changed in any way. The author accepts no responsibility
* for the use of this software. I hate legaleese, don't you ?
*
* @(#)linux.h 1.1 8/19/95
*/
#include <linux/config.h>
#ifdef MODULE
#include <linux/module.h>
#include <linux/version.h>
#endif /* MODULE */
#include "ip_compat.h"

259
contrib/ipfilter/ipsend/lsock.c
View File

@ -1,259 +0,0 @@
/* $FreeBSD$ */
/*
* lsock.c (C) 1995-1998 Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#if !defined(lint)
static const char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stddef.h>
#include <pwd.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/dir.h>
#define __KERNEL__
#if LINUX >= 0200
# undef UINT_MAX
# undef INT_MAX
# undef ULONG_MAX
# undef LONG_MAX
# include <linux/notifier.h>
#endif
#include <linux/fs.h>
#if LINUX >= 0200
#include "linux/netdevice.h"
#include "net/sock.h"
#endif
#undef __KERNEL__
#include <linux/sched.h>
#include <linux/netdevice.h>
#include <nlist.h>
#include <sys/user.h>
#include <sys/socket.h>
#include <math.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <net/if.h>
#if LINUX < 0200
#include <net/inet/sock.h>
#endif
#include "ipsend.h"
int nproc;
struct task_struct *proc;
#ifndef KMEM
# ifdef _PATH_KMEM
# define KMEM _PATH_KMEM
# endif
#endif
#ifndef KMEM
# define KMEM "/dev/kmem"
#endif
#ifndef KERNEL
# define KERNEL "/System.map"
#endif
int kmemcpy(buf, pos, n)
char *buf;
void *pos;
int n;
{
static int kfd = -1;
if (kfd == -1)
kfd = open(KMEM, O_RDONLY);
if (lseek(kfd, (off_t)pos, SEEK_SET) == -1)
{
perror("lseek");
return -1;
}
if (read(kfd, buf, n) == -1)
{
perror("read");
return -1;
}
return n;
}
struct nlist names[3] = {
{ "_task" },
{ "_nr_tasks" },
{ NULL }
};
struct task_struct *getproc()
{
struct task_struct *p, **pp;
void *v;
pid_t pid = getpid();
int siz, n;
n = nlist(KERNEL, names);
if (n != 0)
{
fprintf(stderr, "nlist(%#x) == %d\n", names, n);
return NULL;
}
if (KMCPY(&nproc, names[1].n_value, sizeof(nproc)) == -1)
{
fprintf(stderr, "read nproc (%#x)\n", names[1].n_value);
return NULL;
}
siz = nproc * sizeof(struct task_struct *);
if (KMCPY(&v, names[0].n_value, sizeof(v)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) proc\n",
names[0].n_value, &v, sizeof(v));
return NULL;
}
pp = (struct task_struct **)malloc(siz);
if (KMCPY(pp, v, siz) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) proc\n",
v, pp, siz);
return NULL;
}
proc = (struct task_struct *)malloc(siz);
for (n = 0; n < NR_TASKS; n++)
{
if (KMCPY((proc + n), pp[n], sizeof(*proc)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) proc\n",
pp[n], proc + n, sizeof(*proc));
return NULL;
}
}
p = proc;
for (n = NR_TASKS; n; n--, p++)
if (p->pid == pid)
break;
if (!n)
return NULL;
return p;
}
struct sock *find_tcp(fd, ti)
int fd;
struct tcpiphdr *ti;
{
struct sock *s;
struct inode *i;
struct files_struct *fs;
struct task_struct *p;
struct file *f, **o;
if (!(p = getproc()))
return NULL;
fs = p->files;
o = (struct file **)calloc(1, sizeof(*o) * (fs->count + 1));
if (KMCPY(o, fs->fd, (fs->count + 1) * sizeof(*o)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - fd - failed\n",
fs->fd, o, sizeof(*o));
return NULL;
}
f = (struct file *)calloc(1, sizeof(*f));
if (KMCPY(f, o[fd], sizeof(*f)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - o[fd] - failed\n",
o[fd], f, sizeof(*f));
return NULL;
}
i = (struct inode *)calloc(1, sizeof(*i));
if (KMCPY(i, f->f_inode, sizeof(*i)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - f_inode - failed\n",
f->f_inode, i, sizeof(*i));
return NULL;
}
return i->u.socket_i.data;
}
int do_socket(dev, mtu, ti, gwip)
char *dev;
int mtu;
struct tcpiphdr *ti;
struct in_addr gwip;
{
struct sockaddr_in rsin, lsin;
struct sock *s, sk;
int fd, nfd, len;
printf("Dest. Port: %d\n", ti->ti_dport);
fd = socket(AF_INET, SOCK_STREAM, 0);
if (fd == -1)
{
perror("socket");
return -1;
}
if (fcntl(fd, F_SETFL, FNDELAY) == -1)
{
perror("fcntl");
return -1;
}
bzero((char *)&lsin, sizeof(lsin));
lsin.sin_family = AF_INET;
bcopy((char *)&ti->ti_src, (char *)&lsin.sin_addr,
sizeof(struct in_addr));
if (bind(fd, (struct sockaddr *)&lsin, sizeof(lsin)) == -1)
{
perror("bind");
return -1;
}
len = sizeof(lsin);
(void) getsockname(fd, (struct sockaddr *)&lsin, &len);
ti->ti_sport = lsin.sin_port;
printf("sport %d\n", ntohs(lsin.sin_port));
nfd = initdevice(dev, 0);
if (nfd == -1)
return -1;
if (!(s = find_tcp(fd, ti)))
return -1;
bzero((char *)&rsin, sizeof(rsin));
rsin.sin_family = AF_INET;
bcopy((char *)&ti->ti_dst, (char *)&rsin.sin_addr,
sizeof(struct in_addr));
rsin.sin_port = ti->ti_dport;
if (connect(fd, (struct sockaddr *)&rsin, sizeof(rsin)) == -1 &&
errno != EINPROGRESS)
{
perror("connect");
return -1;
}
KMCPY(&sk, s, sizeof(sk));
ti->ti_win = sk.window;
ti->ti_seq = sk.sent_seq - 1;
ti->ti_ack = sk.rcv_ack_seq;
ti->ti_flags = TH_SYN;
if (send_tcp(nfd, mtu, (ip_t *)ti, gwip) == -1)
return -1;
(void)write(fd, "Hello World\n", 12);
sleep(2);
close(fd);
return 0;
}

143
contrib/ipfilter/ipsend/resend.c
View File

@ -1,143 +0,0 @@
/* $FreeBSD$ */
/*
* resend.c (C) 1995-1998 Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#if !defined(lint)
static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#ifndef linux
# include <netinet/ip_var.h>
# include <netinet/if_ether.h>
#endif
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include "ipsend.h"
extern int opts;
void dumppacket __P((ip_t *));
void dumppacket(ip)
ip_t *ip;
{
tcphdr_t *t;
int i, j;
t = (tcphdr_t *)((char *)ip + (IP_HL(ip) << 2));
if (ip->ip_tos)
printf("tos %#x ", ip->ip_tos);
if (ip->ip_off & 0x3fff)
printf("frag @%#x ", (ip->ip_off & 0x1fff) << 3);
printf("len %d id %d ", ip->ip_len, ip->ip_id);
printf("ttl %d p %d src %s", ip->ip_ttl, ip->ip_p,
inet_ntoa(ip->ip_src));
if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP)
printf(",%d", t->th_sport);
printf(" dst %s", inet_ntoa(ip->ip_dst));
if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP)
printf(",%d", t->th_dport);
if (ip->ip_p == IPPROTO_TCP) {
printf(" seq %lu:%lu flags ",
(u_long)t->th_seq, (u_long)t->th_ack);
for (j = 0, i = 1; i < 256; i *= 2, j++)
if (t->th_flags & i)
printf("%c", "FSRPAU--"[j]);
}
putchar('\n');
}
int ip_resend(dev, mtu, r, gwip, datain)
char *dev;
int mtu;
struct in_addr gwip;
struct ipread *r;
char *datain;
{
ether_header_t *eh;
char dhost[6];
ip_t *ip;
int fd, wfd = initdevice(dev, 5), len, i;
mb_t mb;
if (wfd == -1)
return -1;
if (datain)
fd = (*r->r_open)(datain);
else
fd = (*r->r_open)("-");
if (fd < 0)
exit(-1);
ip = (struct ip *)mb.mb_buf;
eh = (ether_header_t *)malloc(sizeof(*eh));
if(!eh)
{
perror("malloc failed");
return -2;
}
bzero((char *)A_A eh->ether_shost, sizeof(eh->ether_shost));
if (gwip.s_addr && (arp((char *)&gwip, dhost) == -1))
{
perror("arp");
free(eh);
return -2;
}
while ((i = (*r->r_readip)(&mb, NULL, NULL)) > 0)
{
if (!(opts & OPT_RAW)) {
len = ntohs(ip->ip_len);
eh = (ether_header_t *)realloc((char *)eh, sizeof(*eh) + len);
eh->ether_type = htons((u_short)ETHERTYPE_IP);
if (!gwip.s_addr) {
if (arp((char *)&gwip,
(char *)A_A eh->ether_dhost) == -1) {
perror("arp");
continue;
}
} else
bcopy(dhost, (char *)A_A eh->ether_dhost,
sizeof(dhost));
if (!ip->ip_sum)
ip->ip_sum = chksum((u_short *)ip,
IP_HL(ip) << 2);
bcopy(ip, (char *)(eh + 1), len);
len += sizeof(*eh);
dumppacket(ip);
} else {
eh = (ether_header_t *)mb.mb_buf;
len = i;
}
if (sendip(wfd, (char *)eh, len) == -1)
{
perror("send_packet");
break;
}
}
(*r->r_close)();
free(eh);
return 0;
}

153
contrib/ipfilter/ipsend/sbpf.c
View File

@ -1,153 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1995-1998 Darren Reed. (from tcplog)
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <sys/param.h>
#include <sys/types.h>
#include <sys/mbuf.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#if BSD < 199103
#include <sys/fcntlcom.h>
#endif
#if (__FreeBSD_version >= 300000)
# include <sys/dirent.h>
#else
# include <sys/dir.h>
#endif
#include <net/bpf.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#ifdef __NetBSD__
# include <paths.h>
#endif
#include <ctype.h>
#include <signal.h>
#include <errno.h>
#include "ipsend.h"
#if !defined(lint)
static const char sccsid[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
/*
* the code herein is dervied from libpcap.
*/
static u_char *buf = NULL;
static int bufsize = 0, timeout = 1;
int initdevice(device, tout)
char *device;
int tout;
{
struct bpf_version bv;
struct timeval to;
struct ifreq ifr;
#ifdef _PATH_BPF
char *bpfname = _PATH_BPF;
int fd;
if ((fd = open(bpfname, O_RDWR)) < 0)
{
fprintf(stderr, "no bpf devices available as /dev/bpfxx\n");
return -1;
}
#else
char bpfname[16];
int fd = 0, i;
for (i = 0; i < 16; i++)
{
(void) sprintf(bpfname, "/dev/bpf%d", i);
if ((fd = open(bpfname, O_RDWR)) >= 0)
break;
}
if (i == 16)
{
fprintf(stderr, "no bpf devices available as /dev/bpfxx\n");
return -1;
}
#endif
if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0)
{
perror("BIOCVERSION");
return -1;
}
if (bv.bv_major != BPF_MAJOR_VERSION ||
bv.bv_minor < BPF_MINOR_VERSION)
{
fprintf(stderr, "kernel bpf (v%d.%d) filter out of date:\n",
bv.bv_major, bv.bv_minor);
fprintf(stderr, "current version: %d.%d\n",
BPF_MAJOR_VERSION, BPF_MINOR_VERSION);
return -1;
}
(void) strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
if (ioctl(fd, BIOCSETIF, &ifr) == -1)
{
fprintf(stderr, "%s(%d):", ifr.ifr_name, fd);
perror("BIOCSETIF");
exit(1);
}
/*
* get kernel buffer size
*/
if (ioctl(fd, BIOCGBLEN, &bufsize) == -1)
{
perror("BIOCSBLEN");
exit(-1);
}
buf = (u_char*)malloc(bufsize);
/*
* set the timeout
*/
timeout = tout;
to.tv_sec = 1;
to.tv_usec = 0;
if (ioctl(fd, BIOCSRTIMEOUT, (caddr_t)&to) == -1)
{
perror("BIOCSRTIMEOUT");
exit(-1);
}
(void) ioctl(fd, BIOCFLUSH, 0);
return fd;
}
/*
* output an IP packet onto a fd opened for /dev/bpf
*/
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
{
if (write(fd, pkt, len) == -1)
{
perror("send");
return -1;
}
return len;
}

173
contrib/ipfilter/ipsend/sdlpi.c
View File

@ -1,173 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>
#include <netdb.h>
#include <ctype.h>
#include <fcntl.h>
#include <signal.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/timeb.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/stropts.h>
#ifdef sun
# include <sys/pfmod.h>
# include <sys/bufmod.h>
#endif
#ifdef __osf__
# include <sys/dlpihdr.h>
#else
# include <sys/dlpi.h>
#endif
#ifdef __hpux
# include <sys/dlpi_ext.h>
#endif
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/if_ether.h>
#include <netinet/ip_var.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/tcp.h>
#include "ipsend.h"
#if !defined(lint)
static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#define CHUNKSIZE 8192
#define BUFSPACE (4*CHUNKSIZE)
/*
* Be careful to only include those defined in the flags option for the
* interface are included in the header size.
*/
int initdevice(device, tout)
char *device;
int tout;
{
char devname[16], *s, buf[256];
int i, fd;
(void) strcpy(devname, "/dev/");
(void) strncat(devname, device, sizeof(devname) - strlen(devname));
s = devname + 5;
while (*s && !ISDIGIT(*s))
s++;
if (!*s)
{
fprintf(stderr, "bad device name %s\n", devname);
exit(-1);
}
i = atoi(s);
*s = '\0';
/*
* For writing
*/
if ((fd = open(devname, O_RDWR)) < 0)
{
fprintf(stderr, "O_RDWR(1) ");
perror(devname);
exit(-1);
}
if (dlattachreq(fd, i) == -1)
{
fprintf(stderr, "dlattachreq: DLPI error\n");
exit(-1);
}
else if (dlokack(fd, buf) == -1)
{
fprintf(stderr, "dlokack(attach): DLPI error\n");
exit(-1);
}
#ifdef DL_HP_RAWDLS
if (dlpromisconreq(fd, DL_PROMISC_SAP) < 0)
{
fprintf(stderr, "dlpromisconreq: DL_PROMISC_PHYS error\n");
exit(-1);
}
else if (dlokack(fd, buf) < 0)
{
fprintf(stderr, "dlokack(promisc): DLPI error\n");
exit(-1);
}
/* 22 is INSAP as per the HP-UX DLPI Programmer's Guide */
dlbindreq(fd, 22, 1, DL_HP_RAWDLS, 0, 0);
#else
dlbindreq(fd, ETHERTYPE_IP, 0, DL_CLDLS, 0, 0);
#endif
dlbindack(fd, buf);
/*
* write full headers
*/
#ifdef DLIOCRAW /* we require RAW DLPI mode, which is a Sun extension */
if (strioctl(fd, DLIOCRAW, -1, 0, NULL) == -1)
{
fprintf(stderr, "DLIOCRAW error\n");
exit(-1);
}
#endif
return fd;
}
/*
* output an IP packet onto a fd opened for /dev/nit
*/
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
{
struct strbuf dbuf, *dp = &dbuf, *cp = NULL;
int pri = 0;
#ifdef DL_HP_RAWDLS
struct strbuf cbuf;
dl_hp_rawdata_req_t raw;
cp = &cbuf;
raw.dl_primitive = DL_HP_RAWDATA_REQ;
cp->len = sizeof(raw);
cp->buf = (char *)&raw;
cp->maxlen = cp->len;
pri = MSG_HIPRI;
#endif
/*
* construct NIT STREAMS messages, first control then data.
*/
dp->buf = pkt;
dp->len = len;
dp->maxlen = dp->len;
if (putmsg(fd, cp, dp, pri) == -1)
{
perror("putmsg");
return -1;
}
if (ioctl(fd, I_FLUSH, FLUSHW) == -1)
{
perror("I_FLUSHW");
return -1;
}
return len;
}

93
contrib/ipfilter/ipsend/sirix.c
View File

@ -1,93 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed.
* (C)opyright 1997 Marc Boucher.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>
#include <sys/types.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <net/raw.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/if_ether.h>
#include <netinet/ip_var.h>
#include "ipsend.h"
#include <netinet/udp_var.h>
#if !defined(lint) && defined(LIBC_SCCS)
static char sirix[] = "@(#)sirix.c 1.0 10/9/97 (C)1997 Marc Boucher";
#endif
int initdevice(char *device, int tout)
{
int fd;
struct sockaddr_raw sr;
if ((fd = socket(PF_RAW, SOCK_RAW, RAWPROTO_DRAIN)) < 0)
{
perror("socket(PF_RAW, SOCK_RAW, RAWPROTO_DRAIN)");
return -1;
}
memset(&sr, 0, sizeof(sr));
sr.sr_family = AF_RAW;
sr.sr_port = ETHERTYPE_IP;
strncpy(sr.sr_ifname, device, sizeof(sr.sr_ifname));
if (bind(fd, &sr, sizeof(sr)) < 0)
{
perror("bind AF_RAW");
close(fd);
return -1;
}
return fd;
}
/*
* output an IP packet
*/
int sendip(int fd, char *pkt, int len)
{
struct sockaddr_raw sr;
int srlen = sizeof(sr);
struct ifreq ifr;
struct ether_header *eh = (struct ether_header *)pkt;
if (getsockname(fd, &sr, &srlen) == -1)
{
perror("getsockname");
return -1;
}
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, sr.sr_ifname, sizeof ifr.ifr_name);
if (ioctl(fd, SIOCGIFADDR, &ifr) == -1)
{
perror("ioctl SIOCGIFADDR");
return -1;
}
memcpy(eh->ether_shost, ifr.ifr_addr.sa_data, sizeof(eh->ether_shost));
if (write(fd, pkt, len) == -1)
{
perror("send");
return -1;
}
return len;
}

92
contrib/ipfilter/ipsend/slinux.c
View File

@ -1,92 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <ctype.h>
#include <signal.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/timeb.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/dir.h>
#include <linux/netdevice.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include "ipsend.h"
#if !defined(lint)
static const char sccsid[] = "@(#)slinux.c 1.2 8/25/95";
static const char rcsid[] = "@(#)$Id$";
#endif
#define CHUNKSIZE 8192
#define BUFSPACE (4*CHUNKSIZE)
/*
* Be careful to only include those defined in the flags option for the
* interface are included in the header size.
*/
static int timeout;
static char *eth_dev = NULL;
int initdevice(dev, spare)
char *dev;
int spare;
{
int fd;
eth_dev = strdup(dev);
if ((fd = socket(AF_INET, SOCK_PACKET, htons(ETHERTYPE_IP))) == -1)
{
perror("socket(SOCK_PACKET)");
exit(-1);
}
return fd;
}
/*
* output an IP packet onto a fd opened for /dev/nit
*/
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
{
struct sockaddr s;
struct ifreq ifr;
strncpy(ifr.ifr_name, eth_dev, sizeof(ifr.ifr_name));
if (ioctl(fd, SIOCGIFHWADDR, &ifr) == -1)
{
perror("SIOCGIFHWADDR");
return -1;
}
bcopy(ifr.ifr_hwaddr.sa_data, pkt + 6, 6);
s.sa_family = ETHERTYPE_IP;
strncpy(s.sa_data, eth_dev, sizeof(s.sa_data));
if (sendto(fd, pkt, len, 0, &s, sizeof(s)) == -1)
{
perror("send");
return -1;
}
return len;
}

160
contrib/ipfilter/ipsend/snit.c
View File

@ -1,160 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <stdio.h>
#include <netdb.h>
#include <ctype.h>
#include <signal.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/timeb.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <net/nit.h>
#include <sys/fcntlcom.h>
#include <sys/dir.h>
#include <net/nit_if.h>
#include <net/nit_pf.h>
#include <net/nit_buf.h>
#include <net/packetfilt.h>
#include <sys/stropts.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/if_ether.h>
#include <netinet/ip_var.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/tcp.h>
#include "ipsend.h"
#if !defined(lint)
static const char sccsid[] = "@(#)snit.c 1.5 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#define CHUNKSIZE 8192
#define BUFSPACE (4*CHUNKSIZE)
/*
* Be careful to only include those defined in the flags option for the
* interface are included in the header size.
*/
#define BUFHDR_SIZE (sizeof(struct nit_bufhdr))
#define NIT_HDRSIZE (BUFHDR_SIZE)
static int timeout;
int initdevice(device, tout)
char *device;
int tout;
{
struct strioctl si;
struct timeval to;
struct ifreq ifr;
int fd;
if ((fd = open("/dev/nit", O_RDWR)) < 0)
{
perror("/dev/nit");
exit(-1);
}
/*
* arrange to get messages from the NIT STREAM and use NIT_BUF option
*/
ioctl(fd, I_SRDOPT, (char*)RMSGD);
ioctl(fd, I_PUSH, "nbuf");
/*
* set the timeout
*/
timeout = tout;
si.ic_timout = 1;
to.tv_sec = 1;
to.tv_usec = 0;
si.ic_cmd = NIOCSTIME;
si.ic_len = sizeof(to);
si.ic_dp = (char*)&to;
if (ioctl(fd, I_STR, (char*)&si) == -1)
{
perror("ioctl: NIT timeout");
exit(-1);
}
/*
* request the interface
*/
strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = ' ';
si.ic_cmd = NIOCBIND;
si.ic_len = sizeof(ifr);
si.ic_dp = (char*)&ifr;
if (ioctl(fd, I_STR, (char*)&si) == -1)
{
perror(ifr.ifr_name);
exit(1);
}
return fd;
}
/*
* output an IP packet onto a fd opened for /dev/nit
*/
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
{
struct sockaddr sk, *sa = &sk;
struct strbuf cbuf, *cp = &cbuf, dbuf, *dp = &dbuf;
/*
* For ethernet, need at least 802.3 header and IP header.
*/
if (len < (sizeof(sa->sa_data) + sizeof(struct ip)))
return -1;
/*
* to avoid any output processing for IP, say we're not.
*/
sa->sa_family = AF_UNSPEC;
bcopy(pkt, sa->sa_data, sizeof(sa->sa_data));
pkt += sizeof(sa->sa_data);
len -= sizeof(sa->sa_data);
/*
* construct NIT STREAMS messages, first control then data.
*/
cp->len = sizeof(*sa);
cp->maxlen = sizeof(*sa);
cp->buf = (char *)sa;
dp->buf = pkt;
dp->len = len;
dp->maxlen = dp->len;
if (putmsg(fd, cp, dp, 0) == -1)
{
perror("putmsg");
return -1;
}
if (ioctl(fd, I_FLUSH, FLUSHW) == -1)
{
perror("I_FLUSH");
return -1;
}
return len;
}

457
contrib/ipfilter/ipsend/sock.c
View File

@ -1,457 +0,0 @@
/* $FreeBSD$ */
/*
* sock.c (C) 1995-1998 Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#if !defined(lint)
static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
#if defined(__NetBSD__) && defined(__vax__)
/*
* XXX need to declare boolean_t for _KERNEL <sys/files.h>
* which ends up including <sys/device.h> for vax. See PR#32907
* for further details.
*/
typedef int boolean_t;
#endif
#ifndef ultrix
#include <fcntl.h>
#endif
#if (__FreeBSD_version >= 300000)
# include <sys/dirent.h>
#else
# include <sys/dir.h>
#endif
#if !defined(__osf__)
# ifdef __NetBSD__
# include <machine/lock.h>
# endif
# ifdef __FreeBSD__
# define _WANT_FILE
# else
# define _KERNEL
# define KERNEL
# endif
# ifdef ultrix
# undef LOCORE
# include <sys/smp_lock.h>
# endif
# include <sys/file.h>
# ifdef __FreeBSD__
# undef _WANT_FILE
# else
# undef _KERNEL
# undef KERNEL
# endif
#endif
#include <nlist.h>
#include <sys/user.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/proc.h>
#if !defined(ultrix) && !defined(hpux) && !defined(__osf__)
# include <kvm.h>
#endif
#ifdef sun
#include <sys/systm.h>
#include <sys/session.h>
#endif
#if BSD >= 199103
#include <sys/sysctl.h>
#include <sys/filedesc.h>
#include <paths.h>
#endif
#include <math.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/if.h>
#ifndef __osf__
# include <net/route.h>
#endif
#include <netinet/ip_var.h>
#include <netinet/in_pcb.h>
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stddef.h>
#include <pwd.h>
#include "ipsend.h"
int nproc;
struct proc *proc;
#ifndef KMEM
# ifdef _PATH_KMEM
# define KMEM _PATH_KMEM
# endif
#endif
#ifndef KERNEL
# ifdef _PATH_UNIX
# define KERNEL _PATH_UNIX
# endif
#endif
#ifndef KMEM
# define KMEM "/dev/kmem"
#endif
#ifndef KERNEL
# define KERNEL "/vmunix"
#endif
#if BSD < 199103
static struct proc *getproc __P((void));
#else
static struct kinfo_proc *getproc __P((void));
#endif
int kmemcpy(buf, pos, n)
char *buf;
void *pos;
int n;
{
static int kfd = -1;
off_t offset = (u_long)pos;
if (kfd == -1)
kfd = open(KMEM, O_RDONLY);
if (lseek(kfd, offset, SEEK_SET) == -1)
{
perror("lseek");
return -1;
}
if (read(kfd, buf, n) == -1)
{
perror("read");
return -1;
}
return n;
}
struct nlist names[4] = {
{ "_proc" },
{ "_nproc" },
#ifdef ultrix
{ "_u" },
#else
{ NULL },
#endif
{ NULL }
};
#if BSD < 199103
static struct proc *getproc()
{
struct proc *p;
pid_t pid = getpid();
int siz, n;
n = nlist(KERNEL, names);
if (n != 0)
{
fprintf(stderr, "nlist(%#x) == %d\n", names, n);
return NULL;
}
if (KMCPY(&nproc, names[1].n_value, sizeof(nproc)) == -1)
{
fprintf(stderr, "read nproc (%#x)\n", names[1].n_value);
return NULL;
}
siz = nproc * sizeof(struct proc);
if (KMCPY(&p, names[0].n_value, sizeof(p)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) proc\n",
names[0].n_value, &p, sizeof(p));
return NULL;
}
proc = (struct proc *)malloc(siz);
if (KMCPY(proc, p, siz) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) proc\n",
p, proc, siz);
return NULL;
}
p = proc;
for (n = nproc; n; n--, p++)
if (p->p_pid == pid)
break;
if (!n)
return NULL;
return p;
}
struct tcpcb *find_tcp(fd, ti)
int fd;
struct tcpiphdr *ti;
{
struct tcpcb *t;
struct inpcb *i;
struct socket *s;
struct user *up;
struct proc *p;
struct file *f, **o;
if (!(p = getproc()))
return NULL;
up = (struct user *)malloc(sizeof(*up));
#ifndef ultrix
if (KMCPY(up, p->p_uarea, sizeof(*up)) == -1)
{
fprintf(stderr, "read(%#x,%#x) failed\n", p, p->p_uarea);
return NULL;
}
#else
if (KMCPY(up, names[2].n_value, sizeof(*up)) == -1)
{
fprintf(stderr, "read(%#x,%#x) failed\n", p, names[2].n_value);
return NULL;
}
#endif
o = (struct file **)calloc(1, sizeof(*o) * (up->u_lastfile + 1));
if (KMCPY(o, up->u_ofile, (up->u_lastfile + 1) * sizeof(*o)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - u_ofile - failed\n",
up->u_ofile, o, sizeof(*o));
return NULL;
}
f = (struct file *)calloc(1, sizeof(*f));
if (KMCPY(f, o[fd], sizeof(*f)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - o[fd] - failed\n",
up->u_ofile[fd], f, sizeof(*f));
return NULL;
}
s = (struct socket *)calloc(1, sizeof(*s));
if (KMCPY(s, f->f_data, sizeof(*s)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - f_data - failed\n",
o[fd], s, sizeof(*s));
return NULL;
}
i = (struct inpcb *)calloc(1, sizeof(*i));
if (KMCPY(i, s->so_pcb, sizeof(*i)) == -1)
{
fprintf(stderr, "kvm_read(%#x,%#x,%d) - so_pcb - failed\n",
s->so_pcb, i, sizeof(*i));
return NULL;
}
t = (struct tcpcb *)calloc(1, sizeof(*t));
if (KMCPY(t, i->inp_ppcb, sizeof(*t)) == -1)
{
fprintf(stderr, "read(%#x,%#x,%d) - inp_ppcb - failed\n",
i->inp_ppcb, t, sizeof(*t));
return NULL;
}
return (struct tcpcb *)i->inp_ppcb;
}
#else
static struct kinfo_proc *getproc()
{
static struct kinfo_proc kp;
pid_t pid = getpid();
int mib[4];
size_t n;
mib[0] = CTL_KERN;
mib[1] = KERN_PROC;
mib[2] = KERN_PROC_PID;
mib[3] = pid;
n = sizeof(kp);
if (sysctl(mib, 4, &kp, &n, NULL, 0) == -1)
{
perror("sysctl");
return NULL;
}
return &kp;
}
struct tcpcb *find_tcp(tfd, ti)
int tfd;
struct tcpiphdr *ti;
{
struct tcpcb *t;
struct inpcb *i;
struct socket *s;
struct filedesc *fd;
struct kinfo_proc *p;
struct file *f, **o;
if (!(p = getproc()))
return NULL;
fd = (struct filedesc *)malloc(sizeof(*fd));
if (fd == NULL)
return NULL;
#if defined( __FreeBSD_version) && __FreeBSD_version >= 500013
if (KMCPY(fd, p->ki_fd, sizeof(*fd)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx) failed\n",
(u_long)p, (u_long)p->ki_fd);
free(fd);
return NULL;
}
#else
if (KMCPY(fd, p->kp_proc.p_fd, sizeof(*fd)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx) failed\n",
(u_long)p, (u_long)p->kp_proc.p_fd);
free(fd);
return NULL;
}
#endif
o = NULL;
f = NULL;
s = NULL;
i = NULL;
t = NULL;
o = (struct file **)calloc(1, sizeof(*o) * (fd->fd_lastfile + 1));
if (KMCPY(o, fd->fd_ofiles, (fd->fd_lastfile + 1) * sizeof(*o)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx,%lu) - u_ofile - failed\n",
(u_long)fd->fd_ofiles, (u_long)o, (u_long)sizeof(*o));
goto finderror;
}
f = (struct file *)calloc(1, sizeof(*f));
if (KMCPY(f, o[tfd], sizeof(*f)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx,%lu) - o[tfd] - failed\n",
(u_long)o[tfd], (u_long)f, (u_long)sizeof(*f));
goto finderror;
}
s = (struct socket *)calloc(1, sizeof(*s));
if (KMCPY(s, f->f_data, sizeof(*s)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx,%lu) - f_data - failed\n",
(u_long)f->f_data, (u_long)s, (u_long)sizeof(*s));
goto finderror;
}
i = (struct inpcb *)calloc(1, sizeof(*i));
if (KMCPY(i, s->so_pcb, sizeof(*i)) == -1)
{
fprintf(stderr, "kvm_read(%#lx,%#lx,%lu) - so_pcb - failed\n",
(u_long)s->so_pcb, (u_long)i, (u_long)sizeof(*i));
goto finderror;
}
t = (struct tcpcb *)calloc(1, sizeof(*t));
if (KMCPY(t, i->inp_ppcb, sizeof(*t)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx,%lu) - inp_ppcb - failed\n",
(u_long)i->inp_ppcb, (u_long)t, (u_long)sizeof(*t));
goto finderror;
}
return (struct tcpcb *)i->inp_ppcb;
finderror:
if (o != NULL)
free(o);
if (f != NULL)
free(f);
if (s != NULL)
free(s);
if (i != NULL)
free(i);
if (t != NULL)
free(t);
return NULL;
}
#endif /* BSD < 199301 */
int do_socket(dev, mtu, ti, gwip)
char *dev;
int mtu;
struct tcpiphdr *ti;
struct in_addr gwip;
{
struct sockaddr_in rsin, lsin;
struct tcpcb *t, tcb;
int fd, nfd;
socklen_t len;
printf("Dest. Port: %d\n", ti->ti_dport);
fd = socket(AF_INET, SOCK_STREAM, 0);
if (fd == -1)
{
perror("socket");
return -1;
}
if (fcntl(fd, F_SETFL, FNDELAY) == -1)
{
perror("fcntl");
return -1;
}
bzero((char *)&lsin, sizeof(lsin));
lsin.sin_family = AF_INET;
bcopy((char *)&ti->ti_src, (char *)&lsin.sin_addr,
sizeof(struct in_addr));
if (bind(fd, (struct sockaddr *)&lsin, sizeof(lsin)) == -1)
{
perror("bind");
return -1;
}
len = sizeof(lsin);
(void) getsockname(fd, (struct sockaddr *)&lsin, &len);
ti->ti_sport = lsin.sin_port;
printf("sport %d\n", ntohs(lsin.sin_port));
nfd = initdevice(dev, 1);
if (nfd == -1)
return -1;
if (!(t = find_tcp(fd, ti)))
return -1;
bzero((char *)&rsin, sizeof(rsin));
rsin.sin_family = AF_INET;
bcopy((char *)&ti->ti_dst, (char *)&rsin.sin_addr,
sizeof(struct in_addr));
rsin.sin_port = ti->ti_dport;
if (connect(fd, (struct sockaddr *)&rsin, sizeof(rsin)) == -1 &&
errno != EINPROGRESS)
{
perror("connect");
return -1;
}
KMCPY(&tcb, t, sizeof(tcb));
ti->ti_win = tcb.rcv_adv;
ti->ti_seq = tcb.snd_nxt - 1;
ti->ti_ack = tcb.rcv_nxt;
if (send_tcp(nfd, mtu, (ip_t *)ti, gwip) == -1)
return -1;
(void)write(fd, "Hello World\n", 12);
sleep(2);
close(fd);
return 0;
}

89
contrib/ipfilter/ipsend/sockraw.c
View File

@ -1,89 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 2000 Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* WARNING: Attempting to use this .c file on HP-UX 11.00 will cause the
* system to crash.
*/
#include <sys/param.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/if_ether.h>
#include <netinet/ip_var.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/tcp.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include "ipsend.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sirix[] = "@(#)sirix.c 1.0 10/9/97 (C)1997 Marc Boucher";
#endif
int initdevice(char *device, int tout)
{
struct sockaddr s;
struct ifreq ifr;
int fd;
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, device, sizeof ifr.ifr_name);
if ((fd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
{
perror("socket(AF_INET, SOCK_RAW, IPPROTO_RAW)");
return -1;
}
if (ioctl(fd, SIOCGIFADDR, &ifr) == -1)
{
perror("ioctl SIOCGIFADDR");
return -1;
}
bzero((char *)&s, sizeof(s));
s.sa_family = AF_INET;
bcopy(&ifr.ifr_addr, s.sa_data, 4);
if (bind(fd, &s, sizeof(s)) == -1)
perror("bind");
return fd;
}
/*
* output an IP packet
*/
int sendip(int fd, char *pkt, int len)
{
struct ether_header *eh;
struct sockaddr_in sin;
eh = (struct ether_header *)pkt;
bzero((char *)&sin, sizeof(sin));
sin.sin_family = AF_INET;
pkt += 14;
len -= 14;
bcopy(pkt + 12, (char *)&sin.sin_addr, 4);
if (sendto(fd, pkt, len, 0, &sin, sizeof(sin)) == -1)
{
perror("send");
return -1;
}
return len;
}

40
contrib/ipfilter/ipt.h
View File

@ -1,40 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#ifndef __IPT_H__
#define __IPT_H__
#ifndef __P
# define P_DEF
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
#include <fcntl.h>
struct ipread {
int (*r_open) __P((char *));
int (*r_close) __P((void));
int (*r_readip) __P((mb_t *, char **, int *));
int r_flags;
};
#define R_DO_CKSUM 0x01
#ifdef P_DEF
# undef __P
# undef P_DEF
#endif
#endif /* __IPT_H__ */

34
contrib/ipfilter/kmem.h
View File

@ -1,34 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
* $Id$
*/
#ifndef __KMEM_H__
#define __KMEM_H__
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
extern int openkmem __P((char *, char *));
extern int kmemcpy __P((char *, long, int));
extern int kstrncpy __P((char *, long, int));
#if defined(__NetBSD__) || defined(__OpenBSD)
# include <paths.h>
#endif
#ifdef _PATH_KMEM
# define KMEM _PATH_KMEM
#else
# define KMEM "/dev/kmem"
#endif
#endif /* __KMEM_H__ */

10
contrib/ipfilter/l4check/Makefile
View File

@ -1,10 +0,0 @@
# For Solaris
#LIBS=-lsocket -lnsl
all: l4check
l4check: l4check.c
$(CC) -g -I.. $(CFLAGS) $(LIBS) l4check.c -o $@
clean:
/bin/rm -f l4check

2
contrib/ipfilter/l4check/http.check
View File

@ -1,2 +0,0 @@
GET /

1
contrib/ipfilter/l4check/http.ok
View File

@ -1 +0,0 @@
<HTML>

807
contrib/ipfilter/l4check/l4check.c
View File

@ -1,807 +0,0 @@
/* $FreeBSD$ */
/*
* (C)Copyright (C) 2012 by Darren Reed.
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <net/if.h>
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <ctype.h>
#include <fcntl.h>
#include <errno.h>
#include <stdlib.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_nat.h"
#include "ipf.h"
extern char *optarg;
typedef struct l4cfg {
struct l4cfg *l4_next;
struct ipnat l4_nat; /* NAT rule */
struct sockaddr_in l4_sin; /* remote socket to connect */
time_t l4_last; /* when we last connected */
int l4_alive; /* 1 = remote alive */
int l4_fd;
int l4_rw; /* 0 = reading, 1 = writing */
char *l4_rbuf; /* read buffer */
int l4_rsize; /* size of buffer */
int l4_rlen; /* how much used */
char *l4_wptr; /* next byte to write */
int l4_wlen; /* length yet to be written */
} l4cfg_t;
l4cfg_t *l4list = NULL;
char *response = NULL;
char *probe = NULL;
l4cfg_t template;
int frequency = 20;
int ctimeout = 1;
int rtimeout = 1;
size_t plen = 0;
size_t rlen = 0;
int natfd = -1;
int opts = 0;
#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
# define strerror(x) sys_errlist[x]
#endif
char *copystr(dst, src)
char *dst, *src;
{
register char *s, *t, c;
register int esc = 0;
for (s = src, t = dst; s && t && (c = *s++); )
if (esc) {
esc = 0;
switch (c)
{
case 'n' :
*t++ = '\n';
break;
case 'r' :
*t++ = '\r';
break;
case 't' :
*t++ = '\t';
break;
}
} else if (c != '\\')
*t++ = c;
else
esc = 1;
*t = '\0';
return dst;
}
void addnat(l4)
l4cfg_t *l4;
{
ipnat_t *ipn = &l4->l4_nat;
printf("Add NAT rule for %s/%#x,%u -> ", inet_ntoa(ipn->in_out[0]),
ipn->in_outmsk, ntohs(ipn->in_pmin));
printf("%s,%u\n", inet_ntoa(ipn->in_in[0]), ntohs(ipn->in_pnext));
if (!(opts & OPT_DONOTHING)) {
if (ioctl(natfd, SIOCADNAT, &ipn) == -1)
perror("ioctl(SIOCADNAT)");
}
}
void delnat(l4)
l4cfg_t *l4;
{
ipnat_t *ipn = &l4->l4_nat;
printf("Remove NAT rule for %s/%#x,%u -> ",
inet_ntoa(ipn->in_out[0]), ipn->in_outmsk, ipn->in_pmin);
printf("%s,%u\n", inet_ntoa(ipn->in_in[0]), ipn->in_pnext);
if (!(opts & OPT_DONOTHING)) {
if (ioctl(natfd, SIOCRMNAT, &ipn) == -1)
perror("ioctl(SIOCRMNAT)");
}
}
void connectl4(l4)
l4cfg_t *l4;
{
l4->l4_rw = 1;
l4->l4_rlen = 0;
l4->l4_wlen = plen;
if (!l4->l4_wlen) {
l4->l4_alive = 1;
addnat(l4);
} else
l4->l4_wptr = probe;
}
void closel4(l4, dead)
l4cfg_t *l4;
int dead;
{
close(l4->l4_fd);
l4->l4_fd = -1;
l4->l4_rw = -1;
if (dead && l4->l4_alive) {
l4->l4_alive = 0;
delnat(l4);
}
}
void connectfd(l4)
l4cfg_t *l4;
{
if (connect(l4->l4_fd, (struct sockaddr *)&l4->l4_sin,
sizeof(l4->l4_sin)) == -1) {
if (errno == EISCONN) {
if (opts & OPT_VERBOSE)
fprintf(stderr, "Connected fd %d\n",
l4->l4_fd);
connectl4(l4);
return;
}
if (opts & OPT_VERBOSE)
fprintf(stderr, "Connect failed fd %d: %s\n",
l4->l4_fd, strerror(errno));
closel4(l4, 1);
return;
}
l4->l4_rw = 1;
}
void writefd(l4)
l4cfg_t *l4;
{
char buf[80], *ptr;
int n, i, fd;
fd = l4->l4_fd;
if (l4->l4_rw == -2) {
connectfd(l4);
return;
}
n = l4->l4_wlen;
i = send(fd, l4->l4_wptr, n, 0);
if (i == 0 || i == -1) {
if (opts & OPT_VERBOSE)
fprintf(stderr, "Send on fd %d failed: %s\n",
fd, strerror(errno));
closel4(l4, 1);
} else {
l4->l4_wptr += i;
l4->l4_wlen -= i;
if (l4->l4_wlen == 0)
l4->l4_rw = 0;
if (opts & OPT_VERBOSE)
fprintf(stderr, "Sent %d bytes to fd %d\n", i, fd);
}
}
void readfd(l4)
l4cfg_t *l4;
{
char buf[80], *ptr;
int n, i, fd;
fd = l4->l4_fd;
if (l4->l4_rw == -2) {
connectfd(l4);
return;
}
if (l4->l4_rsize) {
n = l4->l4_rsize - l4->l4_rlen;
ptr = l4->l4_rbuf + l4->l4_rlen;
} else {
n = sizeof(buf) - 1;
ptr = buf;
}
if (opts & OPT_VERBOSE)
fprintf(stderr, "Read %d bytes on fd %d to %p\n",
n, fd, ptr);
i = recv(fd, ptr, n, 0);
if (i == 0 || i == -1) {
if (opts & OPT_VERBOSE)
fprintf(stderr, "Read error on fd %d: %s\n",
fd, (i == 0) ? "EOF" : strerror(errno));
closel4(l4, 1);
} else {
if (ptr == buf)
ptr[i] = '\0';
if (opts & OPT_VERBOSE)
fprintf(stderr, "%d: Read %d bytes [%*.*s]\n",
fd, i, i, i, ptr);
if (ptr != buf) {
l4->l4_rlen += i;
if (l4->l4_rlen >= l4->l4_rsize) {
if (!strncmp(response, l4->l4_rbuf,
l4->l4_rsize)) {
printf("%d: Good response\n",
fd);
if (!l4->l4_alive) {
l4->l4_alive = 1;
addnat(l4);
}
closel4(l4, 0);
} else {
if (opts & OPT_VERBOSE)
printf("%d: Bad response\n",
fd);
closel4(l4, 1);
}
}
} else if (!l4->l4_alive) {
l4->l4_alive = 1;
addnat(l4);
closel4(l4, 0);
}
}
}
int runconfig()
{
int fd, opt, res, mfd, i;
struct timeval tv;
time_t now, now1;
fd_set rfd, wfd;
l4cfg_t *l4;
mfd = 0;
opt = 1;
now = time(NULL);
/*
* First, initiate connections that are closed, as required.
*/
for (l4 = l4list; l4; l4 = l4->l4_next) {
if ((l4->l4_last + frequency < now) && (l4->l4_fd == -1)) {
l4->l4_last = now;
fd = socket(AF_INET, SOCK_STREAM, 0);
if (fd == -1)
continue;
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt,
sizeof(opt));
#ifdef O_NONBLOCK
if ((res = fcntl(fd, F_GETFL, 0)) != -1)
fcntl(fd, F_SETFL, res | O_NONBLOCK);
#endif
if (opts & OPT_VERBOSE)
fprintf(stderr,
"Connecting to %s,%d (fd %d)...",
inet_ntoa(l4->l4_sin.sin_addr),
ntohs(l4->l4_sin.sin_port), fd);
if (connect(fd, (struct sockaddr *)&l4->l4_sin,
sizeof(l4->l4_sin)) == -1) {
if (errno != EINPROGRESS) {
if (opts & OPT_VERBOSE)
fprintf(stderr, "failed\n");
perror("connect");
close(fd);
fd = -1;
} else {
if (opts & OPT_VERBOSE)
fprintf(stderr, "waiting\n");
l4->l4_rw = -2;
}
} else {
if (opts & OPT_VERBOSE)
fprintf(stderr, "connected\n");
connectl4(l4);
}
l4->l4_fd = fd;
}
}
/*
* Now look for fd's which we're expecting to read/write from.
*/
FD_ZERO(&rfd);
FD_ZERO(&wfd);
tv.tv_sec = MIN(rtimeout, ctimeout);
tv.tv_usec = 0;
for (l4 = l4list; l4; l4 = l4->l4_next)
if (l4->l4_rw == 0) {
if (now - l4->l4_last > rtimeout) {
if (opts & OPT_VERBOSE)
fprintf(stderr, "%d: Read timeout\n",
l4->l4_fd);
closel4(l4, 1);
continue;
}
if (opts & OPT_VERBOSE)
fprintf(stderr, "Wait for read on fd %d\n",
l4->l4_fd);
FD_SET(l4->l4_fd, &rfd);
if (l4->l4_fd > mfd)
mfd = l4->l4_fd;
} else if ((l4->l4_rw == 1 && l4->l4_wlen) ||
l4->l4_rw == -2) {
if ((l4->l4_rw == -2) &&
(now - l4->l4_last > ctimeout)) {
if (opts & OPT_VERBOSE)
fprintf(stderr,
"%d: connect timeout\n",
l4->l4_fd);
closel4(l4);
continue;
}
if (opts & OPT_VERBOSE)
fprintf(stderr, "Wait for write on fd %d\n",
l4->l4_fd);
FD_SET(l4->l4_fd, &wfd);
if (l4->l4_fd > mfd)
mfd = l4->l4_fd;
}
if (opts & OPT_VERBOSE)
fprintf(stderr, "Select: max fd %d wait %d\n", mfd + 1,
tv.tv_sec);
i = select(mfd + 1, &rfd, &wfd, NULL, &tv);
if (i == -1) {
perror("select");
return -1;
}
now1 = time(NULL);
for (l4 = l4list; (i > 0) && l4; l4 = l4->l4_next) {
if (l4->l4_fd < 0)
continue;
if (FD_ISSET(l4->l4_fd, &rfd)) {
if (opts & OPT_VERBOSE)
fprintf(stderr, "Ready to read on fd %d\n",
l4->l4_fd);
readfd(l4);
i--;
}
if ((l4->l4_fd >= 0) && FD_ISSET(l4->l4_fd, &wfd)) {
if (opts & OPT_VERBOSE)
fprintf(stderr, "Ready to write on fd %d\n",
l4->l4_fd);
writefd(l4);
i--;
}
}
return 0;
}
int gethostport(str, lnum, ipp, portp)
char *str;
int lnum;
u_32_t *ipp;
u_short *portp;
{
struct servent *sp;
struct hostent *hp;
char *host, *port;
struct in_addr ip;
host = str;
port = strchr(host, ',');
if (port)
*port++ = '\0';
#ifdef HAVE_INET_ATON
if (ISDIGIT(*host) && inet_aton(host, &ip))
*ipp = ip.s_addr;
#else
if (ISDIGIT(*host))
*ipp = inet_addr(host);
#endif
else {
if (!(hp = gethostbyname(host))) {
fprintf(stderr, "%d: can't resolve hostname: %s\n",
lnum, host);
return 0;
}
*ipp = *(u_32_t *)hp->h_addr;
}
if (port) {
if (ISDIGIT(*port))
*portp = htons(atoi(port));
else {
sp = getservbyname(port, "tcp");
if (sp)
*portp = sp->s_port;
else {
fprintf(stderr, "%d: unknown service %s\n",
lnum, port);
return 0;
}
}
} else
*portp = 0;
return 1;
}
char *mapfile(file, sizep)
char *file;
size_t *sizep;
{
struct stat sb;
caddr_t addr;
int fd;
fd = open(file, O_RDONLY);
if (fd == -1) {
perror("open(mapfile)");
return NULL;
}
if (fstat(fd, &sb) == -1) {
perror("fstat(mapfile)");
close(fd);
return NULL;
}
addr = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
if (addr == (caddr_t)-1) {
perror("mmap(mapfile)");
close(fd);
return NULL;
}
close(fd);
*sizep = sb.st_size;
return (char *)addr;
}
int readconfig(filename)
char *filename;
{
char c, buf[512], *s, *t, *errtxt = NULL, *line;
int num, err = 0;
ipnat_t *ipn;
l4cfg_t *l4;
FILE *fp;
fp = fopen(filename, "r");
if (!fp) {
perror("open(configfile)");
return -1;
}
bzero((char *)&template, sizeof(template));
template.l4_fd = -1;
template.l4_rw = -1;
template.l4_sin.sin_family = AF_INET;
ipn = &template.l4_nat;
ipn->in_flags = IPN_TCP|IPN_ROUNDR;
ipn->in_redir = NAT_REDIRECT;
for (num = 1; fgets(buf, sizeof(buf), fp); num++) {
s = strchr(buf, '\n');
if (!s) {
fprintf(stderr, "%d: line too long\n", num);
fclose(fp);
return -1;
}
*s = '\0';
/*
* lines which are comments
*/
s = strchr(buf, '#');
if (s)
*s = '\0';
/*
* Skip leading whitespace
*/
for (line = buf; (c = *line) && ISSPACE(c); line++)
;
if (!*line)
continue;
if (opts & OPT_VERBOSE)
fprintf(stderr, "Parsing: [%s]\n", line);
t = strtok(line, " \t");
if (!t)
continue;
if (!strcasecmp(t, "interface")) {
s = strtok(NULL, " \t");
if (s)
t = strtok(NULL, "\t");
if (!s || !t) {
errtxt = line;
err = -1;
break;
}
if (!strchr(t, ',')) {
fprintf(stderr,
"%d: local address,port missing\n",
num);
err = -1;
break;
}
strncpy(ipn->in_ifname, s, sizeof(ipn->in_ifname));
if (!gethostport(t, num, &ipn->in_outip,
&ipn->in_pmin)) {
errtxt = line;
err = -1;
break;
}
ipn->in_outmsk = 0xffffffff;
ipn->in_pmax = ipn->in_pmin;
if (opts & OPT_VERBOSE)
fprintf(stderr,
"Interface %s %s/%#x port %u\n",
ipn->in_ifname,
inet_ntoa(ipn->in_out[0]),
ipn->in_outmsk, ipn->in_pmin);
} else if (!strcasecmp(t, "remote")) {
if (!*ipn->in_ifname) {
fprintf(stderr,
"%d: ifname not set prior to remote\n",
num);
err = -1;
break;
}
s = strtok(NULL, " \t");
if (s)
t = strtok(NULL, "");
if (!s || !t || strcasecmp(s, "server")) {
errtxt = line;
err = -1;
break;
}
ipn->in_pnext = 0;
if (!gethostport(t, num, &ipn->in_inip,
&ipn->in_pnext)) {
errtxt = line;
err = -1;
break;
}
ipn->in_inmsk = 0xffffffff;
if (ipn->in_pnext == 0)
ipn->in_pnext = ipn->in_pmin;
l4 = (l4cfg_t *)malloc(sizeof(*l4));
if (!l4) {
fprintf(stderr, "%d: out of memory (%d)\n",
num, sizeof(*l4));
err = -1;
break;
}
bcopy((char *)&template, (char *)l4, sizeof(*l4));
l4->l4_sin.sin_addr = ipn->in_in[0];
l4->l4_sin.sin_port = ipn->in_pnext;
l4->l4_next = l4list;
l4list = l4;
} else if (!strcasecmp(t, "connect")) {
s = strtok(NULL, " \t");
if (s)
t = strtok(NULL, "\t");
if (!s || !t) {
errtxt = line;
err = -1;
break;
} else if (!strcasecmp(s, "timeout")) {
ctimeout = atoi(t);
if (opts & OPT_VERBOSE)
fprintf(stderr, "connect timeout %d\n",
ctimeout);
} else if (!strcasecmp(s, "frequency")) {
frequency = atoi(t);
if (opts & OPT_VERBOSE)
fprintf(stderr,
"connect frequency %d\n",
frequency);
} else {
errtxt = line;
err = -1;
break;
}
} else if (!strcasecmp(t, "probe")) {
s = strtok(NULL, " \t");
if (!s) {
errtxt = line;
err = -1;
break;
} else if (!strcasecmp(s, "string")) {
if (probe) {
fprintf(stderr,
"%d: probe already set\n",
num);
err = -1;
break;
}
t = strtok(NULL, "");
if (!t) {
fprintf(stderr,
"%d: No probe string\n", num);
err = -1;
break;
}
probe = malloc(strlen(t));
copystr(probe, t);
plen = strlen(probe);
if (opts & OPT_VERBOSE)
fprintf(stderr, "Probe string [%s]\n",
probe);
} else if (!strcasecmp(s, "file")) {
t = strtok(NULL, " \t");
if (!t) {
errtxt = line;
err = -1;
break;
}
if (probe) {
fprintf(stderr,
"%d: probe already set\n",
num);
err = -1;
break;
}
probe = mapfile(t, &plen);
if (opts & OPT_VERBOSE)
fprintf(stderr,
"Probe file %s len %u@%p\n",
t, plen, probe);
}
} else if (!strcasecmp(t, "response")) {
s = strtok(NULL, " \t");
if (!s) {
errtxt = line;
err = -1;
break;
} else if (!strcasecmp(s, "timeout")) {
t = strtok(NULL, " \t");
if (!t) {
errtxt = line;
err = -1;
break;
}
rtimeout = atoi(t);
if (opts & OPT_VERBOSE)
fprintf(stderr,
"response timeout %d\n",
rtimeout);
} else if (!strcasecmp(s, "string")) {
if (response) {
fprintf(stderr,
"%d: response already set\n",
num);
err = -1;
break;
}
response = strdup(strtok(NULL, ""));
rlen = strlen(response);
template.l4_rsize = rlen;
template.l4_rbuf = malloc(rlen);
if (opts & OPT_VERBOSE)
fprintf(stderr,
"Response string [%s]\n",
response);
} else if (!strcasecmp(s, "file")) {
t = strtok(NULL, " \t");
if (!t) {
errtxt = line;
err = -1;
break;
}
if (response) {
fprintf(stderr,
"%d: response already set\n",
num);
err = -1;
break;
}
response = mapfile(t, &rlen);
template.l4_rsize = rlen;
template.l4_rbuf = malloc(rlen);
if (opts & OPT_VERBOSE)
fprintf(stderr,
"Response file %s len %u@%p\n",
t, rlen, response);
}
} else {
errtxt = line;
err = -1;
break;
}
}
if (errtxt)
fprintf(stderr, "%d: syntax error at \"%s\"\n", num, errtxt);
fclose(fp);
return err;
}
void usage(prog)
char *prog;
{
fprintf(stderr, "Usage: %s -f <configfile>\n", prog);
exit(1);
}
int main(argc, argv)
int argc;
char *argv[];
{
char *config = NULL;
int c;
while ((c = getopt(argc, argv, "f:nv")) != -1)
switch (c)
{
case 'f' :
config = optarg;
break;
case 'n' :
opts |= OPT_DONOTHING;
break;
case 'v' :
opts |= OPT_VERBOSE;
break;
}
if (config == NULL)
usage(argv[0]);
if (readconfig(config))
exit(1);
if (!l4list) {
fprintf(stderr, "No remote servers, exiting.");
exit(1);
}
if (!(opts & OPT_DONOTHING)) {
natfd = open(IPL_NAT, O_RDWR);
if (natfd == -1) {
perror("open(IPL_NAT)");
exit(1);
}
}
if (opts & OPT_VERBOSE)
fprintf(stderr, "Starting...\n");
while (runconfig() == 0)
;
}

31
contrib/ipfilter/l4check/l4check.conf
View File

@ -1,31 +0,0 @@
#
# NOTE: ORDER IS IMPORTANT IN THIS FILE
#
# Interface to do the redirections on and the IP address which will be
# targeted.
#
interface nf0 192.168.1.1,2100
#
connect timeout 1
connect frequency 20
#
# If no probe string is specified, a successful connection implies the
# server is still alive.
#
probe string GET /\n\n
#probe file http.check
#
response timeout 4
response string <HTML>
#response file http.ok
#
# Here we have multiple servers, listed because that's what happens to be
# used for testing of connect timeoutes, read timeouts, success and things
# which don't connect.
#
remote server 192.168.1.2,23
remote server 192.168.1.2,2101
remote server 192.168.1.3,25
remote server 192.168.1.254,8000
remote server 192.168.1.1,9
#

443
contrib/ipfilter/lib/Makefile
View File

@ -1,443 +0,0 @@
#
# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
# $Id$
#
INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h
LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/addipopt.o \
$(DEST)/alist_free.o \
$(DEST)/alist_new.o \
$(DEST)/allocmbt.o \
$(DEST)/assigndefined.o \
$(DEST)/bcopywrap.o \
$(DEST)/binprint.o \
$(DEST)/buildopts.o \
$(DEST)/checkrev.o \
$(DEST)/connecttcp.o \
$(DEST)/count6bits.o \
$(DEST)/count4bits.o \
$(DEST)/debug.o \
$(DEST)/dupmbt.o \
$(DEST)/familyname.o \
$(DEST)/facpri.o \
$(DEST)/fill6bits.o \
$(DEST)/findword.o \
$(DEST)/flags.o \
$(DEST)/freembt.o \
$(DEST)/ftov.o \
$(DEST)/genmask.o \
$(DEST)/gethost.o \
$(DEST)/geticmptype.o \
$(DEST)/getifname.o \
$(DEST)/getnattype.o \
$(DEST)/getport.o \
$(DEST)/getportproto.o \
$(DEST)/getproto.o \
$(DEST)/getsumd.o \
$(DEST)/hostname.o \
$(DEST)/icmpcode.o \
$(DEST)/icmptypename.o \
$(DEST)/icmptypes.o \
$(DEST)/initparse.o \
$(DEST)/interror.o \
$(DEST)/ionames.o \
$(DEST)/ipf_dotuning.o \
$(DEST)/ipf_perror.o \
$(DEST)/ipft_hx.o \
$(DEST)/ipft_pc.o \
$(DEST)/ipft_tx.o \
$(DEST)/ipoptsec.o \
$(DEST)/kmem.o \
$(DEST)/kmemcpywrap.o \
$(DEST)/kvatoname.o \
$(DEST)/load_file.o \
$(DEST)/load_dstlist.o \
$(DEST)/load_dstlistnode.o \
$(DEST)/load_hash.o \
$(DEST)/load_hashnode.o \
$(DEST)/load_http.o \
$(DEST)/load_pool.o \
$(DEST)/load_poolnode.o \
$(DEST)/load_url.o \
$(DEST)/msgdsize.o \
$(DEST)/mutex_emul.o \
$(DEST)/nametokva.o \
$(DEST)/nat_setgroupmap.o \
$(DEST)/ntomask.o \
$(DEST)/optname.o \
$(DEST)/optprint.o \
$(DEST)/optprintv6.o \
$(DEST)/optvalue.o \
$(DEST)/parsefields.o \
$(DEST)/parseipfexpr.o \
$(DEST)/parsewhoisline.o \
$(DEST)/poolio.o \
$(DEST)/portname.o \
$(DEST)/print_toif.o \
$(DEST)/printactiveaddr.o \
$(DEST)/printactivenat.o \
$(DEST)/printaddr.o \
$(DEST)/printaps.o \
$(DEST)/printbuf.o \
$(DEST)/printdstlist.o \
$(DEST)/printdstlistdata.o \
$(DEST)/printdstlistnode.o \
$(DEST)/printdstlistpolicy.o \
$(DEST)/printdstl_live.o \
$(DEST)/printfieldhdr.o \
$(DEST)/printfr.o \
$(DEST)/printfraginfo.o \
$(DEST)/printhash.o \
$(DEST)/printhashdata.o \
$(DEST)/printhashnode.o \
$(DEST)/printhash_live.o \
$(DEST)/printhost.o \
$(DEST)/printhostmap.o \
$(DEST)/printhostmask.o \
$(DEST)/printifname.o \
$(DEST)/printip.o \
$(DEST)/printipfexpr.o \
$(DEST)/printlog.o \
$(DEST)/printlookup.o \
$(DEST)/printmask.o \
$(DEST)/printnat.o \
$(DEST)/printnataddr.o \
$(DEST)/printnatfield.o \
$(DEST)/printnatside.o \
$(DEST)/printpool.o \
$(DEST)/printpooldata.o \
$(DEST)/printpoolfield.o \
$(DEST)/printpoolnode.o \
$(DEST)/printpool_live.o \
$(DEST)/printproto.o \
$(DEST)/printportcmp.o \
$(DEST)/printpacket.o \
$(DEST)/printpacket6.o \
$(DEST)/printsbuf.o \
$(DEST)/printstate.o \
$(DEST)/printstatefields.o \
$(DEST)/printtcpflags.o \
$(DEST)/printtqtable.o \
$(DEST)/printtunable.o \
$(DEST)/printunit.o \
$(DEST)/remove_hash.o \
$(DEST)/remove_hashnode.o \
$(DEST)/remove_pool.o \
$(DEST)/remove_poolnode.o \
$(DEST)/resetlexer.o \
$(DEST)/rwlock_emul.o \
$(DEST)/save_execute.o \
$(DEST)/save_file.o \
$(DEST)/save_nothing.o \
$(DEST)/save_syslog.o \
$(DEST)/save_v1trap.o \
$(DEST)/save_v2trap.o \
$(DEST)/tcpflags.o \
$(DEST)/var.o \
$(DEST)/verbose.o \
$(DEST)/vtof.o \
$(DEST)/v6ionames.o \
$(DEST)/v6optvalue.o
$(DEST)/libipf.a: $(LIBOBJS)
/bin/rm -f $@
ar $(AROPTS) $@ $(LIBOBJS)
$(RANLIB) $@
$(DEST)/addicmp.o: $(LIBSRC)/addicmp.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/addicmp.c -o $@
$(DEST)/addipopt.o: $(LIBSRC)/addipopt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/addipopt.c -o $@
$(DEST)/alist_free.o: $(LIBSRC)/alist_free.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/alist_free.c -o $@
$(DEST)/alist_new.o: $(LIBSRC)/alist_new.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/alist_new.c -o $@
$(DEST)/allocmbt.o: $(LIBSRC)/allocmbt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/allocmbt.c -o $@
$(DEST)/assigndefined.o: $(LIBSRC)/assigndefined.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/assigndefined.c -o $@
$(DEST)/bcopywrap.o: $(LIBSRC)/bcopywrap.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/bcopywrap.c -o $@
$(DEST)/binprint.o: $(LIBSRC)/binprint.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/binprint.c -o $@
$(DEST)/buildopts.o: $(LIBSRC)/buildopts.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/buildopts.c -o $@
$(DEST)/connecttcp.o: $(LIBSRC)/connecttcp.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/connecttcp.c -o $@
$(DEST)/count6bits.o: $(LIBSRC)/count6bits.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/count6bits.c -o $@
$(DEST)/checkrev.o: $(LIBSRC)/checkrev.c $(INCDEP) $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/checkrev.c -o $@
$(DEST)/count4bits.o: $(LIBSRC)/count4bits.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/count4bits.c -o $@
$(DEST)/debug.o: $(LIBSRC)/debug.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/debug.c -o $@
$(DEST)/dupmbt.o: $(LIBSRC)/dupmbt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/dupmbt.c -o $@
$(DEST)/facpri.o: $(LIBSRC)/facpri.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/facpri.c -o $@
$(DEST)/familyname.o: $(LIBSRC)/familyname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/familyname.c -o $@
$(DEST)/fill6bits.o: $(LIBSRC)/fill6bits.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/fill6bits.c -o $@
$(DEST)/findword.o: $(LIBSRC)/findword.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/findword.c -o $@
$(DEST)/flags.o: $(LIBSRC)/flags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/flags.c -o $@
$(DEST)/freembt.o: $(LIBSRC)/freembt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/freembt.c -o $@
$(DEST)/ftov.o: $(LIBSRC)/ftov.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ftov.c -o $@
$(DEST)/genmask.o: $(LIBSRC)/genmask.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/genmask.c -o $@
$(DEST)/gethost.o: $(LIBSRC)/gethost.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/gethost.c -o $@
$(DEST)/geticmptype.o: $(LIBSRC)/geticmptype.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/geticmptype.c -o $@
$(DEST)/getifname.o: $(LIBSRC)/getifname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getifname.c -o $@
$(DEST)/getnattype.o: $(LIBSRC)/getnattype.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/getnattype.c -o $@
$(DEST)/getport.o: $(LIBSRC)/getport.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getport.c -o $@
$(DEST)/getportproto.o: $(LIBSRC)/getportproto.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getportproto.c -o $@
$(DEST)/getproto.o: $(LIBSRC)/getproto.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getproto.c -o $@
$(DEST)/getsumd.o: $(LIBSRC)/getsumd.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getsumd.c -o $@
$(DEST)/hostname.o: $(LIBSRC)/hostname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/hostname.c -o $@
$(DEST)/icmpcode.o: $(LIBSRC)/icmpcode.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/icmpcode.c -o $@
$(DEST)/icmptypename.o: $(LIBSRC)/icmptypename.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/icmptypename.c -o $@
$(DEST)/icmptypes.o: $(LIBSRC)/icmptypes.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/icmptypes.c -o $@
$(DEST)/interror.o: $(LIBSRC)/interror.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/interror.c -o $@
$(DEST)/ipoptsec.o: $(LIBSRC)/ipoptsec.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipoptsec.c -o $@
$(DEST)/initparse.o: $(LIBSRC)/initparse.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/initparse.c -o $@
$(DEST)/ionames.o: $(LIBSRC)/ionames.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ionames.c -o $@
$(DEST)/ipf_dotuning.o: $(LIBSRC)/ipf_dotuning.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipf_dotuning.c -o $@
$(DEST)/ipf_perror.o: $(LIBSRC)/ipf_perror.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipf_perror.c -o $@
$(DEST)/ipft_hx.o: $(LIBSRC)/ipft_hx.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_hx.c -o $@
$(DEST)/ipft_pc.o: $(LIBSRC)/ipft_pc.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_pc.c -o $@
$(DEST)/ipft_tx.o: $(LIBSRC)/ipft_tx.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_tx.c -o $@
$(DEST)/kmem.o: $(LIBSRC)/kmem.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/kmem.c -o $@
$(DEST)/kmemcpywrap.o: $(LIBSRC)/kmemcpywrap.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/kmemcpywrap.c -o $@
$(DEST)/kvatoname.o: $(LIBSRC)/kvatoname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/kvatoname.c -o $@
$(DEST)/load_file.o: $(LIBSRC)/load_file.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/load_file.c -o $@
$(DEST)/load_dstlist.o: $(LIBSRC)/load_dstlist.c $(INCDEP) $(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_dstlist.c -o $@
$(DEST)/load_dstlistnode.o: $(LIBSRC)/load_dstlistnode.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_dstlistnode.c -o $@
$(DEST)/load_hash.o: $(LIBSRC)/load_hash.c $(INCDEP) $(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_hash.c -o $@
$(DEST)/load_hashnode.o: $(LIBSRC)/load_hashnode.c $(INCDEP) $(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_hashnode.c -o $@
$(DEST)/load_http.o: $(LIBSRC)/load_http.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/load_http.c -o $@
$(DEST)/load_pool.o: $(LIBSRC)/load_pool.c $(INCDEP) $(TOP)/ip_pool.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_pool.c -o $@
$(DEST)/load_poolnode.o: $(LIBSRC)/load_poolnode.c $(INCDEP) $(TOP)/ip_pool.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_poolnode.c -o $@
$(DEST)/load_url.o: $(LIBSRC)/load_url.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/load_url.c -o $@
$(DEST)/msgdsize.o: $(LIBSRC)/msgdsize.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/msgdsize.c -o $@
$(DEST)/mutex_emul.o: $(LIBSRC)/mutex_emul.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/mutex_emul.c -o $@
$(DEST)/nametokva.o: $(LIBSRC)/nametokva.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/nametokva.c -o $@
$(DEST)/nat_setgroupmap.o: $(LIBSRC)/nat_setgroupmap.c $(TOP)/ip_compat.h \
$(TOP)/ipf.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/nat_setgroupmap.c -o $@
$(DEST)/ntomask.o: $(LIBSRC)/ntomask.c $(TOP)/ip_compat.h
$(CC) $(CCARGS) -c $(LIBSRC)/ntomask.c -o $@
$(DEST)/optname.o: $(LIBSRC)/optname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/optname.c -o $@
$(DEST)/optprint.o: $(LIBSRC)/optprint.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/optprint.c -o $@
$(DEST)/optprintv6.o: $(LIBSRC)/optprintv6.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/optprintv6.c -o $@
$(DEST)/optvalue.o: $(LIBSRC)/optvalue.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/optvalue.c -o $@
$(DEST)/parsefields.o: $(LIBSRC)/parsefields.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/parsefields.c -o $@
$(DEST)/parseipfexpr.o: $(LIBSRC)/parseipfexpr.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/parseipfexpr.c -o $@
$(DEST)/parsewhoisline.o: $(LIBSRC)/parsewhoisline.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/parsewhoisline.c -o $@
$(DEST)/poolio.o: $(LIBSRC)/poolio.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/poolio.c -o $@
$(DEST)/portname.o: $(LIBSRC)/portname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/portname.c -o $@
$(DEST)/print_toif.o: $(LIBSRC)/print_toif.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/print_toif.c -o $@
$(DEST)/printactiveaddr.o: $(LIBSRC)/printactiveaddr.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printactiveaddr.c -o $@
$(DEST)/printactivenat.o: $(LIBSRC)/printactivenat.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printactivenat.c -o $@
$(DEST)/printaddr.o: $(LIBSRC)/printaddr.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printaddr.c -o $@
$(DEST)/printaps.o: $(LIBSRC)/printaps.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printaps.c -o $@
$(DEST)/printbuf.o: $(LIBSRC)/printbuf.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printbuf.c -o $@
$(DEST)/printdstlist.o: $(LIBSRC)/printdstlist.c $(INCDEP) $(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlist.c -o $@
$(DEST)/printdstlistdata.o: $(LIBSRC)/printdstlistdata.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlistdata.c -o $@
$(DEST)/printdstlistnode.o: $(LIBSRC)/printdstlistnode.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlistnode.c -o $@
$(DEST)/printdstlistpolicy.o: $(LIBSRC)/printdstlistpolicy.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlistpolicy.c -o $@
$(DEST)/printfieldhdr.o: $(LIBSRC)/printfieldhdr.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printfieldhdr.c -o $@
$(DEST)/printfr.o: $(LIBSRC)/printfr.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printfr.c -o $@
$(DEST)/printfraginfo.o: $(LIBSRC)/printfraginfo.c $(TOP)/ip_fil.h \
$(TOP)/ip_frag.h
$(CC) $(CCARGS) -c $(LIBSRC)/printfraginfo.c -o $@
$(DEST)/printhash.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhash.c -o $@
$(DEST)/printhashdata.o: $(LIBSRC)/printhashdata.c $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhashdata.c -o $@
$(DEST)/printhashnode.o: $(LIBSRC)/printhashnode.c $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhashnode.c -o $@
$(DEST)/printhash_live.o: $(LIBSRC)/printhash_live.c $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhash_live.c -o $@
$(DEST)/printdstl_live.o: $(LIBSRC)/printdstl_live.c $(TOP)/ip_fil.h \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstl_live.c -o $@
$(DEST)/printip.o: $(LIBSRC)/printip.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printip.c -o $@
$(DEST)/printipfexpr.o: $(LIBSRC)/printipfexpr.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printipfexpr.c -o $@
$(DEST)/printlookup.o: $(LIBSRC)/printlookup.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printlookup.c -o $@
$(DEST)/printnataddr.o: $(LIBSRC)/printnataddr.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnataddr.c -o $@
$(DEST)/printnatside.o: $(LIBSRC)/printnatside.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnatside.c -o $@
$(DEST)/printpool.o: $(LIBSRC)/printpool.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpool.c -o $@
$(DEST)/printpooldata.o: $(LIBSRC)/printpooldata.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpooldata.c -o $@
$(DEST)/printpoolfield.o: $(LIBSRC)/printpoolfield.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpoolfield.c -o $@
$(DEST)/printpoolnode.o: $(LIBSRC)/printpoolnode.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpoolnode.c -o $@
$(DEST)/printpool_live.o: $(LIBSRC)/printpool_live.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpool_live.c -o $@
$(DEST)/printproto.o: $(LIBSRC)/printproto.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printproto.c -o $@
$(DEST)/printhost.o: $(LIBSRC)/printhost.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhost.c -o $@
$(DEST)/printhostmap.o: $(LIBSRC)/printhostmap.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhostmap.c -o $@
$(DEST)/printifname.o: $(LIBSRC)/printifname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printifname.c -o $@
$(DEST)/printmask.o: $(LIBSRC)/printmask.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printmask.c -o $@
$(DEST)/printnat.o: $(LIBSRC)/printnat.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnat.c -o $@
$(DEST)/printnatfield.o: $(LIBSRC)/printnatfield.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnatfield.c -o $@
$(DEST)/printhostmask.o: $(LIBSRC)/printhostmask.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printhostmask.c -o $@
$(DEST)/printlog.o: $(LIBSRC)/printlog.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printlog.c -o $@
$(DEST)/printpacket.o: $(LIBSRC)/printpacket.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printpacket.c -o $@
$(DEST)/printpacket6.o: $(LIBSRC)/printpacket6.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printpacket6.c -o $@
$(DEST)/printportcmp.o: $(LIBSRC)/printportcmp.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printportcmp.c -o $@
$(DEST)/printsbuf.o: $(LIBSRC)/printsbuf.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printsbuf.c -o $@
$(DEST)/printstate.o: $(LIBSRC)/printstate.c $(INCDEP) $(TOP)/ip_state.h
$(CC) $(CCARGS) -c $(LIBSRC)/printstate.c -o $@
$(DEST)/printstatefields.o: $(LIBSRC)/printstatefields.c $(INCDEP) $(TOP)/ip_state.h
$(CC) $(CCARGS) -c $(LIBSRC)/printstatefields.c -o $@
$(DEST)/printtcpflags.o: $(LIBSRC)/printtcpflags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printtcpflags.c -o $@
$(DEST)/printtqtable.o: $(LIBSRC)/printtqtable.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printtqtable.c -o $@
$(DEST)/printtunable.o: $(LIBSRC)/printtunable.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printtunable.c -o $@
$(DEST)/printunit.o: $(LIBSRC)/printunit.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printunit.c -o $@
$(DEST)/remove_hash.o: $(LIBSRC)/remove_hash.c $(INCDEP) \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/remove_hash.c -o $@
$(DEST)/remove_hashnode.o: $(LIBSRC)/remove_hashnode.c $(INCDEP) \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/remove_hashnode.c -o $@
$(DEST)/remove_pool.o: $(LIBSRC)/remove_pool.c $(INCDEP) \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/remove_pool.c -o $@
$(DEST)/remove_poolnode.o: $(LIBSRC)/remove_poolnode.c $(INCDEP) \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/remove_poolnode.c -o $@
$(DEST)/resetlexer.o: $(LIBSRC)/resetlexer.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/resetlexer.c -o $@
$(DEST)/rwlock_emul.o: $(LIBSRC)/rwlock_emul.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/rwlock_emul.c -o $@
$(DEST)/tcpflags.o: $(LIBSRC)/tcpflags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/tcpflags.c -o $@
$(DEST)/tcp_flags.o: $(LIBSRC)/tcp_flags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/tcp_flags.c -o $@
$(DEST)/var.o: $(LIBSRC)/var.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/var.c -o $@
$(DEST)/verbose.o: $(LIBSRC)/verbose.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/verbose.c -o $@
$(DEST)/save_execute.o: $(LIBSRC)/save_execute.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_execute.c -o $@
$(DEST)/save_file.o: $(LIBSRC)/save_file.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_file.c -o $@
$(DEST)/save_nothing.o: $(LIBSRC)/save_nothing.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_nothing.c -o $@
$(DEST)/save_syslog.o: $(LIBSRC)/save_syslog.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_syslog.c -o $@
$(DEST)/vtof.o: $(LIBSRC)/vtof.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/vtof.c -o $@
$(DEST)/save_v1trap.o: $(LIBSRC)/save_v1trap.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_v1trap.c -o $@
$(DEST)/save_v2trap.o: $(LIBSRC)/save_v2trap.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_v2trap.c -o $@
$(DEST)/v6ionames.o: $(LIBSRC)/v6ionames.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/v6ionames.c -o $@
$(DEST)/v6optvalue.o: $(LIBSRC)/v6optvalue.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/v6optvalue.c -o $@
clean-lib:
/bin/rm -f ${LIBOBJS} ${LIB}

21
contrib/ipfilter/lib/addicmp.c
View File

@ -1,21 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include <ctype.h>
#include "ipf.h"
char *icmptypes[MAX_ICMPTYPE + 1] = {
"echorep", (char *)NULL, (char *)NULL, "unreach", "squench",
"redir", (char *)NULL, (char *)NULL, "echo", "routerad",
"routersol", "timex", "paramprob", "timest", "timestrep",
"inforeq", "inforep", "maskreq", "maskrep", "END"
};

65
contrib/ipfilter/lib/addipopt.c
View File

@ -1,65 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
int addipopt(op, io, len, class)
char *op;
struct ipopt_names *io;
int len;
char *class;
{
int olen = len;
struct in_addr ipadr;
u_short val;
u_char lvl;
char *s;
if ((len + io->on_siz) > 48) {
fprintf(stderr, "options too long\n");
return 0;
}
len += io->on_siz;
*op++ = io->on_value;
if (io->on_siz > 1) {
s = op;
*op++ = io->on_siz;
*op++ = IPOPT_MINOFF;
if (class) {
switch (io->on_value)
{
case IPOPT_SECURITY :
lvl = seclevel(class);
*(op - 1) = lvl;
break;
case IPOPT_RR :
case IPOPT_TS :
s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4;
break;
case IPOPT_LSRR :
case IPOPT_SSRR :
ipadr.s_addr = inet_addr(class);
s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4;
bcopy((char *)&ipadr, op, sizeof(ipadr));
break;
case IPOPT_SATID :
val = atoi(class);
bcopy((char *)&val, op, 2);
break;
}
}
}
if (opts & OPT_DEBUG)
fprintf(stderr, "bo: %s %d %#x: %d\n",
io->on_name, io->on_value, io->on_bit, len);
return len - olen;
}

20
contrib/ipfilter/lib/alist_free.c
View File

@ -1,20 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: alist_free.c,v 1.3.2.2 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
void
alist_free(hosts)
alist_t *hosts;
{
alist_t *a, *next;
for (a = hosts; a != NULL; a = next) {
next = a->al_next;
free(a);
}
}

93
contrib/ipfilter/lib/alist_new.c
View File

@ -1,93 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: alist_new.c,v 1.5.2.2 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
#include <ctype.h>
alist_t *
alist_new(int family, char *host)
{
int a, b, c, d, bits;
char *slash;
alist_t *al;
u_int mask;
if (family == AF_UNSPEC) {
if (strchr(host, ':') != NULL)
family = AF_INET6;
else
family = AF_INET;
}
if (family != AF_INET && family != AF_INET6)
return NULL;
al = calloc(1, sizeof(*al));
if (al == NULL) {
fprintf(stderr, "alist_new out of memory\n");
return NULL;
}
while (ISSPACE(*host))
host++;
if (*host == '!') {
al->al_not = 1;
host++;
while (ISSPACE(*host))
host++;
}
bits = -1;
slash = strchr(host, '/');
if (slash != NULL) {
*slash = '\0';
bits = atoi(slash + 1);
}
if (family == AF_INET) {
if (bits > 32)
goto bad;
a = b = c = d = -1;
sscanf(host, "%d.%d.%d.%d", &a, &b, &c, &d);
if (bits > 0 && bits < 33) {
mask = 0xffffffff << (32 - bits);
} else if (b == -1) {
mask = 0xff000000;
b = c = d = 0;
} else if (c == -1) {
mask = 0xffff0000;
c = d = 0;
} else if (d == -1) {
mask = 0xffffff00;
d = 0;
} else {
mask = 0xffffffff;
}
al->al_mask = htonl(mask);
} else {
if (bits > 128)
goto bad;
fill6bits(bits, al->al_i6mask.i6);
}
if (gethost(family, host, &al->al_i6addr) == -1) {
if (slash != NULL)
*slash = '/';
fprintf(stderr, "Cannot parse hostname\n");
goto bad;
}
al->al_family = family;
if (slash != NULL)
*slash = '/';
return al;
bad:
free(al);
return NULL;
}

22
contrib/ipfilter/lib/allocmbt.c
View File

@ -1,22 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: allocmbt.c,v 1.1.4.1 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
mb_t *allocmbt(size_t len)
{
mb_t *m;
m = (mb_t *)malloc(sizeof(mb_t));
if (m == NULL)
return NULL;
m->mb_len = len;
m->mb_next = NULL;
m->mb_data = (char *)m->mb_buf;
return m;
}

27
contrib/ipfilter/lib/assigndefined.c
View File

@ -1,27 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: assigndefined.c,v 1.4.2.2 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
void assigndefined(env)
char *env;
{
char *s, *t;
if (env == NULL)
return;
for (s = strtok(env, ";"); s != NULL; s = strtok(NULL, ";")) {
t = strchr(s, '=');
if (t == NULL)
continue;
*t++ = '\0';
set_variable(s, t);
*--t = '=';
}
}

20
contrib/ipfilter/lib/bcopywrap.c
View File

@ -1,20 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
int bcopywrap(from, to, size)
void *from, *to;
size_t size;
{
bcopy((caddr_t)from, (caddr_t)to, size);
return 0;
}

31
contrib/ipfilter/lib/binprint.c
View File

@ -1,31 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
void binprint(ptr, size)
void *ptr;
size_t size;
{
u_char *s;
int i, j;
for (i = size, j = 0, s = (u_char *)ptr; i; i--, s++) {
j++;
printf("%02x ", *s);
if (j == 16) {
printf("\n");
j = 0;
}
}
putchar('\n');
(void)fflush(stdout);
}

50
contrib/ipfilter/lib/buildopts.c
View File

@ -1,50 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
u_32_t buildopts(cp, op, len)
char *cp, *op;
int len;
{
struct ipopt_names *io;
u_32_t msk = 0;
char *s, *t;
int inc;
for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) {
if ((t = strchr(s, '=')))
*t++ = '\0';
else
t = "";
for (io = ionames; io->on_name; io++) {
if (strcasecmp(s, io->on_name) || (msk & io->on_bit))
continue;
if ((inc = addipopt(op, io, len, t))) {
op += inc;
len += inc;
}
msk |= io->on_bit;
break;
}
if (!io->on_name) {
fprintf(stderr, "unknown IP option name %s\n", s);
return 0;
}
}
while ((len & 3) != 3) {
*op++ = IPOPT_NOP;
len++;
}
*op++ = IPOPT_EOL;
len++;
return len;
}

46
contrib/ipfilter/lib/checkrev.c
View File

@ -1,46 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include <sys/ioctl.h>
#include <fcntl.h>
#include "ipf.h"
#include "netinet/ipl.h"
int checkrev(ipfname)
char *ipfname;
{
static int vfd = -1;
struct friostat fio;
ipfobj_t obj;
bzero((caddr_t)&obj, sizeof(obj));
obj.ipfo_rev = IPFILTER_VERSION;
obj.ipfo_size = sizeof(fio);
obj.ipfo_ptr = (void *)&fio;
obj.ipfo_type = IPFOBJ_IPFSTAT;
if ((vfd == -1) && ((vfd = open(ipfname, O_RDONLY)) == -1)) {
perror("open device");
return -1;
}
if (ioctl(vfd, SIOCGETFS, &obj)) {
ipferror(vfd, "ioctl(SIOCGETFS)");
close(vfd);
vfd = -1;
return -1;
}
if (strncmp(IPL_VERSION, fio.f_version, sizeof(fio.f_version))) {
return -1;
}
return 0;
}

48
contrib/ipfilter/lib/connecttcp.c
View File

@ -1,48 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: connecttcp.c,v 1.3.2.2 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
#include <ctype.h>
/*
* Format expected is one addres per line, at the start of each line.
*/
int
connecttcp(char *server, int port)
{
struct sockaddr_in sin;
struct hostent *host;
int fd;
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_port = htons(port & 65535);
if (ISDIGIT(*server)) {
if (inet_aton(server, &sin.sin_addr) == -1) {
return -1;
}
} else {
host = gethostbyname(server);
if (host == NULL)
return -1;
memcpy(&sin.sin_addr, host->h_addr_list[0],
sizeof(sin.sin_addr));
}
fd = socket(AF_INET, SOCK_STREAM, 0);
if (fd == -1)
return -1;
if (connect(fd, (struct sockaddr *)&sin, sizeof(sin)) == -1) {
close(fd);
return -1;
}
return fd;
}

40
contrib/ipfilter/lib/count4bits.c
View File

@ -1,40 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
/*
* count consecutive 1's in bit mask. If the mask generated by counting
* consecutive 1's is different to that passed, return -1, else return #
* of bits.
*/
int count4bits(ip)
u_int ip;
{
int cnt = 0, i, j;
u_int ipn;
ip = ipn = ntohl(ip);
for (i = 32; i; i--, ipn *= 2)
if (ipn & 0x80000000)
cnt++;
else
break;
ipn = 0;
for (i = 32, j = cnt; i; i--, j--) {
ipn *= 2;
if (j > 0)
ipn++;
}
if (ipn == ip)
return cnt;
return -1;
}

29
contrib/ipfilter/lib/count6bits.c
View File

@ -1,29 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
int count6bits(msk)
u_32_t *msk;
{
int i = 0, k;
u_32_t j;
for (k = 3; k >= 0; k--)
if (msk[k] == 0xffffffff)
i += 32;
else {
for (j = msk[k]; j; j <<= 1)
if (j & 0x80000000)
i++;
}
return i;
}

58
contrib/ipfilter/lib/debug.c
View File

@ -1,58 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#if defined(__STDC__)
# include <stdarg.h>
#else
# include <varargs.h>
#endif
#include <stdio.h>
#include "ipf.h"
#include "opts.h"
int debuglevel = 0;
#ifdef __STDC__
void debug(int level, char *fmt, ...)
#else
void debug(level, fmt, va_alist)
int level;
char *fmt;
va_dcl
#endif
{
va_list pvar;
va_start(pvar, fmt);
if ((debuglevel > 0) && (level <= debuglevel))
vfprintf(stderr, fmt, pvar);
va_end(pvar);
}
#ifdef __STDC__
void ipfkdebug(char *fmt, ...)
#else
void ipfkdebug(fmt, va_alist)
char *fmt;
va_dcl
#endif
{
va_list pvar;
va_start(pvar, fmt);
if (opts & OPT_DEBUG)
debug(0x1fffffff, fmt, pvar);
va_end(pvar);
}

24
contrib/ipfilter/lib/dupmbt.c
View File

@ -1,24 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: dupmbt.c,v 1.3.2.2 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
mb_t *dupmbt(orig)
mb_t *orig;
{
mb_t *m;
m = (mb_t *)malloc(sizeof(mb_t));
if (m == NULL)
return NULL;
m->mb_len = orig->mb_len;
m->mb_next = NULL;
m->mb_data = (char *)m->mb_buf + (orig->mb_data - (char *)orig->mb_buf);
bcopy(orig->mb_data, m->mb_data, m->mb_len);
return m;
}

153
contrib/ipfilter/lib/facpri.c
View File

@ -1,153 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include <stdio.h>
#include <string.h>
#include <limits.h>
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
#include <strings.h>
#endif
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <syslog.h>
#include "facpri.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id$";
#endif
typedef struct table {
char *name;
int value;
} table_t;
table_t facs[] = {
{ "kern", LOG_KERN }, { "user", LOG_USER },
{ "mail", LOG_MAIL }, { "daemon", LOG_DAEMON },
{ "auth", LOG_AUTH }, { "syslog", LOG_SYSLOG },
{ "lpr", LOG_LPR }, { "news", LOG_NEWS },
{ "uucp", LOG_UUCP },
#if LOG_CRON == LOG_CRON2
{ "cron2", LOG_CRON1 },
#else
{ "cron", LOG_CRON1 },
#endif
#ifdef LOG_FTP
{ "ftp", LOG_FTP },
#endif
#ifdef LOG_AUTHPRIV
{ "authpriv", LOG_AUTHPRIV },
#endif
#ifdef LOG_AUDIT
{ "audit", LOG_AUDIT },
#endif
#ifdef LOG_LFMT
{ "logalert", LOG_LFMT },
#endif
#if LOG_CRON == LOG_CRON1
{ "cron", LOG_CRON2 },
#else
{ "cron2", LOG_CRON2 },
#endif
#ifdef LOG_SECURITY
{ "security", LOG_SECURITY },
#endif
{ "local0", LOG_LOCAL0 }, { "local1", LOG_LOCAL1 },
{ "local2", LOG_LOCAL2 }, { "local3", LOG_LOCAL3 },
{ "local4", LOG_LOCAL4 }, { "local5", LOG_LOCAL5 },
{ "local6", LOG_LOCAL6 }, { "local7", LOG_LOCAL7 },
{ NULL, 0 }
};
/*
* map a facility number to its name
*/
char *
fac_toname(facpri)
int facpri;
{
int i, j, fac;
fac = facpri & LOG_FACMASK;
j = fac >> 3;
if (j < (sizeof(facs)/sizeof(facs[0]))) {
if (facs[j].value == fac)
return facs[j].name;
}
for (i = 0; facs[i].name; i++)
if (fac == facs[i].value)
return facs[i].name;
return NULL;
}
/*
* map a facility name to its number
*/
int
fac_findname(name)
char *name;
{
int i;
for (i = 0; facs[i].name; i++)
if (!strcmp(facs[i].name, name))
return facs[i].value;
return -1;
}
table_t pris[] = {
{ "emerg", LOG_EMERG }, { "alert", LOG_ALERT },
{ "crit", LOG_CRIT }, { "err", LOG_ERR },
{ "warn", LOG_WARNING }, { "notice", LOG_NOTICE },
{ "info", LOG_INFO }, { "debug", LOG_DEBUG },
{ NULL, 0 }
};
/*
* map a facility name to its number
*/
int
pri_findname(name)
char *name;
{
int i;
for (i = 0; pris[i].name; i++)
if (!strcmp(pris[i].name, name))
return pris[i].value;
return -1;
}
/*
* map a priority number to its name
*/
char *
pri_toname(facpri)
int facpri;
{
int i, pri;
pri = facpri & LOG_PRIMASK;
if (pris[pri].value == pri)
return pris[pri].name;
for (i = 0; pris[i].name; i++)
if (pri == pris[i].value)
return pris[i].name;
return NULL;
}

43
contrib/ipfilter/lib/facpri.h
View File

@ -1,43 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#ifndef __FACPRI_H__
#define __FACPRI_H__
#ifndef __P
# define P_DEF
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
extern char *fac_toname __P((int));
extern int fac_findname __P((char *));
extern char *pri_toname __P((int));
extern int pri_findname __P((char *));
#ifdef P_DEF
# undef __P
# undef P_DEF
#endif
#if LOG_CRON == (9<<3)
# define LOG_CRON1 LOG_CRON
# define LOG_CRON2 (15<<3)
#endif
#if LOG_CRON == (15<<3)
# define LOG_CRON1 (9<<3)
# define LOG_CRON2 LOG_CRON
#endif
#endif /* __FACPRI_H__ */

12
contrib/ipfilter/lib/familyname.c
View File

@ -1,12 +0,0 @@
#include "ipf.h"
const char *familyname(int family)
{
if (family == AF_INET)
return "inet";
#ifdef AF_INET6
if (family == AF_INET6)
return "inet6";
#endif
return "unknown";
}

48
contrib/ipfilter/lib/fill6bits.c
View File

@ -1,48 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
void fill6bits(bits, msk)
int bits;
u_int *msk;
{
if (bits == 0) {
msk[0] = 0;
msk[1] = 0;
msk[2] = 0;
msk[3] = 0;
return;
}
msk[0] = 0xffffffff;
msk[1] = 0xffffffff;
msk[2] = 0xffffffff;
msk[3] = 0xffffffff;
if (bits == 128)
return;
if (bits > 96) {
msk[3] = htonl(msk[3] << (128 - bits));
} else if (bits > 64) {
msk[3] = 0;
msk[2] = htonl(msk[2] << (96 - bits));
} else if (bits > 32) {
msk[3] = 0;
msk[2] = 0;
msk[1] = htonl(msk[1] << (64 - bits));
} else {
msk[3] = 0;
msk[2] = 0;
msk[1] = 0;
msk[0] = htonl(msk[0] << (32 - bits));
}
}

25
contrib/ipfilter/lib/findword.c
View File

@ -1,25 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: findword.c,v 1.3.4.1 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
wordtab_t *findword(words, name)
wordtab_t *words;
char *name;
{
wordtab_t *w;
for (w = words; w->w_word != NULL; w++)
if (!strcmp(name, w->w_word))
break;
if (w->w_word == NULL)
return NULL;
return w;
}

25
contrib/ipfilter/lib/flags.c
View File

@ -1,25 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
/*
* ECN is a new addition to TCP - RFC 2481
*/
#ifndef TH_ECN
# define TH_ECN 0x40
#endif
#ifndef TH_CWR
# define TH_CWR 0x80
#endif
char flagset[] = "FSRPAUEC";
u_char flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, TH_ACK, TH_URG,
TH_ECN, TH_CWR };

16
contrib/ipfilter/lib/freembt.c
View File

@ -1,16 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: freembt.c,v 1.3.2.2 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
void freembt(m)
mb_t *m;
{
free(m);
}

16
contrib/ipfilter/lib/ftov.c
View File

@ -1,16 +0,0 @@
#include "ipf.h"
int
ftov(version)
int version;
{
#ifdef USE_INET6
if (version == AF_INET6)
return 6;
#endif
if (version == AF_INET)
return 4;
if (version == AF_UNSPEC)
return 0;
return -1;
}

76
contrib/ipfilter/lib/gethost.c
View File

@ -1,76 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
int gethost(family, name, hostp)
int family;
char *name;
i6addr_t *hostp;
{
struct hostent *h;
struct netent *n;
u_32_t addr;
bzero(hostp, sizeof(*hostp));
if (!strcmp(name, "test.host.dots")) {
if (family == AF_INET) {
hostp->in4.s_addr = htonl(0xfedcba98);
}
#ifdef USE_INET6
if (family == AF_INET6) {
hostp->i6[0] = htonl(0xfe80aa55);
hostp->i6[1] = htonl(0x12345678);
hostp->i6[2] = htonl(0x5a5aa5a5);
hostp->i6[3] = htonl(0xfedcba98);
}
#endif
return 0;
}
if (!strcmp(name, "<thishost>"))
name = thishost;
if (family == AF_INET) {
h = gethostbyname(name);
if (h != NULL) {
if ((h->h_addr != NULL) &&
(h->h_length == sizeof(addr))) {
bcopy(h->h_addr, (char *)&addr, sizeof(addr));
hostp->in4.s_addr = addr;
return 0;
}
}
n = getnetbyname(name);
if (n != NULL) {
hostp->in4.s_addr = htonl(n->n_net & 0xffffffff);
return 0;
}
}
#ifdef USE_INET6
if (family == AF_INET6) {
struct addrinfo hints, *res;
struct sockaddr_in6 *sin6;
bzero((char *)&hints, sizeof(hints));
hints.ai_family = PF_INET6;
getaddrinfo(name, NULL, &hints, &res);
if (res != NULL) {
sin6 = (struct sockaddr_in6 *)res->ai_addr;
hostp->in6 = sin6->sin6_addr;
freeaddrinfo(res);
return 0;
}
}
#endif
return -1;
}

Some files were not shown because too many files have changed in this diff Show More