From 115d008392113efc6f844baa7cc407e9eaae63db Mon Sep 17 00:00:00 2001 From: ngie Date: Mon, 5 Oct 2015 03:25:30 +0000 Subject: [PATCH] Remove some paths preparing for a re-copy from head --- contrib/ipfilter/BNF | 81 - contrib/ipfilter/BugReport | 12 - contrib/ipfilter/HISTORY | 1830 -------- contrib/ipfilter/LICENCE | 16 - contrib/ipfilter/Makefile | 410 -- contrib/ipfilter/NAT.FreeBSD | 104 - contrib/ipfilter/README | 101 - contrib/ipfilter/STYLE.TXT | 57 - contrib/ipfilter/WhatsNew50.txt | 83 - contrib/ipfilter/Y2K | 3 - contrib/ipfilter/arc4random.c | 277 -- contrib/ipfilter/bpf-ipf.h | 452 -- contrib/ipfilter/bpf_filter.c | 595 --- contrib/ipfilter/genmask.c | 68 - contrib/ipfilter/ip_dstlist.c | 1351 ------ contrib/ipfilter/ip_dstlist.h | 68 - contrib/ipfilter/ip_fil.c | 884 ---- contrib/ipfilter/ip_fil_compat.c | 4854 --------------------- contrib/ipfilter/ip_msnrpc_pxy.c | 328 -- contrib/ipfilter/ipf.h | 403 -- contrib/ipfilter/ipf_rb.h | 364 -- contrib/ipfilter/iplang/BNF | 69 - contrib/ipfilter/iplang/Makefile | 31 - contrib/ipfilter/iplang/iplang.h | 54 - contrib/ipfilter/iplang/iplang.tst | 11 - contrib/ipfilter/iplang/iplang_l.l | 322 -- contrib/ipfilter/iplang/iplang_y.y | 1858 -------- contrib/ipfilter/ipmon.h | 142 - contrib/ipfilter/ipsd/Celler/ip_compat.h | 203 - contrib/ipfilter/ipsd/Makefile | 61 - contrib/ipfilter/ipsd/README | 32 - contrib/ipfilter/ipsd/ipsd.c | 296 -- contrib/ipfilter/ipsd/ipsd.h | 28 - contrib/ipfilter/ipsd/ipsdr.c | 314 -- contrib/ipfilter/ipsd/linux.h | 17 - contrib/ipfilter/ipsd/sbpf.c | 210 - contrib/ipfilter/ipsd/sdlpi.c | 261 -- contrib/ipfilter/ipsd/slinux.c | 118 - contrib/ipfilter/ipsd/snit.c | 228 - contrib/ipfilter/ipsend/.OLD/ip_compat.h | 244 -- contrib/ipfilter/ipsend/44arp.c | 120 - contrib/ipfilter/ipsend/Crashable | 21 - contrib/ipfilter/ipsend/Makefile | 183 - contrib/ipfilter/ipsend/arp.c | 141 - contrib/ipfilter/ipsend/dlcommon.c | 1383 ------ contrib/ipfilter/ipsend/dltest.h | 34 - contrib/ipfilter/ipsend/ip.c | 364 -- contrib/ipfilter/ipsend/ipresend.1 | 108 - contrib/ipfilter/ipsend/ipresend.c | 151 - contrib/ipfilter/ipsend/ipsend.1 | 111 - contrib/ipfilter/ipsend/ipsend.5 | 402 -- contrib/ipfilter/ipsend/ipsend.c | 440 -- contrib/ipfilter/ipsend/ipsend.h | 73 - contrib/ipfilter/ipsend/ipsopt.c | 200 - contrib/ipfilter/ipsend/iptest.1 | 103 - contrib/ipfilter/ipsend/iptest.c | 218 - contrib/ipfilter/ipsend/iptests.c | 1426 ------ contrib/ipfilter/ipsend/larp.c | 93 - contrib/ipfilter/ipsend/linux.h | 19 - contrib/ipfilter/ipsend/lsock.c | 259 -- contrib/ipfilter/ipsend/resend.c | 143 - contrib/ipfilter/ipsend/sbpf.c | 153 - contrib/ipfilter/ipsend/sdlpi.c | 173 - contrib/ipfilter/ipsend/sirix.c | 93 - contrib/ipfilter/ipsend/slinux.c | 92 - contrib/ipfilter/ipsend/snit.c | 160 - contrib/ipfilter/ipsend/sock.c | 457 -- contrib/ipfilter/ipsend/sockraw.c | 89 - contrib/ipfilter/ipt.h | 40 - contrib/ipfilter/kmem.h | 34 - contrib/ipfilter/l4check/Makefile | 10 - contrib/ipfilter/l4check/http.check | 2 - contrib/ipfilter/l4check/http.ok | 1 - contrib/ipfilter/l4check/l4check.c | 807 ---- contrib/ipfilter/l4check/l4check.conf | 31 - contrib/ipfilter/lib/Makefile | 443 -- contrib/ipfilter/lib/addicmp.c | 21 - contrib/ipfilter/lib/addipopt.c | 65 - contrib/ipfilter/lib/alist_free.c | 20 - contrib/ipfilter/lib/alist_new.c | 93 - contrib/ipfilter/lib/allocmbt.c | 22 - contrib/ipfilter/lib/assigndefined.c | 27 - contrib/ipfilter/lib/bcopywrap.c | 20 - contrib/ipfilter/lib/binprint.c | 31 - contrib/ipfilter/lib/buildopts.c | 50 - contrib/ipfilter/lib/checkrev.c | 46 - contrib/ipfilter/lib/connecttcp.c | 48 - contrib/ipfilter/lib/count4bits.c | 40 - contrib/ipfilter/lib/count6bits.c | 29 - contrib/ipfilter/lib/debug.c | 58 - contrib/ipfilter/lib/dupmbt.c | 24 - contrib/ipfilter/lib/facpri.c | 153 - contrib/ipfilter/lib/facpri.h | 43 - contrib/ipfilter/lib/familyname.c | 12 - contrib/ipfilter/lib/fill6bits.c | 48 - contrib/ipfilter/lib/findword.c | 25 - contrib/ipfilter/lib/flags.c | 25 - contrib/ipfilter/lib/freembt.c | 16 - contrib/ipfilter/lib/ftov.c | 16 - contrib/ipfilter/lib/gethost.c | 76 - contrib/ipfilter/lib/geticmptype.c | 29 - contrib/ipfilter/lib/getifname.c | 95 - contrib/ipfilter/lib/getnattype.c | 70 - contrib/ipfilter/lib/getport.c | 90 - contrib/ipfilter/lib/getportproto.c | 40 - contrib/ipfilter/lib/getproto.c | 41 - contrib/ipfilter/lib/getsumd.c | 23 - contrib/ipfilter/lib/hostname.c | 60 - contrib/ipfilter/lib/icmpcode.c | 24 - contrib/ipfilter/lib/icmptypename.c | 28 - contrib/ipfilter/lib/icmptypes.c | 107 - contrib/ipfilter/lib/inet_addr.c | 210 - contrib/ipfilter/lib/initparse.c | 20 - contrib/ipfilter/lib/interror.c | 582 --- contrib/ipfilter/lib/ionames.c | 41 - contrib/ipfilter/lib/ipf_dotuning.c | 74 - contrib/ipfilter/lib/ipf_perror.c | 47 - contrib/ipfilter/lib/ipft_hx.c | 185 - contrib/ipfilter/lib/ipft_pc.c | 254 -- contrib/ipfilter/lib/ipft_tx.c | 510 --- contrib/ipfilter/lib/ipoptsec.c | 61 - contrib/ipfilter/lib/kmem.c | 201 - contrib/ipfilter/lib/kmem.h | 34 - contrib/ipfilter/lib/kmemcpywrap.c | 23 - contrib/ipfilter/lib/kvatoname.c | 39 - contrib/ipfilter/lib/load_dstlist.c | 69 - contrib/ipfilter/lib/load_dstlistnode.c | 70 - contrib/ipfilter/lib/load_file.c | 96 - contrib/ipfilter/lib/load_hash.c | 103 - contrib/ipfilter/lib/load_hashnode.c | 67 - contrib/ipfilter/lib/load_http.c | 208 - contrib/ipfilter/lib/load_pool.c | 72 - contrib/ipfilter/lib/load_poolnode.c | 70 - contrib/ipfilter/lib/load_url.c | 31 - contrib/ipfilter/lib/mb_hexdump.c | 32 - contrib/ipfilter/lib/msgdsize.c | 20 - contrib/ipfilter/lib/mutex_emul.c | 133 - contrib/ipfilter/lib/nametokva.c | 38 - contrib/ipfilter/lib/nat_setgroupmap.c | 34 - contrib/ipfilter/lib/ntomask.c | 47 - contrib/ipfilter/lib/optname.c | 65 - contrib/ipfilter/lib/optprint.c | 83 - contrib/ipfilter/lib/optprintv6.c | 47 - contrib/ipfilter/lib/optvalue.c | 34 - contrib/ipfilter/lib/parsefields.c | 48 - contrib/ipfilter/lib/parseipfexpr.c | 283 -- contrib/ipfilter/lib/parsewhoisline.c | 132 - contrib/ipfilter/lib/poolio.c | 53 - contrib/ipfilter/lib/portname.c | 43 - contrib/ipfilter/lib/prependmbt.c | 18 - contrib/ipfilter/lib/print_toif.c | 50 - contrib/ipfilter/lib/printactiveaddr.c | 37 - contrib/ipfilter/lib/printactivenat.c | 149 - contrib/ipfilter/lib/printaddr.c | 75 - contrib/ipfilter/lib/printaps.c | 113 - contrib/ipfilter/lib/printbuf.c | 34 - contrib/ipfilter/lib/printdstl_live.c | 84 - contrib/ipfilter/lib/printdstlist.c | 60 - contrib/ipfilter/lib/printdstlistdata.c | 47 - contrib/ipfilter/lib/printdstlistnode.c | 78 - contrib/ipfilter/lib/printdstlistpolicy.c | 31 - contrib/ipfilter/lib/printfieldhdr.c | 55 - contrib/ipfilter/lib/printfr.c | 473 -- contrib/ipfilter/lib/printfraginfo.c | 42 - contrib/ipfilter/lib/printhash.c | 58 - contrib/ipfilter/lib/printhash_live.c | 70 - contrib/ipfilter/lib/printhashdata.c | 94 - contrib/ipfilter/lib/printhashnode.c | 69 - contrib/ipfilter/lib/printhost.c | 35 - contrib/ipfilter/lib/printhostmap.c | 31 - contrib/ipfilter/lib/printhostmask.c | 39 - contrib/ipfilter/lib/printifname.c | 22 - contrib/ipfilter/lib/printip.c | 43 - contrib/ipfilter/lib/printipfexpr.c | 199 - contrib/ipfilter/lib/printiphdr.c | 20 - contrib/ipfilter/lib/printlog.c | 39 - contrib/ipfilter/lib/printlookup.c | 42 - contrib/ipfilter/lib/printmask.c | 30 - contrib/ipfilter/lib/printnat.c | 353 -- contrib/ipfilter/lib/printnataddr.c | 48 - contrib/ipfilter/lib/printnatfield.c | 220 - contrib/ipfilter/lib/printnatside.c | 55 - contrib/ipfilter/lib/printpacket.c | 110 - contrib/ipfilter/lib/printpacket6.c | 60 - contrib/ipfilter/lib/printpool.c | 65 - contrib/ipfilter/lib/printpool_live.c | 71 - contrib/ipfilter/lib/printpooldata.c | 50 - contrib/ipfilter/lib/printpoolfield.c | 168 - contrib/ipfilter/lib/printpoolnode.c | 51 - contrib/ipfilter/lib/printportcmp.c | 30 - contrib/ipfilter/lib/printproto.c | 55 - contrib/ipfilter/lib/printsbuf.c | 42 - contrib/ipfilter/lib/printstate.c | 224 - contrib/ipfilter/lib/printstatefields.c | 358 -- contrib/ipfilter/lib/printtcpflags.c | 30 - contrib/ipfilter/lib/printtqtable.c | 26 - contrib/ipfilter/lib/printtunable.c | 30 - contrib/ipfilter/lib/printunit.c | 47 - contrib/ipfilter/lib/remove_hash.c | 50 - contrib/ipfilter/lib/remove_hashnode.c | 56 - contrib/ipfilter/lib/remove_pool.c | 47 - contrib/ipfilter/lib/remove_poolnode.c | 54 - contrib/ipfilter/lib/resetlexer.c | 25 - contrib/ipfilter/lib/rwlock_emul.c | 145 - contrib/ipfilter/lib/save_execute.c | 80 - contrib/ipfilter/lib/save_file.c | 130 - contrib/ipfilter/lib/save_nothing.c | 62 - contrib/ipfilter/lib/save_syslog.c | 137 - contrib/ipfilter/lib/save_v1trap.c | 463 -- contrib/ipfilter/lib/save_v2trap.c | 459 -- contrib/ipfilter/lib/tcp_flags.c | 50 - contrib/ipfilter/lib/tcpflags.c | 45 - contrib/ipfilter/lib/tcpoptnames.c | 22 - contrib/ipfilter/lib/v6ionames.c | 28 - contrib/ipfilter/lib/v6optvalue.c | 39 - contrib/ipfilter/lib/var.c | 179 - contrib/ipfilter/lib/verbose.c | 55 - contrib/ipfilter/lib/vtof.c | 16 - contrib/ipfilter/man/Makefile | 31 - contrib/ipfilter/man/ipf.4 | 254 -- contrib/ipfilter/man/ipf.5 | 1698 ------- contrib/ipfilter/man/ipf.8 | 172 - contrib/ipfilter/man/ipfilter.4 | 241 - contrib/ipfilter/man/ipfilter.4.mandoc | 267 -- contrib/ipfilter/man/ipfilter.5 | 11 - contrib/ipfilter/man/ipfs.8 | 127 - contrib/ipfilter/man/ipfstat.8 | 194 - contrib/ipfilter/man/ipftest.1 | 205 - contrib/ipfilter/man/ipl.4 | 81 - contrib/ipfilter/man/ipmon.5 | 226 - contrib/ipfilter/man/ipmon.8 | 186 - contrib/ipfilter/man/ipnat.1 | 48 - contrib/ipfilter/man/ipnat.4 | 97 - contrib/ipfilter/man/ipnat.5 | 728 --- contrib/ipfilter/man/ipnat.8 | 76 - contrib/ipfilter/man/ippool.5 | 320 -- contrib/ipfilter/man/ippool.8 | 133 - contrib/ipfilter/man/ipscan.5 | 52 - contrib/ipfilter/man/ipscan.8 | 44 - contrib/ipfilter/man/mkfilters.1 | 16 - contrib/ipfilter/md5.c | 319 -- contrib/ipfilter/md5.h | 72 - contrib/ipfilter/mkfilters | 116 - contrib/ipfilter/ml_ipl.c | 164 - contrib/ipfilter/mlf_ipl.c | 596 --- contrib/ipfilter/mlf_rule.c | 168 - contrib/ipfilter/mlfk_ipl.c | 529 --- contrib/ipfilter/mlfk_rule.c | 70 - contrib/ipfilter/mlh_rule.c | 114 - contrib/ipfilter/mli_ipl.c | 683 --- contrib/ipfilter/mln_ipl.c | 355 -- contrib/ipfilter/mln_rule.c | 83 - contrib/ipfilter/mlo_ipl.c | 364 -- contrib/ipfilter/mlo_rule.c | 80 - contrib/ipfilter/mls_ipl.c | 351 -- contrib/ipfilter/mls_rule.c | 116 - contrib/ipfilter/mlso_rule.c | 130 - contrib/ipfilter/opt_inet6.h | 1 - contrib/ipfilter/opts.h | 69 - contrib/ipfilter/pcap-bpf.h | 687 --- contrib/ipfilter/pcap-ipf.h | 35 - contrib/ipfilter/radix_ipf.c | 1528 ------- contrib/ipfilter/radix_ipf.h | 97 - contrib/ipfilter/rules/BASIC.NAT | 46 - contrib/ipfilter/rules/BASIC_1.FW | 99 - contrib/ipfilter/rules/BASIC_2.FW | 72 - contrib/ipfilter/rules/example.1 | 4 - contrib/ipfilter/rules/example.10 | 12 - contrib/ipfilter/rules/example.11 | 26 - contrib/ipfilter/rules/example.12 | 17 - contrib/ipfilter/rules/example.13 | 17 - contrib/ipfilter/rules/example.2 | 5 - contrib/ipfilter/rules/example.3 | 40 - contrib/ipfilter/rules/example.4 | 4 - contrib/ipfilter/rules/example.5 | 25 - contrib/ipfilter/rules/example.6 | 5 - contrib/ipfilter/rules/example.7 | 12 - contrib/ipfilter/rules/example.8 | 10 - contrib/ipfilter/rules/example.9 | 12 - contrib/ipfilter/rules/example.sr | 61 - contrib/ipfilter/rules/firewall | 39 - contrib/ipfilter/rules/ftp-proxy | 45 - contrib/ipfilter/rules/ftppxy | 6 - contrib/ipfilter/rules/ip_rules | 3 - contrib/ipfilter/rules/ipmon.conf | 25 - contrib/ipfilter/rules/nat-setup | 77 - contrib/ipfilter/rules/nat.eg | 14 - contrib/ipfilter/rules/pool.conf | 4 - contrib/ipfilter/rules/server | 11 - contrib/ipfilter/rules/tcpstate | 13 - contrib/ipfilter/samples/Makefile | 24 - contrib/ipfilter/samples/ipfilter-pb.gif | Bin 795 -> 0 bytes contrib/ipfilter/samples/proxy.c | 317 -- contrib/ipfilter/samples/relay.c | 196 - contrib/ipfilter/samples/userauth.c | 62 - contrib/ipfilter/snoop.h | 47 - contrib/ipfilter/sys/tree.h | 750 ---- contrib/ipfilter/tools/BNF.ipf | 80 - contrib/ipfilter/tools/BNF.ipnat | 28 - contrib/ipfilter/tools/Makefile | 104 - contrib/ipfilter/tools/ipf.c | 601 --- contrib/ipfilter/tools/ipf_y.y | 2749 ------------ contrib/ipfilter/tools/ipfcomp.c | 1374 ------ contrib/ipfilter/tools/ipfs.c | 881 ---- contrib/ipfilter/tools/ipfstat.c | 2375 ---------- contrib/ipfilter/tools/ipfsyncd.c | 671 --- contrib/ipfilter/tools/ipftest.c | 874 ---- contrib/ipfilter/tools/ipmon.c | 1910 -------- contrib/ipfilter/tools/ipmon_y.y | 1052 ----- contrib/ipfilter/tools/ipnat.c | 855 ---- contrib/ipfilter/tools/ipnat_y.y | 1782 -------- contrib/ipfilter/tools/ippool.c | 1073 ----- contrib/ipfilter/tools/ippool_y.y | 818 ---- contrib/ipfilter/tools/ipscan_y.y | 572 --- contrib/ipfilter/tools/ipsyncm.c | 256 -- contrib/ipfilter/tools/ipsyncs.c | 274 -- contrib/ipfilter/tools/lex_var.h | 60 - contrib/ipfilter/tools/lexer.c | 735 ---- contrib/ipfilter/tools/lexer.h | 38 - tests/sys/kern/execve/Makefile | 39 - tests/sys/kern/execve/bad_interp_len | 4 - tests/sys/kern/execve/dev_null_script | 4 - tests/sys/kern/execve/execve_helper.c | 54 - tests/sys/kern/execve/execve_test.sh | 115 - tests/sys/kern/execve/good_aout.c | 45 - tests/sys/kern/execve/good_script | 4 - tests/sys/kern/execve/non_exist_shell | 4 - tests/sys/kern/execve/script_arg | 4 - tests/sys/kern/execve/script_arg_nospace | 4 - tests/sys/kqueue/Makefile | 26 - tests/sys/kqueue/common.h | 78 - tests/sys/kqueue/config.h | 13 - tests/sys/kqueue/kqueue_test.sh | 17 - tests/sys/kqueue/main.c | 284 -- tests/sys/kqueue/proc.c | 255 -- tests/sys/kqueue/read.c | 324 -- tests/sys/kqueue/signal.c | 199 - tests/sys/kqueue/timer.c | 178 - tests/sys/kqueue/user.c | 129 - tests/sys/kqueue/vnode.c | 266 -- 340 files changed, 72805 deletions(-) delete mode 100644 contrib/ipfilter/BNF delete mode 100644 contrib/ipfilter/BugReport delete mode 100644 contrib/ipfilter/HISTORY delete mode 100644 contrib/ipfilter/LICENCE delete mode 100644 contrib/ipfilter/Makefile delete mode 100644 contrib/ipfilter/NAT.FreeBSD delete mode 100644 contrib/ipfilter/README delete mode 100644 contrib/ipfilter/STYLE.TXT delete mode 100644 contrib/ipfilter/WhatsNew50.txt delete mode 100644 contrib/ipfilter/Y2K delete mode 100644 contrib/ipfilter/arc4random.c delete mode 100644 contrib/ipfilter/bpf-ipf.h delete mode 100644 contrib/ipfilter/bpf_filter.c delete mode 100644 contrib/ipfilter/genmask.c delete mode 100644 contrib/ipfilter/ip_dstlist.c delete mode 100644 contrib/ipfilter/ip_dstlist.h delete mode 100644 contrib/ipfilter/ip_fil.c delete mode 100644 contrib/ipfilter/ip_fil_compat.c delete mode 100644 contrib/ipfilter/ip_msnrpc_pxy.c delete mode 100644 contrib/ipfilter/ipf.h delete mode 100644 contrib/ipfilter/ipf_rb.h delete mode 100644 contrib/ipfilter/iplang/BNF delete mode 100644 contrib/ipfilter/iplang/Makefile delete mode 100644 contrib/ipfilter/iplang/iplang.h delete mode 100644 contrib/ipfilter/iplang/iplang.tst delete mode 100644 contrib/ipfilter/iplang/iplang_l.l delete mode 100644 contrib/ipfilter/iplang/iplang_y.y delete mode 100644 contrib/ipfilter/ipmon.h delete mode 100644 contrib/ipfilter/ipsd/Celler/ip_compat.h delete mode 100644 contrib/ipfilter/ipsd/Makefile delete mode 100644 contrib/ipfilter/ipsd/README delete mode 100644 contrib/ipfilter/ipsd/ipsd.c delete mode 100644 contrib/ipfilter/ipsd/ipsd.h delete mode 100644 contrib/ipfilter/ipsd/ipsdr.c delete mode 100644 contrib/ipfilter/ipsd/linux.h delete mode 100644 contrib/ipfilter/ipsd/sbpf.c delete mode 100644 contrib/ipfilter/ipsd/sdlpi.c delete mode 100644 contrib/ipfilter/ipsd/slinux.c delete mode 100644 contrib/ipfilter/ipsd/snit.c delete mode 100644 contrib/ipfilter/ipsend/.OLD/ip_compat.h delete mode 100644 contrib/ipfilter/ipsend/44arp.c delete mode 100644 contrib/ipfilter/ipsend/Crashable delete mode 100644 contrib/ipfilter/ipsend/Makefile delete mode 100644 contrib/ipfilter/ipsend/arp.c delete mode 100644 contrib/ipfilter/ipsend/dlcommon.c delete mode 100644 contrib/ipfilter/ipsend/dltest.h delete mode 100644 contrib/ipfilter/ipsend/ip.c delete mode 100644 contrib/ipfilter/ipsend/ipresend.1 delete mode 100644 contrib/ipfilter/ipsend/ipresend.c delete mode 100644 contrib/ipfilter/ipsend/ipsend.1 delete mode 100644 contrib/ipfilter/ipsend/ipsend.5 delete mode 100644 contrib/ipfilter/ipsend/ipsend.c delete mode 100644 contrib/ipfilter/ipsend/ipsend.h delete mode 100644 contrib/ipfilter/ipsend/ipsopt.c delete mode 100644 contrib/ipfilter/ipsend/iptest.1 delete mode 100644 contrib/ipfilter/ipsend/iptest.c delete mode 100644 contrib/ipfilter/ipsend/iptests.c delete mode 100644 contrib/ipfilter/ipsend/larp.c delete mode 100644 contrib/ipfilter/ipsend/linux.h delete mode 100644 contrib/ipfilter/ipsend/lsock.c delete mode 100644 contrib/ipfilter/ipsend/resend.c delete mode 100644 contrib/ipfilter/ipsend/sbpf.c delete mode 100644 contrib/ipfilter/ipsend/sdlpi.c delete mode 100644 contrib/ipfilter/ipsend/sirix.c delete mode 100644 contrib/ipfilter/ipsend/slinux.c delete mode 100644 contrib/ipfilter/ipsend/snit.c delete mode 100644 contrib/ipfilter/ipsend/sock.c delete mode 100644 contrib/ipfilter/ipsend/sockraw.c delete mode 100644 contrib/ipfilter/ipt.h delete mode 100644 contrib/ipfilter/kmem.h delete mode 100644 contrib/ipfilter/l4check/Makefile delete mode 100644 contrib/ipfilter/l4check/http.check delete mode 100644 contrib/ipfilter/l4check/http.ok delete mode 100644 contrib/ipfilter/l4check/l4check.c delete mode 100644 contrib/ipfilter/l4check/l4check.conf delete mode 100644 contrib/ipfilter/lib/Makefile delete mode 100644 contrib/ipfilter/lib/addicmp.c delete mode 100644 contrib/ipfilter/lib/addipopt.c delete mode 100644 contrib/ipfilter/lib/alist_free.c delete mode 100644 contrib/ipfilter/lib/alist_new.c delete mode 100644 contrib/ipfilter/lib/allocmbt.c delete mode 100644 contrib/ipfilter/lib/assigndefined.c delete mode 100644 contrib/ipfilter/lib/bcopywrap.c delete mode 100644 contrib/ipfilter/lib/binprint.c delete mode 100644 contrib/ipfilter/lib/buildopts.c delete mode 100644 contrib/ipfilter/lib/checkrev.c delete mode 100644 contrib/ipfilter/lib/connecttcp.c delete mode 100644 contrib/ipfilter/lib/count4bits.c delete mode 100644 contrib/ipfilter/lib/count6bits.c delete mode 100644 contrib/ipfilter/lib/debug.c delete mode 100644 contrib/ipfilter/lib/dupmbt.c delete mode 100644 contrib/ipfilter/lib/facpri.c delete mode 100644 contrib/ipfilter/lib/facpri.h delete mode 100644 contrib/ipfilter/lib/familyname.c delete mode 100644 contrib/ipfilter/lib/fill6bits.c delete mode 100644 contrib/ipfilter/lib/findword.c delete mode 100644 contrib/ipfilter/lib/flags.c delete mode 100644 contrib/ipfilter/lib/freembt.c delete mode 100644 contrib/ipfilter/lib/ftov.c delete mode 100644 contrib/ipfilter/lib/gethost.c delete mode 100644 contrib/ipfilter/lib/geticmptype.c delete mode 100644 contrib/ipfilter/lib/getifname.c delete mode 100644 contrib/ipfilter/lib/getnattype.c delete mode 100644 contrib/ipfilter/lib/getport.c delete mode 100644 contrib/ipfilter/lib/getportproto.c delete mode 100644 contrib/ipfilter/lib/getproto.c delete mode 100644 contrib/ipfilter/lib/getsumd.c delete mode 100644 contrib/ipfilter/lib/hostname.c delete mode 100644 contrib/ipfilter/lib/icmpcode.c delete mode 100644 contrib/ipfilter/lib/icmptypename.c delete mode 100644 contrib/ipfilter/lib/icmptypes.c delete mode 100644 contrib/ipfilter/lib/inet_addr.c delete mode 100644 contrib/ipfilter/lib/initparse.c delete mode 100644 contrib/ipfilter/lib/interror.c delete mode 100644 contrib/ipfilter/lib/ionames.c delete mode 100644 contrib/ipfilter/lib/ipf_dotuning.c delete mode 100644 contrib/ipfilter/lib/ipf_perror.c delete mode 100644 contrib/ipfilter/lib/ipft_hx.c delete mode 100644 contrib/ipfilter/lib/ipft_pc.c delete mode 100644 contrib/ipfilter/lib/ipft_tx.c delete mode 100644 contrib/ipfilter/lib/ipoptsec.c delete mode 100644 contrib/ipfilter/lib/kmem.c delete mode 100644 contrib/ipfilter/lib/kmem.h delete mode 100644 contrib/ipfilter/lib/kmemcpywrap.c delete mode 100644 contrib/ipfilter/lib/kvatoname.c delete mode 100644 contrib/ipfilter/lib/load_dstlist.c delete mode 100644 contrib/ipfilter/lib/load_dstlistnode.c delete mode 100644 contrib/ipfilter/lib/load_file.c delete mode 100644 contrib/ipfilter/lib/load_hash.c delete mode 100644 contrib/ipfilter/lib/load_hashnode.c delete mode 100644 contrib/ipfilter/lib/load_http.c delete mode 100644 contrib/ipfilter/lib/load_pool.c delete mode 100644 contrib/ipfilter/lib/load_poolnode.c delete mode 100644 contrib/ipfilter/lib/load_url.c delete mode 100644 contrib/ipfilter/lib/mb_hexdump.c delete mode 100644 contrib/ipfilter/lib/msgdsize.c delete mode 100644 contrib/ipfilter/lib/mutex_emul.c delete mode 100644 contrib/ipfilter/lib/nametokva.c delete mode 100644 contrib/ipfilter/lib/nat_setgroupmap.c delete mode 100644 contrib/ipfilter/lib/ntomask.c delete mode 100644 contrib/ipfilter/lib/optname.c delete mode 100644 contrib/ipfilter/lib/optprint.c delete mode 100644 contrib/ipfilter/lib/optprintv6.c delete mode 100644 contrib/ipfilter/lib/optvalue.c delete mode 100644 contrib/ipfilter/lib/parsefields.c delete mode 100644 contrib/ipfilter/lib/parseipfexpr.c delete mode 100644 contrib/ipfilter/lib/parsewhoisline.c delete mode 100644 contrib/ipfilter/lib/poolio.c delete mode 100644 contrib/ipfilter/lib/portname.c delete mode 100644 contrib/ipfilter/lib/prependmbt.c delete mode 100644 contrib/ipfilter/lib/print_toif.c delete mode 100644 contrib/ipfilter/lib/printactiveaddr.c delete mode 100644 contrib/ipfilter/lib/printactivenat.c delete mode 100644 contrib/ipfilter/lib/printaddr.c delete mode 100644 contrib/ipfilter/lib/printaps.c delete mode 100644 contrib/ipfilter/lib/printbuf.c delete mode 100644 contrib/ipfilter/lib/printdstl_live.c delete mode 100644 contrib/ipfilter/lib/printdstlist.c delete mode 100644 contrib/ipfilter/lib/printdstlistdata.c delete mode 100644 contrib/ipfilter/lib/printdstlistnode.c delete mode 100644 contrib/ipfilter/lib/printdstlistpolicy.c delete mode 100644 contrib/ipfilter/lib/printfieldhdr.c delete mode 100644 contrib/ipfilter/lib/printfr.c delete mode 100644 contrib/ipfilter/lib/printfraginfo.c delete mode 100644 contrib/ipfilter/lib/printhash.c delete mode 100644 contrib/ipfilter/lib/printhash_live.c delete mode 100644 contrib/ipfilter/lib/printhashdata.c delete mode 100644 contrib/ipfilter/lib/printhashnode.c delete mode 100644 contrib/ipfilter/lib/printhost.c delete mode 100644 contrib/ipfilter/lib/printhostmap.c delete mode 100644 contrib/ipfilter/lib/printhostmask.c delete mode 100644 contrib/ipfilter/lib/printifname.c delete mode 100644 contrib/ipfilter/lib/printip.c delete mode 100644 contrib/ipfilter/lib/printipfexpr.c delete mode 100644 contrib/ipfilter/lib/printiphdr.c delete mode 100644 contrib/ipfilter/lib/printlog.c delete mode 100644 contrib/ipfilter/lib/printlookup.c delete mode 100644 contrib/ipfilter/lib/printmask.c delete mode 100644 contrib/ipfilter/lib/printnat.c delete mode 100644 contrib/ipfilter/lib/printnataddr.c delete mode 100644 contrib/ipfilter/lib/printnatfield.c delete mode 100644 contrib/ipfilter/lib/printnatside.c delete mode 100644 contrib/ipfilter/lib/printpacket.c delete mode 100644 contrib/ipfilter/lib/printpacket6.c delete mode 100644 contrib/ipfilter/lib/printpool.c delete mode 100644 contrib/ipfilter/lib/printpool_live.c delete mode 100644 contrib/ipfilter/lib/printpooldata.c delete mode 100644 contrib/ipfilter/lib/printpoolfield.c delete mode 100644 contrib/ipfilter/lib/printpoolnode.c delete mode 100644 contrib/ipfilter/lib/printportcmp.c delete mode 100644 contrib/ipfilter/lib/printproto.c delete mode 100644 contrib/ipfilter/lib/printsbuf.c delete mode 100644 contrib/ipfilter/lib/printstate.c delete mode 100644 contrib/ipfilter/lib/printstatefields.c delete mode 100644 contrib/ipfilter/lib/printtcpflags.c delete mode 100644 contrib/ipfilter/lib/printtqtable.c delete mode 100644 contrib/ipfilter/lib/printtunable.c delete mode 100644 contrib/ipfilter/lib/printunit.c delete mode 100644 contrib/ipfilter/lib/remove_hash.c delete mode 100644 contrib/ipfilter/lib/remove_hashnode.c delete mode 100644 contrib/ipfilter/lib/remove_pool.c delete mode 100644 contrib/ipfilter/lib/remove_poolnode.c delete mode 100644 contrib/ipfilter/lib/resetlexer.c delete mode 100644 contrib/ipfilter/lib/rwlock_emul.c delete mode 100644 contrib/ipfilter/lib/save_execute.c delete mode 100644 contrib/ipfilter/lib/save_file.c delete mode 100644 contrib/ipfilter/lib/save_nothing.c delete mode 100644 contrib/ipfilter/lib/save_syslog.c delete mode 100644 contrib/ipfilter/lib/save_v1trap.c delete mode 100644 contrib/ipfilter/lib/save_v2trap.c delete mode 100644 contrib/ipfilter/lib/tcp_flags.c delete mode 100644 contrib/ipfilter/lib/tcpflags.c delete mode 100644 contrib/ipfilter/lib/tcpoptnames.c delete mode 100644 contrib/ipfilter/lib/v6ionames.c delete mode 100644 contrib/ipfilter/lib/v6optvalue.c delete mode 100644 contrib/ipfilter/lib/var.c delete mode 100644 contrib/ipfilter/lib/verbose.c delete mode 100644 contrib/ipfilter/lib/vtof.c delete mode 100644 contrib/ipfilter/man/Makefile delete mode 100644 contrib/ipfilter/man/ipf.4 delete mode 100644 contrib/ipfilter/man/ipf.5 delete mode 100644 contrib/ipfilter/man/ipf.8 delete mode 100644 contrib/ipfilter/man/ipfilter.4 delete mode 100644 contrib/ipfilter/man/ipfilter.4.mandoc delete mode 100644 contrib/ipfilter/man/ipfilter.5 delete mode 100644 contrib/ipfilter/man/ipfs.8 delete mode 100644 contrib/ipfilter/man/ipfstat.8 delete mode 100644 contrib/ipfilter/man/ipftest.1 delete mode 100644 contrib/ipfilter/man/ipl.4 delete mode 100644 contrib/ipfilter/man/ipmon.5 delete mode 100644 contrib/ipfilter/man/ipmon.8 delete mode 100644 contrib/ipfilter/man/ipnat.1 delete mode 100644 contrib/ipfilter/man/ipnat.4 delete mode 100644 contrib/ipfilter/man/ipnat.5 delete mode 100644 contrib/ipfilter/man/ipnat.8 delete mode 100644 contrib/ipfilter/man/ippool.5 delete mode 100644 contrib/ipfilter/man/ippool.8 delete mode 100644 contrib/ipfilter/man/ipscan.5 delete mode 100644 contrib/ipfilter/man/ipscan.8 delete mode 100644 contrib/ipfilter/man/mkfilters.1 delete mode 100644 contrib/ipfilter/md5.c delete mode 100644 contrib/ipfilter/md5.h delete mode 100644 contrib/ipfilter/mkfilters delete mode 100644 contrib/ipfilter/ml_ipl.c delete mode 100644 contrib/ipfilter/mlf_ipl.c delete mode 100644 contrib/ipfilter/mlf_rule.c delete mode 100644 contrib/ipfilter/mlfk_ipl.c delete mode 100644 contrib/ipfilter/mlfk_rule.c delete mode 100644 contrib/ipfilter/mlh_rule.c delete mode 100644 contrib/ipfilter/mli_ipl.c delete mode 100644 contrib/ipfilter/mln_ipl.c delete mode 100644 contrib/ipfilter/mln_rule.c delete mode 100644 contrib/ipfilter/mlo_ipl.c delete mode 100644 contrib/ipfilter/mlo_rule.c delete mode 100644 contrib/ipfilter/mls_ipl.c delete mode 100644 contrib/ipfilter/mls_rule.c delete mode 100644 contrib/ipfilter/mlso_rule.c delete mode 100644 contrib/ipfilter/opt_inet6.h delete mode 100644 contrib/ipfilter/opts.h delete mode 100644 contrib/ipfilter/pcap-bpf.h delete mode 100644 contrib/ipfilter/pcap-ipf.h delete mode 100644 contrib/ipfilter/radix_ipf.c delete mode 100644 contrib/ipfilter/radix_ipf.h delete mode 100644 contrib/ipfilter/rules/BASIC.NAT delete mode 100644 contrib/ipfilter/rules/BASIC_1.FW delete mode 100644 contrib/ipfilter/rules/BASIC_2.FW delete mode 100644 contrib/ipfilter/rules/example.1 delete mode 100644 contrib/ipfilter/rules/example.10 delete mode 100644 contrib/ipfilter/rules/example.11 delete mode 100644 contrib/ipfilter/rules/example.12 delete mode 100644 contrib/ipfilter/rules/example.13 delete mode 100644 contrib/ipfilter/rules/example.2 delete mode 100644 contrib/ipfilter/rules/example.3 delete mode 100644 contrib/ipfilter/rules/example.4 delete mode 100644 contrib/ipfilter/rules/example.5 delete mode 100644 contrib/ipfilter/rules/example.6 delete mode 100644 contrib/ipfilter/rules/example.7 delete mode 100644 contrib/ipfilter/rules/example.8 delete mode 100644 contrib/ipfilter/rules/example.9 delete mode 100644 contrib/ipfilter/rules/example.sr delete mode 100644 contrib/ipfilter/rules/firewall delete mode 100644 contrib/ipfilter/rules/ftp-proxy delete mode 100755 contrib/ipfilter/rules/ftppxy delete mode 100644 contrib/ipfilter/rules/ip_rules delete mode 100644 contrib/ipfilter/rules/ipmon.conf delete mode 100644 contrib/ipfilter/rules/nat-setup delete mode 100644 contrib/ipfilter/rules/nat.eg delete mode 100644 contrib/ipfilter/rules/pool.conf delete mode 100644 contrib/ipfilter/rules/server delete mode 100644 contrib/ipfilter/rules/tcpstate delete mode 100644 contrib/ipfilter/samples/Makefile delete mode 100644 contrib/ipfilter/samples/ipfilter-pb.gif delete mode 100644 contrib/ipfilter/samples/proxy.c delete mode 100644 contrib/ipfilter/samples/relay.c delete mode 100644 contrib/ipfilter/samples/userauth.c delete mode 100644 contrib/ipfilter/snoop.h delete mode 100644 contrib/ipfilter/sys/tree.h delete mode 100644 contrib/ipfilter/tools/BNF.ipf delete mode 100644 contrib/ipfilter/tools/BNF.ipnat delete mode 100644 contrib/ipfilter/tools/Makefile delete mode 100644 contrib/ipfilter/tools/ipf.c delete mode 100644 contrib/ipfilter/tools/ipf_y.y delete mode 100644 contrib/ipfilter/tools/ipfcomp.c delete mode 100644 contrib/ipfilter/tools/ipfs.c delete mode 100644 contrib/ipfilter/tools/ipfstat.c delete mode 100644 contrib/ipfilter/tools/ipfsyncd.c delete mode 100644 contrib/ipfilter/tools/ipftest.c delete mode 100644 contrib/ipfilter/tools/ipmon.c delete mode 100644 contrib/ipfilter/tools/ipmon_y.y delete mode 100644 contrib/ipfilter/tools/ipnat.c delete mode 100644 contrib/ipfilter/tools/ipnat_y.y delete mode 100644 contrib/ipfilter/tools/ippool.c delete mode 100644 contrib/ipfilter/tools/ippool_y.y delete mode 100644 contrib/ipfilter/tools/ipscan_y.y delete mode 100644 contrib/ipfilter/tools/ipsyncm.c delete mode 100644 contrib/ipfilter/tools/ipsyncs.c delete mode 100644 contrib/ipfilter/tools/lex_var.h delete mode 100644 contrib/ipfilter/tools/lexer.c delete mode 100644 contrib/ipfilter/tools/lexer.h delete mode 100644 tests/sys/kern/execve/Makefile delete mode 100644 tests/sys/kern/execve/bad_interp_len delete mode 100644 tests/sys/kern/execve/dev_null_script delete mode 100644 tests/sys/kern/execve/execve_helper.c delete mode 100644 tests/sys/kern/execve/execve_test.sh delete mode 100644 tests/sys/kern/execve/good_aout.c delete mode 100644 tests/sys/kern/execve/good_script delete mode 100644 tests/sys/kern/execve/non_exist_shell delete mode 100644 tests/sys/kern/execve/script_arg delete mode 100644 tests/sys/kern/execve/script_arg_nospace delete mode 100644 tests/sys/kqueue/Makefile delete mode 100644 tests/sys/kqueue/common.h delete mode 100644 tests/sys/kqueue/config.h delete mode 100755 tests/sys/kqueue/kqueue_test.sh delete mode 100644 tests/sys/kqueue/main.c delete mode 100644 tests/sys/kqueue/proc.c delete mode 100644 tests/sys/kqueue/read.c delete mode 100644 tests/sys/kqueue/signal.c delete mode 100644 tests/sys/kqueue/timer.c delete mode 100644 tests/sys/kqueue/user.c delete mode 100644 tests/sys/kqueue/vnode.c diff --git a/contrib/ipfilter/BNF b/contrib/ipfilter/BNF deleted file mode 100644 index ef35d25e9f8a..000000000000 --- a/contrib/ipfilter/BNF +++ /dev/null @@ -1,81 +0,0 @@ -filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ] - [ proto ] [ ip ] [ group ] [ tag ] [ pps ] . - -insert = "@" decnumber . -action = block | "pass" | log | "count" | auth | call . -in-out = "in" | "out" . -options = [ log ] [ "quick" ] [ onif [ dup ] [ froute ] ] . -tos = "tos" decnumber | "tos" hexnumber . -ttl = "ttl" decnumber . -proto = "proto" protocol . -ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] . -group = [ "head" decnumber ] [ "group" decnumber ] . -pps = "pps" decnumber . - -onif = "on" interface-name [ "out-via" interface-name ] . -block = "block" [ return-icmp[return-code] | "return-rst" ] . -auth = "auth" | "preauth" . -log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] . -tag = "tag" tagid . -call = "call" [ "now" ] function-name "/" decnumber. -dup = "dup-to" interface-name[":"ipaddr] . -froute = "fastroute" | "to" interface-name . -replyto = "reply-to" interface-name [ ":" ipaddr ] . -protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber . -srcdst = "all" | fromto . -fromto = "from" object "to" object . - -return-icmp = "return-icmp" | "return-icmp-as-dest" . -loglevel = facility"."priority | priority . -object = addr [ port-comp | port-range ] . -addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] . -port-comp = "port" compare port-num . -port-range = "port" port-num range port-num . -flags = "flags" flag { flag } [ "/" flag { flag } ] . -with = "with" | "and" . -icmp = "icmp-type" icmp-type [ "code" decnumber ] . -return-code = "("icmp-code")" . -keep = "keep" "state" [ "limit" number ] | "keep" "frags" . - -nummask = host-name [ "/" decnumber ] . -host-name = ipaddr | hostname | "any" . -ipaddr = host-num "." host-num "." host-num "." host-num . -host-num = digit [ digit [ digit ] ] . -port-num = service-name | decnumber . - -withopt = [ "not" | "no" ] opttype [ [ "," ] withopt ] . -opttype = "ipopts" | "short" | "nat" | "bad-src" | "lowttl" | "frag" | - "mbcast" | "opt" ipopts . -optname = ipopts [ "," optname ] . -ipopts = optlist | "sec-class" [ secname ] . -secname = seclvl [ "," secname ] . -seclvl = "unclass" | "confid" | "reserv-1" | "reserv-2" | "reserv-3" | - "reserv-4" | "secret" | "topsecret" . -icmp-type = "unreach" | "echo" | "echorep" | "squench" | "redir" | - "timex" | "paramprob" | "timest" | "timestrep" | "inforeq" | - "inforep" | "maskreq" | "maskrep" | "routerad" | - "routersol" | decnumber . -icmp-code = decumber | "net-unr" | "host-unr" | "proto-unr" | "port-unr" | - "needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" | - "net-prohib" | "host-prohib" | "net-tos" | "host-tos" | - "filter-prohib" | "host-preced" | "cutoff-preced" . -optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | "tr" | - "sec" | "lsrr" | "e-sec" | "cipso" | "satid" | "ssrr" | "addext" | - "visa" | "imitd" | "eip" | "finn" . -facility = "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" | - "lpr" | "news" | "uucp" | "cron" | "ftp" | "authpriv" | - "audit" | "logalert" | "local0" | "local1" | "local2" | - "local3" | "local4" | "local5" | "local6" | "local7" . -priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" | - "info" | "debug" . - -hexnumber = "0" "x" hexstring . -hexstring = hexdigit [ hexstring ] . -decnumber = digit [ decnumber ] . - -compare = "=" | "!=" | "<" | ">" | "<=" | ">=" | "eq" | "ne" | "lt" | "gt" | - "le" | "ge" . -range = "<>" | "><" . -hexdigit = digit | "a" | "b" | "c" | "d" | "e" | "f" . -digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" . -flag = "F" | "S" | "R" | "P" | "A" | "U" | "C" | "W" . diff --git a/contrib/ipfilter/BugReport b/contrib/ipfilter/BugReport deleted file mode 100644 index 699483189012..000000000000 --- a/contrib/ipfilter/BugReport +++ /dev/null @@ -1,12 +0,0 @@ -Please submit this information at SourceForge using this URL: -http://sourceforge.net/tracker/?func=add&group_id=169098&atid=849053 - -Please also send an email to darrenr@reed.wattle.id.au. - -Some information that I generally find important: --------------------------- -* IP Filter Version -* Operating System and its Version -* Configuration: (LKM or compiled-into-kernel) -* Description of problem -* How to repeat diff --git a/contrib/ipfilter/HISTORY b/contrib/ipfilter/HISTORY deleted file mode 100644 index 8b67de7bfe47..000000000000 --- a/contrib/ipfilter/HISTORY +++ /dev/null @@ -1,1830 +0,0 @@ -# -# NOTE: Quite a few patches and suggestions come from other sources, to whom -# I'm greatly indebted, even if no names are mentioned. -# -# Thanks to the Coombs Computing Unit at the ANU for their continued support -# in providing a very available location for the IP Filter home page and -# distribution center. -# -# Thanks also to all those who have contributed patches and other code, -# and especially those who have found the time to port IP Filter to new -# platforms. -# -5.1.2 - RELEASED - 22 Jul 2012 - -3546266 macro letters could be more consistent -3546265 not all of the state statistics are displayed -3546261 scripts for updating BSD environment out of date -3546260 compiler warnings about non-integer array subscript -3546259 asserting numdereflists == 0 is not correct -3546258 expression matching does not see IPF_EXP_END -3544317 ipnat/ipfstat are not using ipfexp_t -3545324 proxy checksum calculation is not hardware aware -3545321 FTP sequence number adjustment incorrectly applied -3545320 EPSV is not recognised -3545319 move nat rule creation to ip_proxy.c -3545317 better feedback of checksum requirements for proxies -3545314 ftp proxy levels do not make sense -3545312 EPRT is not supported by ftp proxy -3544318 ipnat.conf parsing ignores LHS address family -3545309 non-ipv6 safe proxies do not fail with ipv6 -3545323 NAT updates the source port twice -3545322 ipv6 nat rules cannot start proxies -3544314 bucket copyout tries to copy too much data -3544313 remove nat encap feature -3546248 compat rule pointer type mismatch -3546247 UDP hardware checksum offload not recognised -3545311 ifp_ifaddr does not find the first set address -3545310 ipmon needs ipl_sec on 64bit boundary -3545326 reference count changes made without lock -3544315 stateful matching does not use ipfexp_t -3543493 tokens are not flushed when disabled -3543487 NAT rules do not always release lookup objects -3543491 function comments in ip_state.c are old -3543404 ipnat.conf parsing uses family/ip version badly -3543403 incorrect line number printed in ipnat parsing errors -3543402 Not all NAT statistics are printed -3542979 NAT session list management is too simple -3542978 ipv4 and ipv6 nat insert have common hash insertion -3542977 ipnat_t refence tracking incomplete -3542975 proxies must use ipnat_t separately -3542980 printing ipv6 expressions is wrong -3542983 ippool cannot handle more than one ipv6 address -3543018 mask array shifted incorrectly. -3542974 reason for dropping packet is lost -3542982 line numbers not recorded/displayed correctly by ipf -3542981 exclamation mark cuases trouble with pools -3541655 test suite checksums incorrect -3541653 display proxy fail status correctly -3540993 IP header offset excluded in pullup calculations -3540994 pullupmsg does not work as required -3540992 pointer to ipv6 frag header not updated on pullup -3541645 netmask management adds /32 for /0 -3541637 ipnat parser does not zero port fields for non-port protocol -3541635 pool names cannot by numbers -3540995 IPv6 fragment tracking does not always work -3540996 printing of nextip for ipv6 nat rules is wrong -3540999 ipnat.conf parsing has trouble with icmpidmap for ipv6 -3540825 whois output parsing error for ipv6 -3540814 ipfd_lock serves no purpose -3540810 lookup objects need tail pointers -3540809 refactor hash table lookups for nat -3540819 radix tree does not work with ipv6 -3540820 mutex emulation should be logged -3540828 ipfstat filtering with -m fails tests -3536480 ippool could be more like the others -3536477 pool printing not uniform -3536483 flushing empty destination lists causes panic -3536481 more use of bzero after KMALLOC required -3536479 ipnat.conf line numbers not stored -3536484 Makefile missing dependency for ippool -3536199 TFTP proxy requires something extra -3536198 ICMP checksum out by one -3536203 ipnat does not return an error -3536201 ipf.conf parsing too address friendly -3536200 printing of bytes/packets not indented -3497941 ipv4 multicast detection incorrect on little endian -3535361 to interfaces printed out of order -3535363 ipf parser is inconsistent -3532306 deleting ipnat rules does not work -3532054 new error required for ipf_rx_create -3532053 icmp6 checksums wrong -3532052 icmpv6 state check with incorrect length -3531871 checksum verification wants too many icmp6 bytes -3531870 ipnat.conf parsing needs to support inet6 -3532048 error in ipf group parsing -3531868 ICMPV6 checksum not validated -3531893 ipftest exits without error for bad input -3531890 whois pool parsing builds bad structures -3531891 icmpv6 text parsing ignorant of icmp types -3531653 rewrite with icmp does not work -3530563 NAT operations fail with EPERM -3530544 first pass at gcc -Wextra cleanup -3530540 lookup create functions do not set error properly -3530539 ipf_main_soft_destroy doesn't need 2nd arg -3530541 reorder structure for better packing -3530543 ipnat purge needs documentation -3530515 BSD upgrade script required -3528029 ipmon bad-mutex panic -3530247 loading address pools light on input validation -3530255 radix tree delete uses wrong lookup -3530254 radix tree allocation support wrong -3530264 ipmon prints qd for some 64bit numbers -3530260 decapsulate rules not printed correctly. -3530266 ipfstat -v/-d flags confused -2939220 why a packet is blocked is not discernable -2939218 output interface not recorded -2941850 use of destination lists with to/dup-to beneficial -3457747 build errors introduced with radix change -3535360 timeout groups leak -3535359 memory leak with tokens -3535358 listing rules in groups requires tracking groups -3535357 rule head removal is problematic -3530259 not all ioctl error checked wth SIOCIPFINTERROR -3530258 error routine that uses fd required -3530253 inadequate function comment blocks -3530249 walking lookup tables leaks memory -3530241 extra lock padding required for freebsd -3529901 ipf returns 0 when rules fail to load -3529491 checksum validation could be better -3529486 tcp checksum wrong for ipv6 -3533779 ipv6 nat rules missing inet6 keyword -3532693 ipnat.conf rejects some ipv6 addresses -3532691 ipv4 should not be forced for icmp -3532689 ipv6 nat rules do not print inet6 -3532688 ipv6 address always printed with "to " -3532687 with v6hdrs not supported like with ipopts -3532686 ipf expressions do not work with ipv6 -3540825 whois output parsing error for ipv6 -3540818 NAT for certain IPv6 ICMP packets should not be allowed -3540815 memory leak with destination lists -3540814 ipfd_lock serves no purpose -3540810 lookup objects need tail pointers -3540809 refactor hash table lookups for nat -3540808 completed tokens do not stop iteration -3530492 address hash table name not used -3528029 ipmon bad-mutex panic -3530256 hook memory leaked -3530271 pools parsing produces badly formed address structures -3488061 cleanup for illumos build -3484434 SIOCIPFINTERROR must work for all devices -3484067 mandoc -Tlint warnings to be fixed -3483343 compile warning in ipfcomp.c -3482893 building without IPFILTER_LOG fails -3482765 building netbsd kernel without inet6 fails -3482116 ipf_check frees packet from ipftest -3481663 does not compile on solaris 11 - -5.1.1 - RELEASED - 9 May 2012 - -3481322 ip_fil_compat.c needs a cleanup -3481211 add user errors to dtrace -3481152 compatibility for 4.1 needs more work -3481153 PRIu64 problems on FreeBSD -3481155 ipnat listing incorrect -3480543 change leads to compat problems -3480538 compiler errors from earlier patch -3480537 ipf_instance_destroy is incomplete -3480536 _fini order leads to panic -3479991 compiler warnings about size mismatches -3479974 copyright dates are wrong (fix) -3479464 add support for leaks testing -3479457 %qu is not the prefered way -3479451 iterators leak memory -3479453 nat rules with pools leak -3479454 memory leak in hostmap table -3479461 load_hash uses memory after free -3479462 printpool leaks memory -3479452 missing FREE_MB_T to freembt leaks -3479450 ipfdetach is called when detached -3479448 group mapping rules memory leak -3479455 memory leak from tuning -3479458 ipf must be running in global zone -3479460 driver replace is wrong -3479459 radix tree tries to free null pointer -3479463 rwlock emulation does not free memory -3479465 parser leaks memory -3475959 hardware checksum not correctly used -3475426 ip pseudo checksum wrong -3473566 radix tree does not delete dups right -3472987 compile is not clean -3472337 not everything is zero'd -3472344 interface setup needs to be after insert -3472340 wildcard counter drops twice -3472338 change fastroute interface -3472335 kernel lock defines not placed correctly -3472324 ICMP INFOREQ/REPLY not handled -3472330 multicast packets tagged by address -3472333 ipf_deliverlocal called incorrectly -3472345 mutex debug could be more granular -3472761 building i19 regression is flawed -3456457 use of bsd tree.h needs to be removed -3460522 code cleanup required for building on freebsd -3459734 trade some cpu for memory -3457747 build errors introduced with radix change -3457804 build errors from removal of pcap-int,h -3440163 rewrite radix tree -3428004 snoop, tcpdump, etherfind readers are unused -3439495 ipf_rand_push never called (fix brackets) -3437732 getnattype does not need to use ipnat_t (fix variable name) -3437696 fr_cksum is a nightmare -3439061 ipf_send_ip doesn't need 3rd arg -3439059 ipid needs to be file local -3437740 complete buildout of fnew -3438575 add dtrace probes to block events -3438347 comment blocks missing softc -3437687 description of ipf_makefrip wrong -3438340 more stats as dtrace probes -3438316 free on nat structure uses fixed size -3437745 nat iterator using the wrong size -3437710 fail checksum verification if packet is short -3437696 fr_cksum is a nightmare -3437732 getnattype does not need to use ipnat_t -3437735 rename ipf_allocmbt to allocmbt -3437697 fr_family to version assignment is wrong -3437746 ap_session_t has unused fields -3437747 move softc structure to .h file (ip_state.c) -3437704 there is no DTRACE_PROBE5 -3437748 wrong interface in qpktinfo_t -3437729 create function to hexdump mb_t -3438273 msgdsize should be easier to read -3437683 object direction not set for 32bit -3433767 calling ip_cksum could be easier -3433764 left over locking -3428015 printing proxy data size is useless -3428013 add M_ADJ to hide adjmsg/m_adj -3428012 interface name is not always returned correctly -3428002 ip_ttl is too low -3427997 ipft readers do not set buffer length -3426558 resistence is futile -3424495 various copy-paste errors -1826936 shall we allow ipf to be as dumb as its admin -3424477 specfuncs needs to go -3424484 missing fr_checkv6sum -3424478 one entry at a time -2998760 auth rules do not mix well with to/dup-to/fastroute -3424195 add ctfmerge to sunos5 makefile -3424132 some dtrace probes to start with -3423812 makefile needs ip_frag.h for some files -3423817 reference count useful in verbose output -3423800 walking lists does not drop reference -3423805 fragmentation stats not reported correclty -3423808 ip addresses reportied incorrectly with ipfstat -f -3423821 track packets and bytes for fragmentation -3423803 attempt to double free rule -3423805 fragmentation stats not reported correctly -3422712 system panic with ipfstat -f -3422619 pullup counter bumped for every packet -3422608 dummy rtentry required to build -3422018 frflush next to ipf_fini_all is redundant -3422012 instance cleanup is not clean -3421845 instance name not set -3005622 ip_fil5.1.0 does not load on Solaris 10 U8 -2976332 stateful filtering is incompatible with ipv4 options -3387509 ipftest needs help construction ip packets with options -2998746 passp can never be null -3064034 mbuf clobbering problem with ipv6 -3105725 ipnat divide by zero panic -2998750 ipf_htent_insert can leak memory -3064034 mbuf clobbering problem with ipv6 -3105725 ipnat divie by zero panic - -5.1 - RELEASED - 9 May 2010 - -* See WhatsNew50.txt - -4.1 - RELEASED - 12 February 2004 - -4.0-BETA1 20 August 2003 - -support 0/32 and 0/0 on the RHS in redirect rules - -where LHS and RHS netmasks are the same size for redirect, do 1:1 mapping -for bimap rules. - -allow NAT rule to match 'all' interfaces with * as interface name - -do mapping of ICMP sequence id#'s in pings - -allow default age for NAT entries to be set per NAT rule - -provide round robin selection of destination addresses for redirect - -ipmon can load a configuration file with instructions on actions -to take when a matching log entry is received - -now requires pfil to work on Solaris & HP-UX - -supports mapping outbound connections to a specific address/port - -support toggling of logging per ipfilter 'device' - -use queues to expire data rather than lists - -add MSN RPC proxy - -add IRC proxy - -support rules with dynamic ip addresses - -add ability to define a pool of addresses & networks which can then -be placed in a single rule - -support passing entire packet back to user program for authentication - -support master/slave for state information sharing - -reorganise generic code into a lib directory and make libipf.a - -user programs enforce version matching with the kernel - -supports window scaling if seen at TCP session setup - -generates C code from filter rules to compile in or load as native -machine code. - -supports loading rules comprised of BPF bytecode statements - -HP-UX 11 port completed - -and packets-per-second filtering - -add numerical tags to rules for filtering and display in ipmon output - -3.4.4 23/05/2000 - Released - -don't add TCP state if it is an RST packet and (attempt) to send out -RST/ICMP packets in a manner that bypasses IP Filter. - -add patch to work with 4.0_STABLE delayed checksums - -3.4.3 20/05/2000 - Released - -fix ipmon -F - -don't truncate IPv6 packets on Solaris - -fix keep state for ICMP ECHO - -add some NAT stats and use def_nat_age rather than DEF_NAT_AGE - -don't make ftp proxy drop packets - -use MCLISREFERENCED() in tandem with M_EXT to check if IP fields need to be -swapped back. - -fix up RST generation for non-Solaris - -get "short" flag right for IPv6 - -3.4.2 - 10/5/2000 - Released - -Fix bug in dealing with "hlen == 1 and opt > 1" - Itojun - -ignore previous NAT mappings for 0/0 and 0/32 rules - -bring in a completely new ftp proxy - -allow NAT to cause packets to be dropped. - -add NetBSD callout support for 1.4-current - -3.4.1 - 30/4/2000 - Released - -add ratoui() and fix parsing of group numbers to allow 0 - UINT_MAX - -don't include opt_inet6.h for FreeBSD if KLD_MODULE is defined - -Solaris must use copyin() for all types of ioctl() args - -fix up screen/tty when leaving "top mode" of ipfstat - -linked list for maptable not setup correctly in nat_hostmap() - -check for maptable rather than nat_table[1] to see if malloc for maptable -succeeded in nat_init - -fix handling of map NAT rules with "from/to" host specs - -fix printout out of source address when using "from/to" with map rules - -convert ip_len back to network byte order, not plen, for solaris as ip_len -may have been changed by NAT and plen won't reflect this - -3.4 - 27/4/2000 - Released - -source address spoofing can be turned on (fr_chksrc) without using -filter rules - -group numbers are now 32bits in size, up from 16bits - -IPv6 filtering available - -add frank volf's state-top patches - -add load splitting and round-robin attribute to redirect rules - -FreeBSD-4.0 support (including KLD) - -add top-style operation mode for ipfstat (-t) - -add save/restore of IP Filter state/NAT information (ipfs) - -further ftp proxy security checks - -support for adding and removing proxies at runtime - -3.3.13 26/04/2000 - Released - -Fix parsing of "range" with "portmap" - -Relax checking of ftp replies, slightly. - -Fix NAT timeouts for ICMP packets - -SunOS4 patches for ICMP redirects from Jurgen Keil (jk@tools.de) - -3.3.12 16/03/2000 - Released - -tighten up ftp proxy behaviour. sigh. yuck. hate. - -fix bug in range check for NAT where the last IP# was not used. - -fix problem with icmp codes > 127 in filter rules caused bad things to -happen and in particular, where #18 caused the rule to be printed -erroneously. - -fix bug with the spl level not being reset when returning EIO from -iplioctl due to ipfilter not being initialized yet. - -3.3.11 04/03/2000 - Released - -make "or-block" work with lines that start with "log" - -fix up parsing and printing of rules with syslog levels in them - -fix from Cy Schubert for calling of apr_fini only if non-null - - -3.3.10 24/02/2000 - Released - -* fix back from guido for state tracking interfaces - -* update for NetBSD pfil interface changes - -* if attaching fails and we can abort, then cleanup when doing so. - -julian@computer.org: -* solaris.c (fr_precheck): After calling freemsg on mt, set it point to *mp. -* ipf.c (packetlogon): use flag to store the return value from get_flags. -* ipmon.c (init_tabs): General cleanup so we do not have to cast - an int s->s_port to u_int port and try to check if the u_int port - is less than zero. - -3.3.9 15/02/2000 - Released - -fix scheduling of bad locking in fr_addstate() used when we attach onto -a filter rule. - -fix up ip_statesync() with storing interface names in ipstate_t - -fix fr_running for LKM's - Eugene Polovnikov - -junk using pullupmsg() for solaris - it's next to useless for what we -need to do here anyway - and implement what we require. - -don't call fr_delstate() in fr_checkstate(), when compiled for a user -program, early but when we're finished with it (got fr & pass) - -ipnat(5) fix from Guido - -on solaris2, copy message and use that with filter if there is another -copy if it being used (db_ref > 1). bad for performance, but better -than causing a crash. - -patch for solaris8-fcs compile from Casper Dik - -3.3.8 01/02/2000 - Released - -fix state handling of SYN packets. - -add parsing recognition of extra icmp types/codes and fix handling of -icmp time stamps and mask requests - Frank volf - -3.3.7 25/01/2000 - Released - -sync on state information as well as NAT information when required - -record nat protocol in all nat log records - -don't reuse the IP# from an active NAT session if the IP# in the rule -has changed dynamically. - -lookup the protocol for NAT log information in ipmon and pass that to -portname. - -fix the bug with changing the outbound interface of a packet where it -would lead to a panic. - -use fr_running instead of ipl_inited. (sysctl name change on freebsd) - -return EIO if someone attempts an ioctl on state/nat if ipfilter is not -enabled. - -fix rule insertion bug - -make state flushing clean anything that's not fully established (4/4) - -call fr_state_flush() after we've released ipf_state so we don't generate -a recursive mutex acquisition panic - -fix parsing of icmp code after return-icmp/return-icmp-as-dest and add -some patches to enhance parsing strength - -3.3.6 28/12/1999 - Released - -add in missing rwlock release in fr_checkicmpmatchingstate() and fix check -for ICMP_ECHO to only be for packet, not state entry which we don't have yet. - -handle SIOCIPFFB in nat_ioctl() and fr_state_ioctl() - -fix size of friostat for SunOS4 - -fix bug in running off the end of a buffer in real audio proxy - -3.3.5 11/12/1999 - Released - -fix parsing of "log level" and printing it back out too - - is only present on Solaris2.6/7/8 - -use send_icmp_err rather than icmp_error to send back a frag-needed error -when doing PMTU - -do not use -b with add_drv on Solaris unless $BASEDIR is set. - -fix problem where source address in icmp replies is reversed - -fix yet another problem with real audio. - -3.3.4 4/12/1999 - Released - -fix up the real audio proxy to properly setup state information and NAT -entries, thanks to Laine Stump for testing/advice/fixes. - -fix ipfr_fastroute to set dst->sin_addr (Sean Farley - appears to prevent -FreeBSD 3.3 from panic'ing) as this had been removed in prior hacks to this -routine. - -fix kinstall for BSDI - -support ICMP errors being allowed through for ICMP packets going out with -keep state enabled - -support hardware checksumming (gigabit ethernet cards) on Solaris thanks to -Tel.Net Media for providing hardware for testing. - -patched from Frank Volf for ipmon (ICMP & fragmented packets) and allowing -ICMP responses to ICMP packets in the keep state table. - -add in patches for hardware checksumming under solaris - -Solaris install scripts now use $BASEDIR as appropriate. - -add Solaris8 support - -fix "ipf -y" on solaris so that it rescans rules also for changes in -interface pointers - -let ipmon become a daemon with -D if it is using syslog - -fix parsing of return-icmp-as-dest(foo) - -add reference to ipfstat -g to ipfstat.8 - -ipf_mutex needs to be declared for irix in ip_fil.c - -3.3.3 22/10/1999 - Released - -add -g command line option to ipfstat to show groups still define. - -fix problem with fragment table not recording rule pointer when called -from state functions (fin_fr not set). - -fixup fastroute problems with keep state rules. - -load rules into inactive set first, so we don't disable things like NIS -lookups half way through processing - found by Kevin Littlejohn - -fix handling of unaligned ip pointer for solaris - -patch for fr_newauth from Rudi Sluijtman - -fixed htons() bug in fr_tcpsum() where ip_p wasn't cast to u_short - -3.3.2 23/09/1999 - Released - -patches from Scott Presnell to fix rcmd proxy - -patches from Greg to fix Solaris detachment of interfaces - -add openbsd compatibility fixes - -fix free'ing already freed memory in ipfr_slowtimer() - -fix for deferencing invalid memory in cleaning up after a device disappears - -3.3.1 14/8/1999 - Released - -remove include file sys/user.h for irix - -prevent people from running buildsunos directly - -fix up some problems with the saving of rule pointers so that NAT saves -that information in case it should need to call fr_addstate() from a proxy. - -fix up scanning for the end of FTP messages - -don't remove /etc/opt/ipf in postremove - -attempt to prevent people running buildsolaris script without doing a -"make solaris" - -fix timeout losing on freebsd3 - -3.3 7/8/1999 - Released - -NAT: information (rules, mappings) are stored in hash tables; setup some -basic NAT regression testing. - -display version name of installed kernel code when initializing. - -add -V command line option to ipf, showing version (program and kernel -module) as well as the run-status of the kernel code. - -fix problem with "log" rules actually affecting result of filtering. - -automatically use SUNWspro if available and on a 64bit Solaris system for -compiling. - -add kernel proxies for rcmd(3) and RealAudio (PNA) - -use timeout/untimeout on SunOS4/BSD platforms too rather than hijacking -ip_slowtimo - -fix IP headers generated through parsing of text information - -fix NAT rules to be in the correct order again. - -make keep-state work with to/fastroute keywords and enforce usage of those -interfaces. - -update keep-state code with new algorithm from Guido - -add FreeBSD-3 support - -add return-icmp-as-dest option to retrun an ICMP packet using the original -destination as the source rather than a local IP address - -add "level [facility.]" option to filter language - -add changes from Guido to state code. - -add code to return EPERM if the device is opened for writing and we're -in securelevel 2 or greater. - -authentication code patches from Guido - -fix real audio proxy - -fix ipmon rule printing of interfaces and add IN/OUT to the end of ipmon -log output. - -fix bimap rules with hash tables - -update addresses used in NAT mappings for 0/32 rules for any protocol but TCP -if it changes on the interface - check every ip_natexpire() - -add redirect regression test - -count buckets used in the state hash table. - -fix sending of RST's with return-rst to use the ack number provided in -the packet being replied to in addition to the sequence number. - -fix to compile as a 64bit application on solaris7-64bit - -add NAT IP mapping to ranges of IP addresses that aren't CIDR specified - -fix calculation of in_space parameter for NAT - -fix `wrapping' when incrementing the next ip address for use in NAT - -fix free'ing of kernel memory in ip_natunload on solaris - -fix -l/-U command line options from interfering with each other - -fix fastroute under solaris2 and cleanup compilation for solaris7 - -add install scripts and compile cleanly on BSD/OS 4.0 - -safely open files in /tmp for writing device output when testing. - -fix uninitialized pointer bug in NAT - -fix SIOCZRLST (zero list rule stats) bug with groups - -change some usage of u_short to u_int in function calling - -fix compilation for Solaris7 (SUNWspro) - -change solaris makefiles to build for either sparc or i386 rather than -per-cpu (sun4u, etc). - -fixed bug in ipllog - -add patches from George Michaelson for FreeBSD 3.0 - -add patch from Guido to provide ICMP checking for known state in the same -manner as is done for NAT. - -enable FTP PASV proxying and enable wildcarding in NAT/state code for ports -for better PORT/PASV support with FTP. - -bring into main tree static nat features: map-block and "auto" portmapping. - -add in source host filtering for redirects (alan jones) - -3.2.10 22/11/98 - Released - -3.2.10beta9 17/11/98 - Released - -fix fr_tcpsum problems in handling mbufs with an odd number of bytes -and/or split across an mbuf boundary - -fix NAT list entry comparisons and allow multiple entries for the same -proxy (but on different ports). - -don't create duplicate NAT entries for repeated PORT commands. - -3.2.10beta8 14/11/98 - Released - -always exit an rwlock before expecting to enter it again on solaris - -fix loop in nat_new for pre-existing nat - -don't setup state for an ftp connection if creating nat fails. - -3.2.10beta7 05/11/98 - Released - -set fake window in ipft_tx.c to ensure code passes tests. - -cleaned up/enhanced ipnat -l/ipnat -lv output - -fixed NAT handling of non-TCP/UDP packets, esp. for ICMP errors returned. - -Solaris recusive mutex on icmp-error/tcp-reset - requires rwlock's rather -than mutexes. - -3.2.10beta6 03/11/98 - Released - -fix mixed use of krwlock_t and kmutex_t on Solaris2 - -fix FTP proxy back up, splitting pasv code out of port code. - -3.2.10beta5 02/11/98 - Released - -fixed port translation in ICMP reply handling - -3.2.10beta4 01/11/98 - Released - -increase useful statistic collection on solaris - -filter DL_UNITDATA_REQ as well as DL_UNITDATA_IND on solaris - -disable PASV reply translation for now - -fail with an error if we try to load a NAT rule with a non-existant - proxy name - Guido - -fix portmap usage with 0/0 and 0/32 map rules - -remove ap_unload/ap_expire - automatically done when NAT is cleaned up - -print "STATE:CLOSED" from ipmon if the connection progresses past established - rather than "STATE:EXPIRED" - -3.2.10beta3 26/10/98 - Released - -fixed traceroute/nat problem - -rewrote nat/proxy interface - -ipnat now lists associated proxy sessions for each NAT where applicable - -3.2.10beta2 13/10/98 - Released - -use KRWLOCK_T in place of krwlock_t for solaris as well as irix - -disable use of read-write lock acquisition by default - -add in mb_t for linux, non-kernel - -some changes to progress compilation on linux with glibc - -change PASV as well as PORT when passed through kernel ftp proxy. - -don't allow window to become 0 in tcp state code - -make ipmon compile cleaner - -irix patches - -3.2.10beta 11/09/98 - Released - -stop fr_tcpsum() thinking it has run out of data when it hasn't. - -stop solaris panics due to fin_dp being something wild. - -revisit usage of ATOMIC_*() - -log closing state of TCP connection in "keep state" - -fix fake-arp table code for ipsend. - -ipmon now writes pid to a file. - -fix "ipmon -a" to actually activate all logging devices. - -add patches for BSDOS4. - -perl scripts for log analysis donated. - -3.2.9 22/06/98 - Released - -fix byte order for ICMP packets generated on Solaris - -fix some locking problems. - -fix malloc bug in NAT (introduced in 3.2.8). - -patch from guido for state connections that get fragmented - -3.2.8 08/06/98 - Released - -use readers/writers locks in Solaris2 in place of some mutexes. - -Solaris2 installation enhancements - Martin Forssen (maf@carlstedt.se) - -3.2.7 24/05/98 - Released - -u_long -> u_32_t conversions - -patches from Bernd Ernesti for NetBSD - -fixup ipmon to actually handle HUP's. - -Linux fixes from Michael H. Warfield (mhw@wittsend.com) - -update for keep state patch (not security related) - Guido - -dumphex() uses stdout rather than log - -3.2.6 18/05/98 - Released - -fix potential security loop hole in keep state code. - -update examples. - -3.2.5 09/05/98 - Released - -BSD/OS 3.1 .o files added for the kernel. - -fix sequence # skew vs window size check. - -fix minimum ICMP header size check. - -remove references to Cybersource. - -fix my email address. - -remove ntohl in ipnat - Thomas Tornblom - -3.2.4 09/04/98 - Released - -add script to make devices for /dev on BSD boxes - -fixup building into the kernel for FreeBSD 2.2.5 - -add -D command line option to ipmon to make it a daemon and SIGHUP causes -it to close and reopen the logfile - -fixup make clean and make package for SunOS5 - Marc Boucher - -postinstall keeps adding "minor=ipf ipl" - George Ross - -protected by IP Filter gif - Sergey Solyanik - -3.2.3 10/11/97 - Released - -fix some iplang bugs - -fix tcp checksum data overrun, sgi #define changes, -avoid infinite loop when nat'ing to single IP# - Marc Boucher - -fixup DEVFS usage for FreeBSD - -fix sunos5 "make clean" cleaning up too much - -3.2.2 28/11/97 - Released - -change packet matching to return actual error, if bad packet, to facilitate -ECONNRESET for TCP. - -allow ip:netmask in grammar too now - Guido - -assume IRIX has u_int32_t in sys/types.h (needed for R10000) - -rewrite parts of command line options for ipmon - -fix TCP urgent packet & offset testing and add LAND attack test for iptest - -fix grammar error in yacc grammar for iplang - -redirect (rdr) destination port bytes-wapped when it shouldn't be. - -general: fr_check now returns error code, such as EHOSTUNREACH or -ECONNRESET (attempt to make ECONNRESET work for locally outbound -packets). - -linux: enable return-rst, need to filter tcp retransmits which are sent - separately from normal packets - -memory leak plugged in ip_proxy.c - -BSDI compatibility patches from Guido - -tcp checksum fix - Marc Boucher - -recursive mutex and ioctl param fix - Marc Boucher - -3.2.1 12/11/97 - Released - -port to BSD/OS 3.0 - -port to Linux 2.0.31 - -patches to make "map a/m -> 0/0" work with ftp proxying properly - Marc Boucher - -add "ipf -F s" and "ipf -F S" to flush state table entries. - -announce if logging is on or off when ip filter initializes. - -"ipf -F a" doesn't flush groups properly for Solaris. - -3.2 30/10/97 - Released - -ipnat doesn't successfully remove proxy mappings with "-rf" - -Alexander Romanyu - -use K&R C function style for solaris kernel code - -use m_adj() to decrease packet size in ftp proxy - -use mbufchainlen rather than msgdsize, -IRIX update - Marc Boucher - -fix NetBSD modunload bug (pfil_add_hook done twice) - -patches for OpenBSD 2.1 - Craig Bevins - -3.2beta10 24/10/97 - Released - -fix fragment table entries allocated for NAT. - -fix tcp checksum calculations over mbuf/mblk boundaries - -fix panic for blen < 0 in ftp kernel proxy - marc boucher - -fix flushing of rules which have been grouped. - -3.2beta9 20/10/97 - Released - -some nit picking on solaris2 with SUNWspro - Michael Lyle - -ftp kernel proxy patches from Marc Boucher - -3.2beta8 13/10/97 - Released - -add support for passing ICMP errors back through NAT. - -IRIX port update - Marc Boucher - -calculate correct MIN size of packet to log for UDP - Marc Boucher - -need htons(ETHERTYPE_x) on little endian BSD boxes - Dave Huang - -copyright header fixups - -3.2beta7 23/09/97 - Released - -fickup problems introduced by prior merges & changes. - -3.2beta6 23/09/97 - Released - -patch for spin-reading race condition - Marc Boucher. - -IRIX port by Marc Boucher. - -compatibility updates for Linux to ipsend - -3.2beta5 13/09/97 - Released - -patches from Bernd Ernesti for NetBSD integration (mostly prototyping and -compiler warning things) - -ipf -y will resync IP#'s allocated with 0/32 in NAT to match interface if it -changes. - -update manual pages and other documentation updates. - -3.2beta4 27/8/97 - Released - -enable setting IP and TCP options for iplang/ - -Solaris2 patches from Marc Boucher. - -add groups for filter rules. - -3.2beta3 21/8/97 - Released - -patches for Solaris2 (interface panic solution ?): fix FIONREAD and -replacing q_qinfo points - Marc Boucher - -change ipsend/* and ipsd/* copyright notices to be the same as ip filter's - -patch for SYN-ACK skew testing fix from Eric V. Smith - -3.2beta2 6/8/97 - Released - -make it load on Solaris 2.3 - -rewrote logging to remove solaris errors, introduced checking to see if the -same packet is logged successively. - -fix filter cache to work when there are no rules loaded. - -add "raw" option to ipresend to send entire ethernet frames. - -nat list corruption bug - NetBSD - Klaus Klein - -3.2beta1 5/7/97 - Released - -patches from Jason Thorpe fixing: UNSIGNED_CHAR lossage, off_t being 64bits -lossage, and other NetBSD bits. - -NetBSD 1.2G update. - -fixup fwtk patches and add protocol field for SIOCGNATL. - -rdr bugs reported by Alexander Romanyu (alexr@aix.krid.crimea.ua), with -fixes: -* rdr matched all packets of a given protocol (ignored ports). -* severe bug in nat_delete which caused system crash/freeze. - -change Makefile so that CC isn't passed on for FreeBSD/NetBSD (will use -the default CC - cc, not gcc) - -3.2alpha9 16/6/97 - Released - -added "skip" keyword. - -implement preauthentication of packets, as outlined by Guido. - -Make it compile as cleanly as possible with -Wall & general code cleanup - -getopt returns int, not char. Bernd Ernesti - -3.2alpha8 13/6/97 - Released - -code added to support "auth" rules which require a user program to allow them -through. First revision and much of the code came from Guido. - -hex output from ipmon doesn't goto syslog when recovering from out of sync -error. Luke Mewburn (lukem@connect.com.au) - -fix solaris2.6 lookup of destination ire's. - -ipnat doesn't throw away unused bits (after masking), causing it to -behave incorrectly. Carson Gaspar - -NAT code doesn't include inteface name when matching - Alexey Mavrin - - -replace old SunOS tcpip.h with new tcpip.h (from 4.4BSD) - Jason Thorpe. - -update install procedures to include ip_proxy.c - -mask out unused bits in NAT/RDR rules. - -use a generic type (u_32_t) for 32bit variables, rather than rely on -u_long being such - Jason Thorpe. - -create a local "netinet" directory and include from ~netinet/*" rather than -just "*" to make keeping the code working on ports easier. - -add an m_copydata and m_copyback for SunOS4 (based on 4.4BSD-Lite versions) - -documentation updates. - -NetBSD update from Jason Thorpe - -allow RST's through with a matching SEQ # and 0 ACK. Guido Van Rooij - -ipmon uses excessive amounts of CPU on Solaris2 - Reinhard Bertram - - -3.2alpha7 25/5/97 - Released - -add strlen for pre-2.2 kernels - Doug Kite - -setup bits and pieces for compiling into a FreeBSD-2.2 kernel. - -split up "bsd" targets. Now a separate netbsd/freebsd/bsd target. -mln_ipl.c has been split up into itself and mlf_ipl.c (for freebsd). - -fix (negative) host matching in filtering. - -add sysctl interface for some variables when compiled into FreeBSD-2.2 kernels -or later. - -make all the candidates for kernel compiling include "netinet/..." and build -a subdirectory "netinet" when compiling and symlink all .h files into this. - -add install make target to Makefile.ipsend - -3.2alpha6 8/5/97 - Released - -Add "!" (not) to hostname/ip matching. - -Automatically add packet info to the fragment cache if it is a fragment -and we're translating addreses for. - -Automatically add packet info to the fragment cache if it is a fragment -and we're "keeping state" for the packet. - -Solaris2 patches - Anthony Baxter (arb@connect.com.au) - -change install procedure for FreeBSD 2.2 to allow building to a kernel -which is different to the running kernel. - -add FIONREAD for Solaris2! - -when expiring NAT table entries, if we would set a time to fr_tcpclosed -(which is 1), make it fr_tcplaskack(20) so that the state tables have a -chance to clear up. - -3.2alpha5 - -add proxying skeleton support and sample ftp transparent proxy code. - -add printfs at startup to tell user what is happening. - -add packets & bytes for EXPIRE NAT log records. - -fix the "install-bsd" target in the root Makefile. Chris Williams - - -Fixes for FreeBSD 2.2 (and later revs) to prevent panics. Julian Assange. - -3.2alpha4 2/4/97 - Released - -Some compiler warnings cleaned up. - -FreeBSD-2.2 patches for LKM completed. - -3.2alpha3 31/3/97 - Released - -ipmon changes: -N for reading NAT logfile, -S for reading state logfile. --a for reading all. -n now toggles hostname resolution. - -Add logging of new state entries and expiration of old state entries. -count log successes and failures. - -Add logging of new NAT entries and expiration of old NAT entries. -count log successes and failures. - -Use u_quad_t for records of bytes & packets where kept -(IP Accounting: fr_hits, fr_bytes; IP state: is_pkts, is_bytes). - -Fixup use of CPU and DCPU in Makefiles. - -Fix broken 0/32 NAT mapping. Carl Makin - -3.2alpha2 - -Implement mapping to 0/32 as being an alias for automatically using the -interface's first IP address. - -Implement separate minor devices for both NAT and IP state code. - -Fully prototype all functions. - -Fix Makefile problem due to attempt to fix Sun compiling problems. - -3.1.10 23/3/97 - Released - -ipfstat -a requires a -i or -o command line option too. Print an error -when not present rather than attempt to do something. - -patch updates for SunOS4 for kernel compiling. -patch for ipmon -s (flush's syslog file which isn't good). Andrew J. Schorr - - -too many people hit their heads hard when compiling code into the kernel -that doesn't let any packets through. (fil.c - IPF_NOMATCH) - -icmp-type parsing doesn't return any errors when it isn't constructed -correctly. Neil Readwin - -Using "-conf" with modload on SunOS4 doesn't work. -Timothy Demarest - -Need to define ARCH in makefile for SunOS4 building. "make sunos4" -in INSTALL.SunOS is incorrect. James R Grinter -[all SunOS targets now run buildsunos] - -NAT lookups are still incorrect, matching non-TCP/UDP with TCP/UDP -information. ArkanoiD - -Need to check for __FreeBSD_version being 199511 rather than 199607 -in mln_ipl.c. Eric Feillant - -3.1.9 8/3/97 - Released - -fixed incorrect lookup of active NAT entries. - -patch for ip_deq() wrong for pre 2.1.6 FreeBSD. -fyeung@fyeung8.netific.com (Francis Yeung) - -check for out with return-rst/return-icmp at wrong place - Erkki Ritoniemi -(erkki@vlsi.fi) - -text_readip returns the interface pointer pointing to text on stack - -Neil Readwin - -fix from Pradeep Krishnan for printout rules "with not opt sec". - -3.1.8 18/2/97 - Released - -Diffs for ip_output.c and ip_input.c updated to fix bug with fastroute and -compiling warnings about reuse of m0. - -prevent use of return-rst and return-icmp with rules blocking packets going -out, preventing panics in certain situations. - -loop forms in frag cache table - Yury Pshenychny - -should use SPLNET/SPLX around expire routines in NAT/frag/state code. - -redeclared malloc in 44arp.c - - -3.1.7 8/2/97 - Released - -Macros used for ntohs/htons supplied with gcc don't always work very well -when the assignment is the same variable being converted. - -Filter matching doesn't not match rule which checks tcp flags on packets -which are fragments - David Wilson - -3.1.7beta 30/1/97 - Released - -Fix up NAT bugs introduced in last major change (now tested), including -nat_delete(), nat_lookupredir(), checksum changes, etc. - -3.1.7alpha 30/1/97 - Released - -Many changes to NAT code, including contributions from Laurent Joncheray - - -Use "NO_SLEEP" when allocating memory under SunOS. - -Make kernel printf's nicer for BSD/SunOS4 - -Always do a checksum for packets being filtered going out and being -processed by fastroute. - -Leave kernel to play with cdevsw on *BSD systems with LKM's. - -ipnat.1 man page fixes. - -3.1.6 21/1/97 - Released - -Allow NAT to work on BSD systems in conjunction with "pass .. to ifname" - -Memory leak introduced in 3.1.3 in NAT lists, clearing of NAT table tried -to free memory twice. - -NAT recalculates IP header checksum based on difference between IP#'s and -port numbers - should be just IP#'s (Solaris2 only) - -3.1.5 13/1/97 - Released - -fixed setting of NAT timeouts and use different timeouts for concurrent -TCP sessions using the same IP# mapping (when port mapping isn't used) - -multiple loading/unloading of LKM's doesn't clean up cdevsw properly for -*BSD systems. - -3.1.4 10/1/97 - Released - -add command line options -C and -F to ipnat to flush NAT list and table - -ipnat -l loops on output - Neil Readwin (nreadwin@nysales.micrognosis.com) - -NetBSD/FreeBSD kernel malloc changes - Daniel Carosone - -3.1.3 10/1/97 - Released - -NAT chains not constructed correctly in hash tables - Antony Y.R Lu -(antony@hawk.ee.ncku.edu.tw) - -Updated INSTALL.NetBSD, INSTALL.FreeBSD and INSTALL.Sol2 - -man page update (ipf.5) from Daniel Carosone (dan@geek.com.au) - -ICMP header checksum update now included in NAT. - -Solaris2 needs to modify IP header checksums in ip_natin and ip_natout. - -3.1.2 4/12/96 - Released - -ipmon doesn't use syslog all the time when given -s option - -fixed mclput panic in ip_input.c and replace ntohs() with NTOHS() macro - -check the results of hostname resolution in ipnat - -"make *install" fixed for subdirectories. - -problems with "ARCH:=" and gnu make resolved - -parser reports an error for lines with whitespaces only rather than skipping -them. D.Carosone@abm.com.au (Daniel Carosone) - -patches for integration into NetBSD-current (post 1.2). - -add an option to allow non-IP packets going up/down the stream on Solaris2 -to be dropped. John Bass. - -3.1.2beta 21/11/96 - Released - -make ipsend compile on Linux 2.0.24 - -changes to TCP kept state algorithm, making it watch state on TCP -connections in both directions. Also use the same algorithm for NAT TCP. - --Wall cleanup - Bernd Ernesti - -added "or-block" for "pass .. log or-block" after a suggestion from -David Oppenheim (davido@optimation.com.au) - -added subdirectories for building IP Filter in SunOS5/BSD for different -cpu architecures - -Solaris2 fixes to logging and pre-filtering packet processing - 3.1.1p2 - -mbuf logging not using mtod(), remove iplbusy - 3.1.1p1 1/11/96 - -3.1.1 28/10/96 - Released - -Installation script fixes and deinstall scripts for IP Filter on: -SunOS4/FreeBSD/NetBSD - -Man page fixes - Paul Dubois (dubois@primate.wisc.edu) - -Fix use of SOLARIS macro in ipmon, rewrote ipllog() (again!) - -parsing isn't completely case insensitive - David Wilson -(davidw@optimation.com.au) - -Release ipl_mutex across uiomove() calls - -print entire rule entries out for "ipf -z" when zero'ing per-rule stats. - -ipfstat returns same output for "hits" in "ipfstat -aio" - Terletsky Slavik -(ts@polynet.lviv.ua) - -New algorithm for setting timeouts for TCP connection (more closely follow -TCP FSM) - Pradeep Krishnan (pkrishna@netcom.com) - -Track both window sizes for TCP connections through "keep state". - -Solaris2 doesn't like _KERNEL defined in stdargs.h - Jos van Wezel -(wezel@bio.vu.nl) - -3.1.1-beta2 6/10/96 - Released - -Solaris2 fastroute/dup-to/to now works - -ipmon `record' reading rewritten - -Added post-NetBSD1.2 packet filter patches - Mathew Green (mrg@eterna.com.au) - -Attempt to use in_proto.c.diff, not "..diffs" for SunOS4 - David Wilson -(davidw@optimation.com.au) - -Michael Ryan (mike@NetworX.ie) reports the following: -* The Trumpet WinSock under Windows always sends its SYN packet with an ACK - value of 1, unlike any other implementation I've seen, which would set it - to zero. The "keep state" feature of IP Filter doesn't work when receiving - non-zero ACK values on new connection requests. -* */Makefile install rule doesn't install all the binaries/man pages -* Make ipnat use "tcp/udp" instead of "tcpudp" -* Print out "tcp/udp" properly -* ipnat "portmap tcp" matches "portmap udp" when adding/removing -* NAT dest. ip# increased by one on mask of 0xffffffff when it shouldn't - -3.1.1-beta 1/9/96 - Released - -add better detection of TCP connections closing to TCP state monitoring. - -fr_addstate() not called correctly for fragments. "keep state" and -"keep frag" code don't work together 100% - Songqing Cai -(songqing_cai@sterling.com) - -call to fr_addstate() incorrect for adding state in combination with keeping -fragment information - Songqing Cai (songqing_cai@sterling.com) - -KFREE() passed fp (incorrect) and not fr (correct) in ip_frag.c - John Hood -(cgull@smoke.marlboro.vt.us) - -make ipf parser recognise '\\' as a `continued line' marker - Dima Ruban -(dima@best.net) - -3.1.1-alpha 23/8/96 - Released - -kernel panic's when ICMP packets go through NAT code - -stats aren't zero'd properly with ipf -Z - -ipnat doesn't show port numbers correctly all the time and also add the -protocol (tcp/udp/tcpudp) to rdr output - Carson Gaspar (carson@lehman.com) - -fast checksum fixing not 100% - backout patch - Bill Dorsey (dorsey@lila.com) - -NetBSD-1.2 patches from - VaX#n8 - -Usage() call error in fils.c - Ajay Shekhawat (ajay@cedar.buffalo.edu) - -ip_optcopy() staticly defined in ip_output.c in SunOS4 - Nick Hall -(nrh@tardis.ed.ac.uk) - -3.1.0 7/7/96 - Released - -Reformatted ipnat output to be compatible with it's input, so that -"ipnat -l | ipnat -rf -" is possible. - -3.1.0beta 30/6/96 - Released - -NetBSD-1.2 patches from Greg Woods (woods@most.weird.com) - -kernel module must not be installed stripped (Solaris2), as created by -"make package" for Solaris2 - Peter Heimann -(peter@i3.informatik.rwth-aachen.de) - -3.1.0alpha 5/6/96 - Released - -include examples in package for solaris2 - -patches for removing an extra ip header checksum (FreeBSD/NetBSD/SunOS) - -removed trailing space from printouts of rules in ipf. - -ipresend supports the same range of inputs that ipftest does. - -sending a duplicate copy of a packet to another network devices is now -supported. ("dup-to") - -sending a packet to an arbitary interface is now supported, irrespective -of its actual route, with no ttl decrement. Can also be routed without -the ttl being decremented. ("to" and "fastroute"). - -"call" option added to support calling a generic function if a packet is -matched. - -show all (upto 4) recorded bytes from the interface name in logging from -ipmon. - -support for using unix file permissions for read/write access on the device -is now in place. - -recursive mutex in nat_new() for Solaris 2.x - Per L. Hagen - -ipftest doesn't call initparse() for THISHOST - Catherine Allen -(cla@connect.com.au) - -Man page corrections from Rex Bona (rex@pengo.comsmiths.com.au) - -3.0.4 10/4/96 - Released - -looop in `parsing' IP packets with optlen 0 for ip options. - -rule number not initialized and resulted in unexpected results for state -maching. - -option parsing and printing bugs - Pradeep Krishnan - -3.0.4beta 25/3/96 - Released - -wouldn't parse "keep flags keep state" correctly. - -SunOS4.1.x ip_input.c doesn't recognise all 1s broadcast address - Nigel Verdon - -patches for BSDI's BSD/OS 2.1 and libpcap reader on little endian systems -from Thorsten Lockert - -b* functions in fil.c on Solaris 2.4 - -3.0.3 17/3/96 - Released - -added patches to support IP Filter initialisation when compiled into the -kernel. - -added -x option to ipmon to display hex dumps of logged packets. - -added -H option to ipftest to allow ascii-hex formatted input to specify -arbitary IP packets. - -Sending TCP RSTs as a response now work for Solaris2 x86 - -add patches to make IP Filter compile into NetBSD kernels properly. - -patch to stop SunOS 4.1.x kernels panicing with "data traps". - -ipfboot script unloads and reloads ipf module on Solaris2 if it is already -loaded into the kernel. - -Installation of IP Filter as a Solaris2 package is now supported. - -Man pages for ipnat.4, ipnat.5 added. - -added some more regression tests and fixed up IP Filter to pass the new tests -(previous versions failed some of the tests in set 12). - -IP option filter processing has changed so that saying "with opt lsrr" will -check only for that one, but not mask out other options, so a packet with -strict source routing, along with loose source routing will match all of -"with opt lsrr", "with opt ssrr" and "with opt lsrr,ssrr". - -IPL_NAME needed in ipnat.c - Kelly (kelly@count04.mry.scruznet.com) - -patches for clean NetBSD compilation from Bernd Ernesti (bernd@arresum.inka.de) - -make install is incorrect - Julian Briggs (julian@lightwork.co.uk) - -strtol() returns 0x7fffffff for all negative numbers, -printfr() generates incorrect output for "opt sec-class *", -handling of "not opt xxx opt yyy" incorrect. -- Minh Tonthat (minht@sbei.com)/Pradeep Krishnan (pradeepk@sbei.com) - -m_pullup() called only for input and not output; caused problems -with filtering icmp - Nigel Verdon (verdenn@gb.swissbank.com) - -parsing problem for "port 1" and NetBSD patches incorrect - -Andreas Gustafsson (gson@guava.araneus.fi) - -3.0.2 4/2/96 - Released - -Corrected bug where NAT recalculates checksums for fragments. - -make NAT recalculate UDP checksums (rather than setting them to 0), -if they're non-zero. - -DNS patches - Real Page (Real.Page@Matrox.com) - -alteration of checksum recalculations in NAT code and addition of -redirection with NAT - Mike Neuman - -core dump, if tcp/udp is used with a port number and not service name, -in ipf - Mike Neuman (mcn@engarde.com) - -initparse() call, missing to prime "" hook - Craig Bishop - -3.0.1 14/1/96 - Released - -miscellaneous patches for Solaris2 - -3.0 14/1/96 - Released - -Patch included for FDDI, from Richard Ohnemus -(Richard_Ohnemus@dallas.csd.sterling.com) - -Code cleanup for release. - -3.0beta4 10/1/96 - -recursive mutex in ipfr_slowtimer fixed, reported by Craig Bishop - -recursive mutex in sending TCP RSTs fixed, reported by Tony Becker - -3.0beta3 9/1/96 - -FIxup for Solaris2.5 install and interface name bug in ipftest from -Julian Briggs (julian@lightwork.co.uk) - -Byte order patches for ipmon from Tony Becker (tony@mcrsys.com) - -3.0beta2 7/1/96 - -Added the (somewhat warped) IP accounting as it exists in ipfw on FreeBSD. -Note, this isn't really what one would call IP account, when compared to -process accounting, sigh. - -Split up ipresend into iptest/ipresend/ipsend - -Added another m_pullup() inside fr_check() for BSD style kernels and -added some checks to ipllog() to not log more than is present (for short -packets). - -Fixed bug where failed hostname/netname resolution goes undetecte and -becomes 0.0.0.0 (any) (reported Guido van Rooij) - -3.0beta 11/11/95 - Released - -Rewrote the way rule testing is done, reducing the number of files needed and -generated. - -SIOCIPFFL was incorrectly affected by IPFILTER_LOG (Mathew Green) - -Patches from Guido van Rooij to fix sending back TCP RSTs on Net-2/Net-3 -BSD based Unixes (panic'd) - -Patches for FreeBSD/i86 ipmon from Riku Kalinen -(I think someone else already told me about these but they got lost :-/) - -Changed Makefile structure to build object files for different operating -systems in separate directories by default. - -BSDI has ef0 for first ethernet interface - -Allow for a "not" operator before optional keywords. - -The "rule number" was being incorrectly incremented every time it went through -the loop rather than when it matched a rule. - -2.8.2 24/10/95 - Released - -Fixed up problems with "textip" for doing lots of testing. - -Fixed bug in detection of "short" tcp/ip packets (all reported as being short). - -Solaris 2.4 port now works 100%. - -Man page errors reported and fixed. - -Removed duplicate entry in etc/services for login on port 49 (Craig Bishop). - -Fixed ipmon output to put a space after the log-letter. - -Patch from Guido van Rooij to fix parsing problem. - -2.8.1 15/10/95 - Released - -Added ttl and tos filtering. - -Patches for fixing up compilation and port problems (little endian) -from Guido van Rooij . - -Man page problems reported and fixed by Carson Gaspar . - -ipsend doesn't compile properly on Solaris2.4 - -Lots of work done for Solaris2.4 to make it MT/MP safe and work. - -2.8 15/9/95 - Released - -ipmon can now send messages to syslogd (-s) and use names instead of -numbers (-N). - -IP packets are now "compiled" into a structure only containing filterable -bits. - -Added regression testing in the test/ subdirectory, using a new option -(-b) with the ipftest program. - -Added "nomatch" return to filter results. These are counted and show -up in reports from ipfstat. - -Moved filter code out of ip_fil.c and into fil.c - there is now only one -instance of it in the package. - -Added Solaris 2.4 support. - -Added IPSO basic security option filtering. - -Added name support for filtering on all 19 named IP options. - -Patches from Ivan Brawley to log packet contents as well as packet headers. - -Update for sun/conf.c.diff from Ivan Brawley - -Added patches for FreeBSD 1, and added two new switches (-E, -D) to ipf, -along with a new ioctl, SIOCFRENB. -From: Dieter Dworkin Muller - -2.7.3 31/7.95 - Released - -Didn't compile cleanly without IPFILTER_LOG defined (Mathew Green). - -ipftest now deals with tcpdump3 binary output files (from libpcap) with -P. - -Brought ipftest program upto date with actual filter code. - -Filter would cause a match to occur when it wasn't meant to if the packet -had short headers and was missing portions that should have been there. -Err, it would rightly not match on them, but their absence caused a match -when it shouldn't have been. - -2.7.2 26/7/95 - Released - -Problem with filtering just SYN flagged packets reported by -Dieter Dworkin Muller . To solve this -problem, added support for masking TCP flags for comparison "flags X/Y". - -2.7.1 9/7/95 - Released - -Added ip_dirbroadcast support for Sun ip_input.c - -Fixed up the install scripts for FreeBSD/NetBSD to recognise where they are -better. - -2.7 7/7/95 - Released - -Added "return-rst" to return TCP RST's to TCP packets. - -Actually ported it to FreeBSD-i386 2.0.0, so it works there properly now. - -Added insertion of filter rules. Use "@<#>" at the beginning of a filter -to insert a rule at row #. - -Filter keeps track of how many times each rule is matched. - -Changed compile time things to match kernel option (IPFILTER_LKM & -IPFILTER_LOG). - -Updated ip_input.c and ip_output.c with paches for 3.5 Multicast IP. -(No change required for 3.6) - -Now includes TCP fragments which start inside the TCP header as being short. -Added counting the number of times each rule is matched. - - -2.6 11/5/95 - Released - -Added -n option to ipf: when supplied, no changes are made to the kernel. - -Added installation scripts for SunOS 4.1.x and NetBSD/FreeBSD/BSDI. - -Rewrote filtering to use a more generic mask & match procedure for -checking if a packet matches a rule. - -2.5.2 27/4/95 - Released - -"tcp/udp" and a non-initialised pointer caused the "proto" to become -a `random' value; added "ip#/dotted.mask" notation to the BNF. -From Adam W. Feigin - -2.5.1 22/3/95 - Released - -"tcp/udp" had a strange effect (undesired) on getserv*() functions, -causing protocol/service lookups to fail. Reported by Matthew Green. - -2.5 17/3/95 - Released - -Added a new keyword "all" to BNF and parsing of tcpdump/etherfind/snoop -output through the ipftest program. Suggestions from: -Michael Ciavarella (mikec@phyto.apana.org.au) - -Conflicts occur when "general" filter rules are used for ports and the -lack of a "proto" when used with "port" matches other packets when only -TCP/UDP are implied. -Reported Matthew Green (mrg@fulcom.com.au); -reported & fixed 6-8/3/95 - -Added filtering of short TCP packets using "with short" 28/2/95 -(These can possibly slip by checks for the various flags). Short UDP -or ICMP are dropped to the floor and logged. - -Added filtering of fragmented packets using "with frag" 24/2/95 - -Port to NetBSD-current completed 20/2/95, using LKM. - -Added logging of the rule # which caused the logging to happen and the -interface on which the packet is currently as suggested by -Andreas Greulich (greulich@math-stat.unibe.ch) 10/2/95 - -2.4 9/2/95 - Released -Fixed saving of IP headers in ICMP packets. - -2.3 29/1/95 -Added ipf -F [in|out|all] to flush filter rule sets (SIOCIPFFL). -Fixed iplread() and iplsave() with help from Marc Huber. - -2.2 7/1/95 - Released -Added code from Marc Huber to allow it to allocate -its own major char number dynamically when modload'ing. Fixed up -use of <, >, <=, >= and >< for ports. - -2.1 21/12/94 - Released -repackaged to include the correct ip_output.c and ip_input.c *goof* - -2.0 18/12/94 - Released -added code to check for port ranges - complete. -rewrote to work as a loadable kernel module - complete. - -1.1 -added code for ouput filtering as well as input filtering and added support for logging to a simple character device of packet headers. - -1.0 22/04/93 - Released -First release cut. diff --git a/contrib/ipfilter/LICENCE b/contrib/ipfilter/LICENCE deleted file mode 100644 index f4cc8ee76bfa..000000000000 --- a/contrib/ipfilter/LICENCE +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright (C) 1993-2000 by Darren Reed. - * - * The author accepts no responsibility for the use of this software and - * provides it on an ``as is'' basis without express or implied warranty. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * - * I hate legaleese, don't you ? - */ diff --git a/contrib/ipfilter/Makefile b/contrib/ipfilter/Makefile deleted file mode 100644 index 1ac9c94a75dc..000000000000 --- a/contrib/ipfilter/Makefile +++ /dev/null @@ -1,410 +0,0 @@ -# -# Copyright (C) 2012 by Darren Reed. -# -# Redistribution and use in source and binary forms are permitted -# provided that this notice is preserved and due credit is given -# to the original author and the contributors. -# -# $FreeBSD$ -# Id: Makefile,v 2.76.2.24 2007/09/26 10:04:03 darrenr Exp $ -# -SHELL=/bin/sh -BINDEST=/usr/local/bin -SBINDEST=/sbin -MANDIR=/usr/local/man -#To test prototyping -CC=gcc -Wstrict-prototypes -Wmissing-prototypes -Wunused -Wuninitialized -#CC=gcc -#CC=cc -Dconst= -DEBUG=-g -# -O -CFLAGS=-I$$(TOP) -D_BSD_SOURCE -CPU=`uname -m` -CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m` -OBJ=. -# -# To enable this to work as a Loadable Kernel Module... -# -IPFLKM=-DIPFILTER_LKM -# -# To enable logging of blocked/passed packets... -# -IPFLOG=-DIPFILTER_LOG -# -# To enable loading filter rules compiled to C code... -# -#COMPIPF=-DIPFILTER_COMPILED -# -# To enable IPFilter compatibility with older CLI utilities -# -#COMPATIPF=-DIPFILTER_COMPAT -# -# To enable synchronisation between IPFilter hosts -# -#SYNC=-DIPFILTER_SYNC -# -# The facility you wish to log messages from ipmon to syslogd with. -# -LOGFAC=-DLOGFAC=LOG_SECURITY -# -# To enable rules to be written with BPF syntax, uncomment these two lines. -# -# WARNING: If you're building a commercial product based on IPFilter, using -# this options *may* infringe at least one patent held by CheckPoint -# (5,606,668.) -# -#IPFBPF=-DIPFILTER_BPF -I/usr/local/include -#LIBBPF=-L/usr/local/lib -lpcap -# -# HP-UX and Solaris require this uncommented for BPF. -# -#BPFILTER=bpf_filter.o -# -# LINUXKERNEL is the path to the top of your Linux kernel source tree. -# By default IPFilter looks for /usr/src/linux, but you may have to change -# it to /usr/src/linux-2.4 or similar. -# -LINUXKERNEL=/usr/src/kernels/2.6.29.5-191.fc11.i586 -LINUX=`uname -r | awk -F. ' { printf"%d",$$1;for(i=1;i opt_inet6.h; \ - else \ - echo "#define INET6" > opt_inet6.h; \ - fi - if [ "x$(IPFBPF)" = "x" ] ; then \ - echo "#undef NBPF" > opt_bpf.h; \ - echo "#undef NBPFILTER" > opt_bpf.h; \ - echo "#undef DEV_BPF" > opt_bpf.h; \ - else \ - echo "#define NBPF" > opt_bpf.h; \ - echo "#define NBPFILTER" > opt_bpf.h; \ - echo "#define DEV_BPF" > opt_bpf.h; \ - fi - if [ x$(ENABLE_PFIL) = x ] ; then \ - echo "#undef PFIL_HOOKS" > opt_pfil.h; \ - else \ - echo "#define PFIL_HOOKS" > opt_pfil.h; \ - fi - - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko.5" "LKMR=ipfrule.ko.5" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..) -# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..) - -freebsd4 : include - if [ x$(INET6) = x ] ; then \ - echo "#undef INET6" > opt_inet6.h; \ - else \ - echo "#define INET6" > opt_inet6.h; \ - fi - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko" "LKMR=ipfrule.ko" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..) - -freebsd3 freebsd30: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS1) "ML=mlf_ipl.c" "MLR=mlf_rule.o" LKM= LKMR=; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..) - -netbsd: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - @if [ ! -d /sys -o ! -d /sys/arch ] ; then \ - echo "*****************************************************"; \ - echo "* *"; \ - echo "* Please extract source code to create /sys and *";\ - echo "* /sys/arch and run 'config GENERIC' *"; \ - echo "* *"; \ - echo "*****************************************************"; \ - exit 1; \ - fi - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" LKMR= "MLR=mln_rule.o"; cd ..) -# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..) - -openbsd: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mlo_ipl.c" LKMR= "MLR=mlo_rule.o"; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..) - -freebsd20 freebsd21: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlf_ipl.c" "MLR=mlf_rule.o"; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..) - -osf tru64: null include - make setup "TARGOS=OSF" "CPUDIR=`OSF/cpurev`" - (cd OSF/`OSF/cpurev`; make build TRU64=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "MACHASSERT=$(MACHASSERT)" "OSREV=`../cpurev`"; cd ..) - (cd OSF/`OSF/cpurev`; make -f Makefile.ipsend build TRU64=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..) - -aix: null include - make setup "TARGOS=AIX" "CPUDIR=`AIX/cpurev`" - (cd AIX/`AIX/cpurev`; make build AIX=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "OSREV=`../cpurev`" BITS=`../bootbits.sh`; cd ..) -# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend build AIX=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..) - -bsd: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" "MLR=mln_rule.o"; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..) - -bsdi bsdos: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build "CC=$(CC)" TOP=../.. $(MFLAGS) LKM= LKMR= ; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend build "CC=$(CC)" TOP=../.. $(MFLAGS); cd ..) - -irix IRIX: include - make setup TARGOS=IRIX CPUDIR=`IRIX/cpurev` - if [ "x${SGIREV}" = "x" ] ; then \ - make irix "SGIREV=-D_KMEMUSER -DIRIX=`IRIX/getrev`"; \ - else \ - (cd IRIX/`IRIX/cpurev`; smake -l -J 1 build TOP=../.. $(DEST) $(MFLAGS) IRIX=`../getrev` SGI=$$(IRIX) CPUDIR=`../cpurev`; cd ..); \ - (cd IRIX/`IRIX/cpurev`; make -f Makefile.ipsend build TOP=../.. $(DEST) $(MFLAGS) IRIX=`../getrev` SGI=$$(IRIX) CPUDIR=`../cpurev`; cd ..); \ - fi - -setup: - -if [ ! -d $(TARGOS)/$(CPUDIR) ] ; then mkdir $(TARGOS)/$(CPUDIR); fi - -rm -f $(TARGOS)/$(CPUDIR)/Makefile $(TARGOS)/$(CPUDIR)/Makefile.ipsend - -ln -s ../Makefile $(TARGOS)/$(CPUDIR)/Makefile - -ln -s ../Makefile.ipsend $(TARGOS)/$(CPUDIR)/Makefile.ipsend - -if [ -f $(TARGOS)/Makefile.common ] ; then \ - rm -f $(TARGOS)/$(CPUDIR)/Makefile.common; \ - ln -s ../Makefile.common $(TARGOS)/$(CPUDIR)/Makefile.common;\ - fi - -clean: clean-include - /bin/rm -rf h y.output - ${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl ipflkm \ - vnode_if.h $(LKM) *~ - /bin/rm -rf sparcv7 sparcv9 mdbgen_build - (cd SunOS4; $(MAKE) TOP=.. clean) - -(cd SunOS5; $(MAKE) TOP=.. clean) - (cd BSD; $(MAKE) TOP=.. clean) - (cd HPUX; $(MAKE) BITS=32 TOP=.. clean) - (cd Linux; $(MAKE) TOP=.. clean) - (cd OSF; $(MAKE) TOP=.. clean) - (cd AIX; $(MAKE) TOP=.. clean) - if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; $(MAKE) clean); fi - [ -d test ] && (cd test; $(MAKE) clean) - (cd ipsend; $(MAKE) clean) - -clean-include: - sh -c 'if [ -d netinet ] ; then cd netinet; for i in *; do if [ -h $$i ] ; then /bin/rm -f $$i; fi; done fi' - sh -c 'if [ -d net ] ; then cd net; for i in *; do if [ -h $$i ] ; then /bin/rm -f $$i; fi; done fi' - ${RM} -f netinet/done net/done - -clean-bsd: clean-include - (cd BSD; make TOP=.. clean) - -clean-hpux: clean-include - (cd HPUX; $(MAKE) BITS=32 clean) - -clean-osf: clean-include - (cd OSF; make clean) - -clean-aix: clean-include - (cd AIX; make clean) - -clean-linux: clean-include - (cd Linux; make clean) - -clean-sunos4: clean-include - (cd SunOS4; make clean) - -clean-sunos5: clean-include - (cd SunOS5; $(MAKE) clean) - /bin/rm -rf sparcv? - -clean-irix: clean-include - (cd IRIX; $(MAKE) clean) - -h/xti.h: - mkdir -p h - ln -s /usr/include/sys/xti.h h - -hpux: include h/xti.h - make setup CPUDIR=`HPUX/cpurev` TARGOS=HPUX - (cd HPUX/`HPUX/cpurev`; $(MAKE) build TOP=../.. $(DEST) $(MFLAGS) "BITS=`getconf KERNEL_BITS`" `../makeargs`; cd ..) - (cd HPUX/`HPUX/cpurev`; $(MAKE) -f Makefile.ipsend build TOP=../.. $(DEST) $(MFLAGS) "BITS=`getconf KERNEL_BITS`" `../makeargs`; cd ..) - -sunos4 solaris1: - (cd SunOS4; make build TOP=.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..) - (cd SunOS4; make -f Makefile.ipsend build "CC=$(CC)" TOP=.. $(DEST) $(MFLAGS); cd ..) - -sunos5 solaris2: null - (cd SunOS5/$(CPUDIR); $(MAKE) build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" INSTANCE=$(INSTANCE); cd ..) - (cd SunOS5/$(CPUDIR); $(MAKE) -f Makefile.ipsend build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..) - -linux: include - (cd Linux; make build LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) LINUXKERNEL=$(LINUXKERNEL); cd ..) - (cd Linux; make ipflkm LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) LINUXKERNEL=$(LINUXKERNEL) WORKDIR=`pwd`; cd ..) -# (cd Linux; make -f Makefile.ipsend build LINUX=$(LINUX) TOP=.. "CC=$(CC)" $(MFLAGS); cd ..) - -install-linux: linux - (cd Linux/; make LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) ROOTDIR=$(BUILDROOT) install ; cd ..) - -install-bsd: - (cd BSD/$(CPUDIR); make install "TOP=../.." $(MFLAGS); cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..) - -install-sunos4: solaris - (cd SunOS4; $(MAKE) CPU=$(CPU) TOP=.. install) - -install-sunos5: solaris null - (cd SunOS5; $(MAKE) TOP=.. install) - -install-aix: - (cd AIX/`AIX/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..) -# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..) - -install-hpux: hpux - (cd HPUX/`HPUX/cpurev`; $(MAKE) CPU=$(CPU) TOP=../.. "BITS=`getconf KERNEL_BITS`" install) - -install-irix: irix - (cd IRIX; smake install CPU=$(CPU) TOP=.. $(DEST) $(MFLAGS) CPUDIR=`./cpurev`) - -install-osf install-tru64: - (cd OSF/`OSF/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..) - -do-cvs: - find . -type d -name CVS -print | xargs /bin/rm -rf - find . -type f -name .cvsignore -print | xargs /bin/rm -f - /bin/rm -f ip_msnrpc_pxy.c ip_sunrpc_pxy.c - -ip_rules.c ip_rules.h: rules/ip_rules tools/ipfcomp.c - -./ipf -n -cc -f rules/ip_rules 2>/dev/null 1>&2 - -null: - @if [ "`$(MAKE) -v 2>&1 | sed -ne 's/GNU.*/GNU/p'`" = "GNU" ] ; then \ - echo 'Do not use GNU make (gmake) to compile IPFilter'; \ - exit 1; \ - fi - -@echo make ok - -mdb: - /bin/rm -rf mdbgen_build - mdbgen -D_KERNEL -DIPFILTER_LOG -DIPFILTER_LOOKUP -DSUNDDI \ - -DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \ - -I/home/dr146992/pfil -I/home/dr146992/ipf -f \ - /usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h diff --git a/contrib/ipfilter/NAT.FreeBSD b/contrib/ipfilter/NAT.FreeBSD deleted file mode 100644 index 4a1a7ede543c..000000000000 --- a/contrib/ipfilter/NAT.FreeBSD +++ /dev/null @@ -1,104 +0,0 @@ -These are Instructions for Configuring A FreeBSD Box For NAT -After you have installed IpFilter. - -You will need to change three files: - -/etc/rc.local -/etc/rc.conf -/etc/natrules - -You will have to: - -1) Load the kernel module -2) Make the ipnat rules -3) Load the ipnat rules -4) Enable routing between interfaces -5) Add static routes for the subnet ranges -6) Configure your network interfaces -7) reboot the computer for the changes to take effect. - -The FAQ was written by Chris Coleman -This was tested using ipfilter 3.1.4 and FreeBSD 2.1.6-RELEASE -_________________________________________________________ -1) Loading the Kernel Module - -If you are using a Kernal Loadable Module you need to edit your -/etc/rc.local file and load the module at boot time. -use the line: - - modload /lkm/if_ipl.o - -If you are not loading a kernel module, skip this step. -_________________________________________________________ -2) Setting up the NAT Rules - -Make a file called /etc/natrules -put in the rules that you need for your system. - -If you want to use the whole 10 Network. Try: - -map fpx0 10.0.0.0/8 -> 208.8.0.1/32 portmap tcp/udp 10000:65000 - -_________________________________________________________ -Here is an explaination of each part of the command: - -map starts the command. - -fpx0 is the interface with the real internet address. - -10.0.0.0 is the subnet you want to use. - -/8 is the subnet mask. ie 255.0.0.0 - -208.8.0.1 is the real ip address that you use. - -/32 is the subnet mask 255.255.255.255, ie only use this ip address. - -portmap tcp/udp 10000:65000 - tells it to use the ports to redirect the tcp/udp calls through - - -The one line should work for the whole network. -_________________________________________________________ -3) Loading the NAT Rules: - -The NAT Rules will need to be loaded every time the computer -reboots. - -In your /etc/rc.local put the line: - -ipnat -f /etc/natrules - -To check and see if it is loaded, as root type - ipnat -ls -_________________________________________________________ -4) Enable Routing between interfaces. - -Tell the kernel to route these addresses. - -in the rc.local file put the line: - -sysctl -w net.inet.ip.forwarding=1 - -_________________________________________________________ -5) Static Routes to Subnet Ranges - -Now you have to add a static routes for the subnet ranges. -Edit your /etc/sysconfig to add them at bootup. - -static_routes="foo" -route_foo="10.0.0.0 -netmask 0xf0000000 -interface 10.0.0.1" - - -_________________________________________________________ -6) Make sure that you have your interfaces configured. - -I have two Intel Ether Express Pro B cards. -One is on 208.8.0.1 The other is on 10.0.0.1 - -You need to configure these in the /etc/sysconfig - -network_interfaces="fxp0 fxp1" -ifconfig_fxp0="inet 208.8.0.1 netmask 255.255.255.0" -ifconfig_fxp1="inet 10.0.0.1 netmask 255.0.0.0" -_________________________________________________________ diff --git a/contrib/ipfilter/README b/contrib/ipfilter/README deleted file mode 100644 index 8464af4c64d2..000000000000 --- a/contrib/ipfilter/README +++ /dev/null @@ -1,101 +0,0 @@ -IP Filter - What's this about ? -============================ -Web site: http://coombs.anu.edu.au/~avalon/ip-filter.html -How-to: http://www.obfuscation.org/ipf/ipf-howto.txt - - The idea behind this package is allow those who use Unix workstations as -routers (a common occurance in Universities it appears) to apply packet -filtering to packets going in and out of them. This package has been -tested on all versions of SunOS 4.1 and Solaris 2.4/2.5, running on Sparcs. -It is also quite possible for this small kernel extension to be installed -and used effectively on Sun workstations which don't route IP, just for -added security. It can also be integrated with the multicast patches. -It has also been tested successfully on all of the modern free BSDs as -well as BSDI, and SGI's IRIX 6.2. - - The filter keeps a rule list for both inbound and outbound sides of -the IP packet queue and a check is made as early as possible, aiming to -stop the packet before it even gets as far as being checked for source -route options. In the file "BNF", a set of rules for constructing filter -rules understood by this package is given. The files in the directory -"rules", "example.1" ... "example.sr" show example rules you might apply. - - In practise, I've successfully isolated a workstation from all -machines except the NFS file servers on its local subnets (yeah, ok, so -this doesn't really increase security, because of NFS, but you get the -drift on how it can be applied and used). I've also successfully -setup and maintained my own firewalls using it with TIS's Firewall Toolkit, -including using it on an mbone router. - - When using it with multicast IP, the calls to fr_check() should be -before the packet is unwrapped and after it is encapsulated. So the -filter routines will see the packet as a UDP packet, protocol XYZ. -Whether this is better or worse than having it filter on class D addresses -is debateable, but the idea behind this package is to be able to -discriminate between packets as they are on the 'wire', before they -get routed anywhere, etc. - - It is worth noting, that it is possible, using a small MTU and -generating tiny fragmented IP packets to generate a TCP packet which -doesn't contain enough information to filter on the "flags". Filtering -on these types of packets is possible, but under the more general case -of the packets being "short". ICMP and UDP packets which are too small -(they don't contain a complete header) are dropped and logged, no questions -asked. When filtering on fragmented packets, the last fragment will get -through for TCP/UDP/ICMP packets. - -Bugs/Problems -------------- -If you have a problem with IP Filter on your operating system, please email -a copy of the file "BugReport" with the details of your setup as required -and email to darrenr@pobox.com. - -Some general notes. -------------------- - To add/delete a rule from memory, access to the device in /dev is needed, -allowing non-root maintenaince. The filter list in kernel memory is built -from the kernel's heap. Each packet coming *in* or *out* is checked against -the appropriate list, rejects dropped, others passed through. Thus this will -work on an individual host, not just gateways. Presently there is only one -list for all interfaces, the changes required to make it a per-interface list -require more .o replacements for the kernel. When checking a packet, the -packet is compared to the entire list from top to bottom, the last matching -line being effective. - - -What does what ? ----------------- -if_fil.o (Loadable kernel module) - - additional kernel routines to check an access list as to whether - or not to drop or pass a packet. It currently defaults to pass - on all packets. - -ipfstat - - digs through your kernel (need to check #define VMUNIX in fils.c) - and /dev/kmem for the access filter list and mini stats table. - Obviously needs to be run priviledged if required. - -ipf - - reads the files passed as parameters as input files containing new - filter rules to add/delete to the kernel list. The lines are - inserted in order; the first line is inserted first, and ends up - first on the list. Subsequent invocations append to the list - unless specified otherwise. - -ipftest - - test the ruleset given by filename. Reads in the ruleset and then - waits for stdin. - - See the man pages (ipf.1, ipftest.1, ipfstat.8) for more detailed - information on what the above do. - -mkfilters - - suggests a set of filter rules to employ and suggests how to add - routes to back these up. - -BNF - - BNF rule set for the filter rules - -Darren Reed -darrenr@pobox.com -http://coombs.anu.edu.au/~avalon/ip-filter.html diff --git a/contrib/ipfilter/STYLE.TXT b/contrib/ipfilter/STYLE.TXT deleted file mode 100644 index 384bcec3d909..000000000000 --- a/contrib/ipfilter/STYLE.TXT +++ /dev/null @@ -1,57 +0,0 @@ - -Over time, I am moving all of the IPFilter code to what I consider a better -coding style than it had before. If you submit patches, I expect them to -conform as appropriate. - -Function Comments -================= -Preceeding each and every function, a comment block like this should -be present: - -/* ------------------------------------------------------------------------ */ -/* Function: function-name */ -/* Returns: return-type */ -/* Parameters: param1(I) - param1 is an input parameter */ -/* p2(O) - p2 is an output parameter passed as an arg */ -/* par3(IO) - par3 is a parameter which is both input and */ -/* output. Pointers to things which are used and */ -/* then get a result stored in them qualify here. */ -/* */ -/* Description about what the function does. This comment should explain */ -/* any gotchas or algorithms that are used which aren't obvious to the */ -/* casual reader. It should not be an excuse to not use comments inside */ -/* the function. */ -/* ------------------------------------------------------------------------ */ - - -Tab spacing -=========== -Tabs are to be at 8 characters. - - -Conditions -========== -All expressions which evaluate to a boolean for a test condition, such as -in an if()/while() statement must involve a boolean operation. Since C -has no native boolean type, this means that one of <,>,<=,>=,==,!= must -be present. Implied boolean evaluations are out. - -In code, the following is banned: - -if (x) -if (!x) -while ((a = b)) - -and should be replaced by: - -if (x != 0) -if (x == 0) -while ((a = b) != 0) - -If pointers are involved, always compare with NULL, ie.: - -if (x != NULL) -if (x == NULL) -while ((a = b) != NULL) - - diff --git a/contrib/ipfilter/WhatsNew50.txt b/contrib/ipfilter/WhatsNew50.txt deleted file mode 100644 index adbf0a99b4e0..000000000000 --- a/contrib/ipfilter/WhatsNew50.txt +++ /dev/null @@ -1,83 +0,0 @@ -What's new in 5.1 -================= - -General -------- -* all of the tuneables can now be set at any time, not just whilst disabled - or prior to loading rules; - -* group identifiers may now be a number or name (universal); - -* man pages rewritten - -* tunables can now be set via ipf.conf; - -Logging -------- -* ipmon.conf can now be used to generate SNMPv1 and SNMPv2 traps using - information from log entries from the kernel; - -NAT changes ------------ -* DNS proxy for the kernel that can block queries based on domain names; - -* FTP proxy can be configured to limit data connections to one or many - connections per client; - -* NAT on IPv6 is now supported; - -* rewrite command allows changing both the source and destination address - in a single NAT rule; - -* simple encapsulation can now be configured with ipnat.conf, - -* TFTP proxy now included; - -Packet Filtering ----------------- -* acceptance of ICMP packets for "keep state" rules can be refined through - the use of filtering rules; - -* alternative form for writing rules using simple filtering expressions; - -* CIPSO headers now recognised and analysed for filtering on DOI; - -* comments can now be a part of a rule and loaded into the kernel and - thus displayed with ipfstat; - -* decapsulation rules allow filtering on inner headers, providing they - are not encrypted; - -* interface names, aside from that the packet is on, can be present in - filter rules; - -* internally now a single list of filter rules, there is no longer an - IPv4 and IPv6 list; - -* rules can now be added with an expiration time, allowing for their - automatic removal after some period of time; - -* single file, ipf.conf, can now be used for both IPv4 and IPv6 rules; - -* stateful filtering now allows for limits to be placed on the number - of distinct hosts allowed per rule; - -Pools ------ -* addresses added to a pool via the command line (only!) can be given - an expiration timeout; - -* destination lists are a new type of address pool, primarily for use with - NAT rdr rules, supporting newer algorithms for target selection; - -* raw whois information saved to a file can be used to populate a pool; - -Solaris -------- -* support for use in zones with exclusive IP instances fully supported. - -Tools ------ -* use of matching expressions allows for refining what is displayed or - flushed; - diff --git a/contrib/ipfilter/Y2K b/contrib/ipfilter/Y2K deleted file mode 100644 index a8350a590070..000000000000 --- a/contrib/ipfilter/Y2K +++ /dev/null @@ -1,3 +0,0 @@ -IP Filter is Year 2000 (Y2K) Compliant. - -Darren diff --git a/contrib/ipfilter/arc4random.c b/contrib/ipfilter/arc4random.c deleted file mode 100644 index 04b0797c78f8..000000000000 --- a/contrib/ipfilter/arc4random.c +++ /dev/null @@ -1,277 +0,0 @@ -/*- - * THE BEER-WARE LICENSE - * - * wrote this file. As long as you retain this notice you - * can do whatever you want with this stuff. If we meet some day, and you - * think this stuff is worth it, you can buy me a beer in return. - * - * Dan Moschuk - */ -#if !defined(SOLARIS2) && !defined(__osf__) -# include -#endif - -#include -#include -#ifdef __FreeBSD__ -# include -#endif -#if !defined(__osf__) -# include -#endif -#ifdef __FreeBSD__ -# include -#endif -#include -#ifndef __osf__ -# include -#endif -#include - -#if defined(SOLARIS2) && (SOLARIS2 < 9) -# include -#endif -#include -#include -#ifdef __osf__ -# include -#endif -#include -#include -#include "netinet/ip_compat.h" -#ifdef HAS_SYS_MD5_H -# include -#else -# include "md5.h" -#endif - -#ifdef NEED_LOCAL_RAND -#if !defined(__GNUC__) -# define __inline -#endif - -#define ARC4_RESEED_BYTES 65536 -#define ARC4_RESEED_SECONDS 300 -#define ARC4_KEYBYTES (256 / 8) - -static u_int8_t arc4_i, arc4_j; -static int arc4_numruns = 0; -static u_int8_t arc4_sbox[256]; -static time_t arc4_t_reseed; -static ipfmutex_t arc4_mtx; -static MD5_CTX md5ctx; - -static u_int8_t arc4_randbyte(void); -static int ipf_read_random(void *dest, int length); - -static __inline void -arc4_swap(u_int8_t *a, u_int8_t *b) -{ - u_int8_t c; - - c = *a; - *a = *b; - *b = c; -} - -/* - * Stir our S-box. - */ -static void -arc4_randomstir (void) -{ - u_int8_t key[256]; - int r, n; - struct timeval tv_now; - - /* - * XXX read_random() returns unsafe numbers if the entropy - * device is not loaded -- MarkM. - */ - r = ipf_read_random(key, ARC4_KEYBYTES); - GETKTIME(&tv_now); - MUTEX_ENTER(&arc4_mtx); - /* If r == 0 || -1, just use what was on the stack. */ - if (r > 0) { - for (n = r; n < sizeof(key); n++) - key[n] = key[n % r]; - } - - for (n = 0; n < 256; n++) { - arc4_j = (arc4_j + arc4_sbox[n] + key[n]) % 256; - arc4_swap(&arc4_sbox[n], &arc4_sbox[arc4_j]); - } - - /* Reset for next reseed cycle. */ - arc4_t_reseed = tv_now.tv_sec + ARC4_RESEED_SECONDS; - arc4_numruns = 0; - - /* - * Throw away the first N words of output, as suggested in the - * paper "Weaknesses in the Key Scheduling Algorithm of RC4" - * by Fluher, Mantin, and Shamir. (N = 256 in our case.) - */ - for (n = 0; n < 256*4; n++) - arc4_randbyte(); - MUTEX_EXIT(&arc4_mtx); -} - -/* - * Initialize our S-box to its beginning defaults. - */ -static void -arc4_init(void) -{ - int n; - - MD5Init(&md5ctx); - - MUTEX_INIT(&arc4_mtx, "arc4_mtx"); - arc4_i = arc4_j = 0; - for (n = 0; n < 256; n++) - arc4_sbox[n] = (u_int8_t) n; - - arc4_t_reseed = 0; -} - - -/* - * Generate a random byte. - */ -static u_int8_t -arc4_randbyte(void) -{ - u_int8_t arc4_t; - - arc4_i = (arc4_i + 1) % 256; - arc4_j = (arc4_j + arc4_sbox[arc4_i]) % 256; - - arc4_swap(&arc4_sbox[arc4_i], &arc4_sbox[arc4_j]); - - arc4_t = (arc4_sbox[arc4_i] + arc4_sbox[arc4_j]) % 256; - return arc4_sbox[arc4_t]; -} - -/* - * MPSAFE - */ -void -arc4rand(void *ptr, u_int len, int reseed) -{ - u_int8_t *p; - struct timeval tv; - - GETKTIME(&tv); - if (reseed || - (arc4_numruns > ARC4_RESEED_BYTES) || - (tv.tv_sec > arc4_t_reseed)) - arc4_randomstir(); - - MUTEX_ENTER(&arc4_mtx); - arc4_numruns += len; - p = ptr; - while (len--) - *p++ = arc4_randbyte(); - MUTEX_EXIT(&arc4_mtx); -} - -uint32_t -ipf_random(void) -{ - uint32_t ret; - - arc4rand(&ret, sizeof ret, 0); - return ret; -} - - -static u_char pot[ARC4_RESEED_BYTES]; -static u_char *pothead = pot, *pottail = pot; -static int inpot = 0; - -/* - * This is not very strong, and this is understood, but the aim isn't to - * be cryptographically strong - it is just to make up something that is - * pseudo random. - */ -void -ipf_rand_push(void *src, int length) -{ - static int arc4_inited = 0; - u_char *nsrc; - int mylen; - - if (arc4_inited == 0) { - arc4_init(); - arc4_inited = 1; - } - - if (length < 64) { - MD5Update(&md5ctx, src, length); - return; - } - - nsrc = src; - mylen = length; - -#if defined(_SYS_MD5_H) && defined(SOLARIS2) -# define buf buf_un.buf8 -#endif - MUTEX_ENTER(&arc4_mtx); - while ((mylen > 64) && (sizeof(pot) - inpot > sizeof(md5ctx.buf))) { - MD5Update(&md5ctx, nsrc, 64); - mylen -= 64; - nsrc += 64; - if (pottail + sizeof(md5ctx.buf) > pot + sizeof(pot)) { - int left, numbytes; - - numbytes = pot + sizeof(pot) - pottail; - bcopy(md5ctx.buf, pottail, numbytes); - left = sizeof(md5ctx.buf) - numbytes; - pottail = pot; - bcopy(md5ctx.buf + sizeof(md5ctx.buf) - left, - pottail, left); - pottail += left; - } else { - bcopy(md5ctx.buf, pottail, sizeof(md5ctx.buf)); - pottail += sizeof(md5ctx.buf); - } - inpot += 64; - } - MUTEX_EXIT(&arc4_mtx); -#if defined(_SYS_MD5_H) && defined(SOLARIS2) -# undef buf -#endif -} - - -static int -ipf_read_random(void *dest, int length) -{ - if (length > inpot) - return 0; - - MUTEX_ENTER(&arc4_mtx); - if (pothead + length > pot + sizeof(pot)) { - int left, numbytes; - - left = length; - numbytes = pot + sizeof(pot) - pothead; - bcopy(pothead, dest, numbytes); - left -= numbytes; - pothead = pot; - bcopy(pothead, dest + length - left, left); - pothead += left; - } else { - bcopy(pothead, dest, length); - pothead += length; - } - inpot -= length; - if (inpot == 0) - pothead = pottail = pot; - MUTEX_EXIT(&arc4_mtx); - - return length; -} - -#endif /* NEED_LOCAL_RAND */ diff --git a/contrib/ipfilter/bpf-ipf.h b/contrib/ipfilter/bpf-ipf.h deleted file mode 100644 index dc2b660e2eee..000000000000 --- a/contrib/ipfilter/bpf-ipf.h +++ /dev/null @@ -1,452 +0,0 @@ -/* $FreeBSD$ */ - -/*- - * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from the Stanford/CMU enet packet filter, - * (net/enet.c) distributed as part of 4.3BSD, and code contributed - * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence - * Berkeley Laboratory. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)bpf.h 7.1 (Berkeley) 5/7/91 - * - * @(#) $Header: /devel/CVS/IP-Filter/bpf-ipf.h,v 2.1 2002/10/26 12:14:26 darrenr Exp $ (LBL) - */ - -#ifndef BPF_MAJOR_VERSION - -#ifdef __cplusplus -extern "C" { -#endif - -/* BSD style release date */ -#define BPF_RELEASE 199606 - -typedef int bpf_int32; -typedef u_int bpf_u_int32; - -/* - * Alignment macros. BPF_WORDALIGN rounds up to the next - * even multiple of BPF_ALIGNMENT. - */ -#ifndef __NetBSD__ -#define BPF_ALIGNMENT sizeof(bpf_int32) -#else -#define BPF_ALIGNMENT sizeof(long) -#endif -#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) - -#define BPF_MAXINSNS 512 -#define BPF_MAXBUFSIZE 0x8000 -#define BPF_MINBUFSIZE 32 - -/* - * Structure for BIOCSETF. - */ -struct bpf_program { - u_int bf_len; - struct bpf_insn *bf_insns; -}; - -/* - * Struct returned by BIOCGSTATS. - */ -struct bpf_stat { - u_int bs_recv; /* number of packets received */ - u_int bs_drop; /* number of packets dropped */ -}; - -/* - * Struct return by BIOCVERSION. This represents the version number of - * the filter language described by the instruction encodings below. - * bpf understands a program iff kernel_major == filter_major && - * kernel_minor >= filter_minor, that is, if the value returned by the - * running kernel has the same major number and a minor number equal - * equal to or less than the filter being downloaded. Otherwise, the - * results are undefined, meaning an error may be returned or packets - * may be accepted haphazardly. - * It has nothing to do with the source code version. - */ -struct bpf_version { - u_short bv_major; - u_short bv_minor; -}; -/* Current version number of filter architecture. */ -#define BPF_MAJOR_VERSION 1 -#define BPF_MINOR_VERSION 1 - -/* - * BPF ioctls - * - * The first set is for compatibility with Sun's pcc style - * header files. If your using gcc, we assume that you - * have run fixincludes so the latter set should work. - */ -#if (defined(sun) || defined(ibm032)) && !defined(__GNUC__) -#define BIOCGBLEN _IOR(B,102, u_int) -#define BIOCSBLEN _IOWR(B,102, u_int) -#define BIOCSETF _IOW(B,103, struct bpf_program) -#define BIOCFLUSH _IO(B,104) -#define BIOCPROMISC _IO(B,105) -#define BIOCGDLT _IOR(B,106, u_int) -#define BIOCGETIF _IOR(B,107, struct ifreq) -#define BIOCSETIF _IOW(B,108, struct ifreq) -#define BIOCSRTIMEOUT _IOW(B,109, struct timeval) -#define BIOCGRTIMEOUT _IOR(B,110, struct timeval) -#define BIOCGSTATS _IOR(B,111, struct bpf_stat) -#define BIOCIMMEDIATE _IOW(B,112, u_int) -#define BIOCVERSION _IOR(B,113, struct bpf_version) -#define BIOCSTCPF _IOW(B,114, struct bpf_program) -#define BIOCSUDPF _IOW(B,115, struct bpf_program) -#else -#define BIOCGBLEN _IOR('B',102, u_int) -#define BIOCSBLEN _IOWR('B',102, u_int) -#define BIOCSETF _IOW('B',103, struct bpf_program) -#define BIOCFLUSH _IO('B',104) -#define BIOCPROMISC _IO('B',105) -#define BIOCGDLT _IOR('B',106, u_int) -#define BIOCGETIF _IOR('B',107, struct ifreq) -#define BIOCSETIF _IOW('B',108, struct ifreq) -#define BIOCSRTIMEOUT _IOW('B',109, struct timeval) -#define BIOCGRTIMEOUT _IOR('B',110, struct timeval) -#define BIOCGSTATS _IOR('B',111, struct bpf_stat) -#define BIOCIMMEDIATE _IOW('B',112, u_int) -#define BIOCVERSION _IOR('B',113, struct bpf_version) -#define BIOCSTCPF _IOW('B',114, struct bpf_program) -#define BIOCSUDPF _IOW('B',115, struct bpf_program) -#endif - -/* - * Structure prepended to each packet. - */ -struct bpf_hdr { - struct timeval bh_tstamp; /* time stamp */ - bpf_u_int32 bh_caplen; /* length of captured portion */ - bpf_u_int32 bh_datalen; /* original length of packet */ - u_short bh_hdrlen; /* length of bpf header (this struct - plus alignment padding) */ -}; -/* - * Because the structure above is not a multiple of 4 bytes, some compilers - * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work. - * Only the kernel needs to know about it; applications use bh_hdrlen. - */ -#if defined(KERNEL) || defined(_KERNEL) -#define SIZEOF_BPF_HDR 18 -#endif - -/* - * Data-link level type codes. - */ - -/* - * These are the types that are the same on all platforms; on other - * platforms, a should be supplied that defines the additional - * DLT_* codes appropriately for that platform (the BSDs, for example, - * should not just pick up this version of "bpf.h"; they should also define - * the additional DLT_* codes used by their kernels, as well as the values - * defined here - and, if the values they use for particular DLT_ types - * differ from those here, they should use their values, not the ones - * here). - */ -#define DLT_NULL 0 /* no link-layer encapsulation */ -#define DLT_EN10MB 1 /* Ethernet (10Mb) */ -#define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ -#define DLT_AX25 3 /* Amateur Radio AX.25 */ -#define DLT_PRONET 4 /* Proteon ProNET Token Ring */ -#define DLT_CHAOS 5 /* Chaos */ -#define DLT_IEEE802 6 /* IEEE 802 Networks */ -#define DLT_ARCNET 7 /* ARCNET */ -#define DLT_SLIP 8 /* Serial Line IP */ -#define DLT_PPP 9 /* Point-to-point Protocol */ -#define DLT_FDDI 10 /* FDDI */ - -/* - * These are values from the traditional libpcap "bpf.h". - * Ports of this to particular platforms should replace these definitions - * with the ones appropriate to that platform, if the values are - * different on that platform. - */ -#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */ -#define DLT_RAW 12 /* raw IP */ - -/* - * These are values from BSD/OS's "bpf.h". - * These are not the same as the values from the traditional libpcap - * "bpf.h"; however, these values shouldn't be generated by any - * OS other than BSD/OS, so the correct values to use here are the - * BSD/OS values. - * - * Platforms that have already assigned these values to other - * DLT_ codes, however, should give these codes the values - * from that platform, so that programs that use these codes will - * continue to compile - even though they won't correctly read - * files of these types. - */ -#ifdef __NetBSD__ -#ifndef DLT_SLIP_BSDOS -#define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */ -#define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */ -#endif -#else -#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */ -#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */ -#endif - -#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */ - -/* - * These values are defined by NetBSD; other platforms should refrain from - * using them for other purposes, so that NetBSD savefiles with link - * types of 50 or 51 can be read as this type on all platforms. - */ -#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */ -#define DLT_PPP_ETHER 51 /* PPP over Ethernet */ - -/* - * Values between 100 and 103 are used in capture file headers as - * link-layer types corresponding to DLT_ types that differ - * between platforms; don't use those values for new DLT_ new types. - */ - -/* - * This value was defined by libpcap 0.5; platforms that have defined - * it with a different value should define it here with that value - - * a link type of 104 in a save file will be mapped to DLT_C_HDLC, - * whatever value that happens to be, so programs will correctly - * handle files with that link type regardless of the value of - * DLT_C_HDLC. - * - * The name DLT_C_HDLC was used by BSD/OS; we use that name for source - * compatibility with programs written for BSD/OS. - * - * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well, - * for source compatibility with programs written for libpcap 0.5. - */ -#define DLT_C_HDLC 104 /* Cisco HDLC */ -#define DLT_CHDLC DLT_C_HDLC - -#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */ - -/* - * Values between 106 and 107 are used in capture file headers as - * link-layer types corresponding to DLT_ types that might differ - * between platforms; don't use those values for new DLT_ new types. - */ - -/* - * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except - * that the AF_ type in the link-layer header is in network byte order. - * - * OpenBSD defines it as 12, but that collides with DLT_RAW, so we - * define it as 108 here. If OpenBSD picks up this file, it should - * define DLT_LOOP as 12 in its version, as per the comment above - - * and should not use 108 as a DLT_ value. - */ -#define DLT_LOOP 108 - -/* - * Values between 109 and 112 are used in capture file headers as - * link-layer types corresponding to DLT_ types that might differ - * between platforms; don't use those values for new DLT_ types - * other than the corresponding DLT_ types. - */ - -/* - * This is for Linux cooked sockets. - */ -#define DLT_LINUX_SLL 113 - -/* - * Apple LocalTalk hardware. - */ -#define DLT_LTALK 114 - -/* - * Acorn Econet. - */ -#define DLT_ECONET 115 - -/* - * Reserved for use with OpenBSD ipfilter. - */ -#define DLT_IPFILTER 116 - -/* - * Reserved for use in capture-file headers as a link-layer type - * corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, - * but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it - * in capture-file headers. - */ -#define DLT_PFLOG 117 - -/* - * Registered for Cisco-internal use. - */ -#define DLT_CISCO_IOS 118 - -/* - * Reserved for 802.11 cards using the Prism II chips, with a link-layer - * header including Prism monitor mode information plus an 802.11 - * header. - */ -#define DLT_PRISM_HEADER 119 - -/* - * Reserved for Aironet 802.11 cards, with an Aironet link-layer header - * (see Doug Ambrisko's FreeBSD patches). - */ -#define DLT_AIRONET_HEADER 120 - -/* - * Reserved for Siemens HiPath HDLC. - */ -#define DLT_HHDLC 121 - -/* - * Reserved for RFC 2625 IP-over-Fibre Channel, as per a request from - * Don Lee . - * - * This is not for use with raw Fibre Channel, where the link-layer - * header starts with a Fibre Channel frame header; it's for IP-over-FC, - * where the link-layer header starts with an RFC 2625 Network_Header - * field. - */ -#define DLT_IP_OVER_FC 122 - -/* - * The instruction encodings. - */ -/* instruction classes */ -#define BPF_CLASS(code) ((code) & 0x07) -#define BPF_LD 0x00 -#define BPF_LDX 0x01 -#define BPF_ST 0x02 -#define BPF_STX 0x03 -#define BPF_ALU 0x04 -#define BPF_JMP 0x05 -#define BPF_RET 0x06 -#define BPF_MISC 0x07 - -/* ld/ldx fields */ -#define BPF_SIZE(code) ((code) & 0x18) -#define BPF_W 0x00 -#define BPF_H 0x08 -#define BPF_B 0x10 -#define BPF_MODE(code) ((code) & 0xe0) -#define BPF_IMM 0x00 -#define BPF_ABS 0x20 -#define BPF_IND 0x40 -#define BPF_MEM 0x60 -#define BPF_LEN 0x80 -#define BPF_MSH 0xa0 - -/* alu/jmp fields */ -#define BPF_OP(code) ((code) & 0xf0) -#define BPF_ADD 0x00 -#define BPF_SUB 0x10 -#define BPF_MUL 0x20 -#define BPF_DIV 0x30 -#define BPF_OR 0x40 -#define BPF_AND 0x50 -#define BPF_LSH 0x60 -#define BPF_RSH 0x70 -#define BPF_NEG 0x80 -#define BPF_JA 0x00 -#define BPF_JEQ 0x10 -#define BPF_JGT 0x20 -#define BPF_JGE 0x30 -#define BPF_JSET 0x40 -#define BPF_SRC(code) ((code) & 0x08) -#define BPF_K 0x00 -#define BPF_X 0x08 - -/* ret - BPF_K and BPF_X also apply */ -#define BPF_RVAL(code) ((code) & 0x18) -#define BPF_A 0x10 - -/* misc */ -#define BPF_MISCOP(code) ((code) & 0xf8) -#define BPF_TAX 0x00 -#define BPF_TXA 0x80 - -/* - * The instruction data structure. - */ -struct bpf_insn { - u_short code; - u_char jt; - u_char jf; - bpf_int32 k; -}; - -/* - * Macros for insn array initializers. - */ -#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } -#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } - -#if defined(BSD) && (defined(KERNEL) || defined(_KERNEL)) -/* - * Systems based on non-BSD kernels don't have ifnet's (or they don't mean - * anything if it is in ) and won't work like this. - */ -# if __STDC__ -extern void bpf_tap(struct ifnet *, u_char *, u_int); -extern void bpf_mtap(struct ifnet *, struct mbuf *); -extern void bpfattach(struct ifnet *, u_int, u_int); -extern void bpfilterattach(int); -# else -extern void bpf_tap(); -extern void bpf_mtap(); -extern void bpfattach(); -extern void bpfilterattach(); -# endif /* __STDC__ */ -#endif /* BSD && (_KERNEL || KERNEL) */ -#if __STDC__ || defined(__cplusplus) -extern int bpf_validate(struct bpf_insn *, int); -extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int); -#else -extern int bpf_validate(); -extern u_int bpf_filter(); -#endif - -/* - * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). - */ -#define BPF_MEMWORDS 16 - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/contrib/ipfilter/bpf_filter.c b/contrib/ipfilter/bpf_filter.c deleted file mode 100644 index d75570e29267..000000000000 --- a/contrib/ipfilter/bpf_filter.c +++ /dev/null @@ -1,595 +0,0 @@ -/* $FreeBSD$ */ - -/*- - * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from the Stanford/CMU enet packet filter, - * (net/enet.c) distributed as part of 4.3BSD, and code contributed - * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence - * Berkeley Laboratory. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)bpf.c 7.5 (Berkeley) 7/15/91 - */ - -#if !(defined(lint) || defined(KERNEL) || defined(_KERNEL)) -static const char rcsid[] = - "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.3 2006/10/03 11:25:56 darrenr Exp $ (LBL)"; -#endif - -#include -#include -#include -#include - -#include -#include - -#include "netinet/ip_compat.h" -#include "bpf-ipf.h" - - -#if (defined(__hpux) || SOLARIS) && (defined(_KERNEL) || defined(KERNEL)) -# include -# include -#endif - -#include "pcap-ipf.h" - -#if !defined(KERNEL) && !defined(_KERNEL) -#include -#endif - -#define int32 bpf_int32 -#define u_int32 bpf_u_int32 - -static int m_xword __P((mb_t *, int, int *)); -static int m_xhalf __P((mb_t *, int, int *)); - -#ifndef LBL_ALIGN -/* - * XXX - IA-64? If not, this probably won't work on Win64 IA-64 - * systems, unless LBL_ALIGN is defined elsewhere for them. - * XXX - SuperH? If not, this probably won't work on WinCE SuperH - * systems, unless LBL_ALIGN is defined elsewhere for them. - */ -#if defined(sparc) || defined(__sparc__) || defined(mips) || \ - defined(ibm032) || defined(__alpha) || defined(__hpux) || \ - defined(__arm__) -#define LBL_ALIGN -#endif -#endif - -#ifndef LBL_ALIGN - -#define EXTRACT_SHORT(p) ((u_short)ntohs(*(u_short *)p)) -#define EXTRACT_LONG(p) (ntohl(*(u_int32 *)p)) -#else -#define EXTRACT_SHORT(p)\ - ((u_short)\ - ((u_short)*((u_char *)p+0)<<8|\ - (u_short)*((u_char *)p+1)<<0)) -#define EXTRACT_LONG(p)\ - ((u_int32)*((u_char *)p+0)<<24|\ - (u_int32)*((u_char *)p+1)<<16|\ - (u_int32)*((u_char *)p+2)<<8|\ - (u_int32)*((u_char *)p+3)<<0) -#endif - -#define MINDEX(len, _m, _k) \ -{ \ - len = M_LEN(m); \ - while ((_k) >= len) { \ - (_k) -= len; \ - (_m) = (_m)->m_next; \ - if ((_m) == 0) \ - return 0; \ - len = M_LEN(m); \ - } \ -} - -static int -m_xword(m, k, err) - register mb_t *m; - register int k, *err; -{ - register int len; - register u_char *cp, *np; - register mb_t *m0; - - MINDEX(len, m, k); - cp = MTOD(m, u_char *) + k; - if (len - k >= 4) { - *err = 0; - return EXTRACT_LONG(cp); - } - m0 = m->m_next; - if (m0 == 0 || M_LEN(m0) + len - k < 4) - goto bad; - *err = 0; - np = MTOD(m0, u_char *); - switch (len - k) { - - case 1: - return (cp[0] << 24) | (np[0] << 16) | (np[1] << 8) | np[2]; - - case 2: - return (cp[0] << 24) | (cp[1] << 16) | (np[0] << 8) | np[1]; - - default: - return (cp[0] << 24) | (cp[1] << 16) | (cp[2] << 8) | np[0]; - } - bad: - *err = 1; - return 0; -} - -static int -m_xhalf(m, k, err) - register mb_t *m; - register int k, *err; -{ - register int len; - register u_char *cp; - register mb_t *m0; - - MINDEX(len, m, k); - cp = MTOD(m, u_char *) + k; - if (len - k >= 2) { - *err = 0; - return EXTRACT_SHORT(cp); - } - m0 = m->m_next; - if (m0 == 0) - goto bad; - *err = 0; - return (cp[0] << 8) | MTOD(m0, u_char *)[0]; - bad: - *err = 1; - return 0; -} - -/* - * Execute the filter program starting at pc on the packet p - * wirelen is the length of the original packet - * buflen is the amount of data present - * For the kernel, p is assumed to be a pointer to an mbuf if buflen is 0, - * in all other cases, p is a pointer to a buffer and buflen is its size. - */ -u_int -bpf_filter(pc, p, wirelen, buflen) - register struct bpf_insn *pc; - register u_char *p; - u_int wirelen; - register u_int buflen; -{ - register u_int32 A, X; - register int k; - int32 mem[BPF_MEMWORDS]; - mb_t *m, *n; - int merr = 0; /* XXX: GCC */ - int len; - - if (buflen == 0) { - m = (mb_t *)p; - p = MTOD(m, u_char *); - buflen = M_LEN(m); - } else - m = NULL; - - if (pc == 0) - /* - * No filter means accept all. - */ - return (u_int)-1; - A = 0; - X = 0; - --pc; - while (1) { - ++pc; - switch (pc->code) { - - default: - return 0; - case BPF_RET|BPF_K: - return (u_int)pc->k; - - case BPF_RET|BPF_A: - return (u_int)A; - - case BPF_LD|BPF_W|BPF_ABS: - k = pc->k; - if (k + sizeof(int32) > buflen) { - if (m == NULL) - return 0; - A = m_xword(m, k, &merr); - if (merr != 0) - return 0; - continue; - } - A = EXTRACT_LONG(&p[k]); - continue; - - case BPF_LD|BPF_H|BPF_ABS: - k = pc->k; - if (k + sizeof(short) > buflen) { - if (m == NULL) - return 0; - A = m_xhalf(m, k, &merr); - if (merr != 0) - return 0; - continue; - } - A = EXTRACT_SHORT(&p[k]); - continue; - - case BPF_LD|BPF_B|BPF_ABS: - k = pc->k; - if (k >= buflen) { - if (m == NULL) - return 0; - n = m; - MINDEX(len, n, k); - A = MTOD(n, u_char *)[k]; - continue; - } - A = p[k]; - continue; - - case BPF_LD|BPF_W|BPF_LEN: - A = wirelen; - continue; - - case BPF_LDX|BPF_W|BPF_LEN: - X = wirelen; - continue; - - case BPF_LD|BPF_W|BPF_IND: - k = X + pc->k; - if (k + sizeof(int32) > buflen) { - if (m == NULL) - return 0; - A = m_xword(m, k, &merr); - if (merr != 0) - return 0; - continue; - } - A = EXTRACT_LONG(&p[k]); - continue; - - case BPF_LD|BPF_H|BPF_IND: - k = X + pc->k; - if (k + sizeof(short) > buflen) { - if (m == NULL) - return 0; - A = m_xhalf(m, k, &merr); - if (merr != 0) - return 0; - continue; - } - A = EXTRACT_SHORT(&p[k]); - continue; - - case BPF_LD|BPF_B|BPF_IND: - k = X + pc->k; - if (k >= buflen) { - if (m == NULL) - return 0; - n = m; - MINDEX(len, n, k); - A = MTOD(n, u_char *)[k]; - continue; - } - A = p[k]; - continue; - - case BPF_LDX|BPF_MSH|BPF_B: - k = pc->k; - if (k >= buflen) { - if (m == NULL) - return 0; - n = m; - MINDEX(len, n, k); - X = (MTOD(n, char *)[k] & 0xf) << 2; - continue; - } - X = (p[pc->k] & 0xf) << 2; - continue; - - case BPF_LD|BPF_IMM: - A = pc->k; - continue; - - case BPF_LDX|BPF_IMM: - X = pc->k; - continue; - - case BPF_LD|BPF_MEM: - A = mem[pc->k]; - continue; - - case BPF_LDX|BPF_MEM: - X = mem[pc->k]; - continue; - - case BPF_ST: - mem[pc->k] = A; - continue; - - case BPF_STX: - mem[pc->k] = X; - continue; - - case BPF_JMP|BPF_JA: - pc += pc->k; - continue; - - case BPF_JMP|BPF_JGT|BPF_K: - pc += (A > pc->k) ? pc->jt : pc->jf; - continue; - - case BPF_JMP|BPF_JGE|BPF_K: - pc += (A >= pc->k) ? pc->jt : pc->jf; - continue; - - case BPF_JMP|BPF_JEQ|BPF_K: - pc += (A == pc->k) ? pc->jt : pc->jf; - continue; - - case BPF_JMP|BPF_JSET|BPF_K: - pc += (A & pc->k) ? pc->jt : pc->jf; - continue; - - case BPF_JMP|BPF_JGT|BPF_X: - pc += (A > X) ? pc->jt : pc->jf; - continue; - - case BPF_JMP|BPF_JGE|BPF_X: - pc += (A >= X) ? pc->jt : pc->jf; - continue; - - case BPF_JMP|BPF_JEQ|BPF_X: - pc += (A == X) ? pc->jt : pc->jf; - continue; - - case BPF_JMP|BPF_JSET|BPF_X: - pc += (A & X) ? pc->jt : pc->jf; - continue; - - case BPF_ALU|BPF_ADD|BPF_X: - A += X; - continue; - - case BPF_ALU|BPF_SUB|BPF_X: - A -= X; - continue; - - case BPF_ALU|BPF_MUL|BPF_X: - A *= X; - continue; - - case BPF_ALU|BPF_DIV|BPF_X: - if (X == 0) - return 0; - A /= X; - continue; - - case BPF_ALU|BPF_AND|BPF_X: - A &= X; - continue; - - case BPF_ALU|BPF_OR|BPF_X: - A |= X; - continue; - - case BPF_ALU|BPF_LSH|BPF_X: - A <<= X; - continue; - - case BPF_ALU|BPF_RSH|BPF_X: - A >>= X; - continue; - - case BPF_ALU|BPF_ADD|BPF_K: - A += pc->k; - continue; - - case BPF_ALU|BPF_SUB|BPF_K: - A -= pc->k; - continue; - - case BPF_ALU|BPF_MUL|BPF_K: - A *= pc->k; - continue; - - case BPF_ALU|BPF_DIV|BPF_K: - A /= pc->k; - continue; - - case BPF_ALU|BPF_AND|BPF_K: - A &= pc->k; - continue; - - case BPF_ALU|BPF_OR|BPF_K: - A |= pc->k; - continue; - - case BPF_ALU|BPF_LSH|BPF_K: - A <<= pc->k; - continue; - - case BPF_ALU|BPF_RSH|BPF_K: - A >>= pc->k; - continue; - - case BPF_ALU|BPF_NEG: - A = -A; - continue; - - case BPF_MISC|BPF_TAX: - X = A; - continue; - - case BPF_MISC|BPF_TXA: - A = X; - continue; - } - } -} - - -/* - * Return true if the 'fcode' is a valid filter program. - * The constraints are that each jump be forward and to a valid - * code, that memory accesses are within valid ranges (to the - * extent that this can be checked statically; loads of packet - * data have to be, and are, also checked at run time), and that - * the code terminates with either an accept or reject. - * - * The kernel needs to be able to verify an application's filter code. - * Otherwise, a bogus program could easily crash the system. - */ -int -bpf_validate(f, len) - struct bpf_insn *f; - int len; -{ - u_int i, from; - const struct bpf_insn *p; - - if (len == 0) - return 1; - - if (len < 1 || len > BPF_MAXINSNS) - return 0; - - for (i = 0; i < len; ++i) { - p = &f[i]; - switch (BPF_CLASS(p->code)) { - /* - * Check that memory operations use valid addresses. - */ - case BPF_LD: - case BPF_LDX: - switch (BPF_MODE(p->code)) { - case BPF_IMM: - break; - case BPF_ABS: - case BPF_IND: - case BPF_MSH: - /* - * More strict check with actual packet length - * is done runtime. - */ -#if 0 - if (p->k >= bpf_maxbufsize) - return 0; -#endif - break; - case BPF_MEM: - if (p->k >= BPF_MEMWORDS) - return 0; - break; - case BPF_LEN: - break; - default: - return 0; - } - break; - case BPF_ST: - case BPF_STX: - if (p->k >= BPF_MEMWORDS) - return 0; - break; - case BPF_ALU: - switch (BPF_OP(p->code)) { - case BPF_ADD: - case BPF_SUB: - case BPF_OR: - case BPF_AND: - case BPF_LSH: - case BPF_RSH: - case BPF_NEG: - break; - case BPF_DIV: - /* - * Check for constant division by 0. - */ - if (BPF_RVAL(p->code) == BPF_K && p->k == 0) - return 0; - default: - return 0; - } - break; - case BPF_JMP: - /* - * Check that jumps are within the code block, - * and that unconditional branches don't go - * backwards as a result of an overflow. - * Unconditional branches have a 32-bit offset, - * so they could overflow; we check to make - * sure they don't. Conditional branches have - * an 8-bit offset, and the from address is <= - * BPF_MAXINSNS, and we assume that BPF_MAXINSNS - * is sufficiently small that adding 255 to it - * won't overflow. - * - * We know that len is <= BPF_MAXINSNS, and we - * assume that BPF_MAXINSNS is < the maximum size - * of a u_int, so that i + 1 doesn't overflow. - */ - from = i + 1; - switch (BPF_OP(p->code)) { - case BPF_JA: - if (from + p->k < from || from + p->k >= len) - return 0; - break; - case BPF_JEQ: - case BPF_JGT: - case BPF_JGE: - case BPF_JSET: - if (from + p->jt >= len || from + p->jf >= len) - return 0; - break; - default: - return 0; - } - break; - case BPF_RET: - break; - case BPF_MISC: - break; - default: - return 0; - } - } - return BPF_CLASS(f[len - 1].code) == BPF_RET; -} diff --git a/contrib/ipfilter/genmask.c b/contrib/ipfilter/genmask.c deleted file mode 100644 index 75193e3ea398..000000000000 --- a/contrib/ipfilter/genmask.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (C) 2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id$ - */ - -#include "ipf.h" - - -int genmask(family, msk, mskp) - int family; - char *msk; - i6addr_t *mskp; -{ - char *endptr = 0L; - u_32_t addr; - int bits; - - if (strchr(msk, '.') || strchr(msk, 'x') || strchr(msk, ':')) { - /* possibly of the form xxx.xxx.xxx.xxx - * or 0xYYYYYYYY */ - switch (family) - { -#ifdef USE_INET6 - case AF_INET6 : - if (inet_pton(AF_INET6, msk, &mskp->in4) != 1) - return -1; - break; -#endif - case AF_INET : - if (inet_aton(msk, &mskp->in4) == 0) - return -1; - break; - default : - return -1; - /*NOTREACHED*/ - } - } else { - /* - * set x most significant bits - */ - bits = (int)strtol(msk, &endptr, 0); - - switch (family) - { - case AF_INET6 : - if ((*endptr != '\0') || (bits < 0) || (bits > 128)) - return -1; - fill6bits(bits, mskp->i6); - break; - case AF_INET : - if (*endptr != '\0' || bits > 32 || bits < 0) - return -1; - if (bits == 0) - addr = 0; - else - addr = htonl(0xffffffff << (32 - bits)); - mskp->in4.s_addr = addr; - break; - default : - return -1; - /*NOTREACHED*/ - } - } - return 0; -} diff --git a/contrib/ipfilter/ip_dstlist.c b/contrib/ipfilter/ip_dstlist.c deleted file mode 100644 index ce2e72e8130f..000000000000 --- a/contrib/ipfilter/ip_dstlist.c +++ /dev/null @@ -1,1351 +0,0 @@ -/* - * Copyright (C) 2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if defined(KERNEL) || defined(_KERNEL) -# undef KERNEL -# undef _KERNEL -# define KERNEL 1 -# define _KERNEL 1 -#endif -#if defined(__osf__) -# define _PROTO_NET_H_ -#endif -#include -#include -#include -#include -#if !defined(_KERNEL) && !defined(__KERNEL__) -# include -# include -# include -# define _KERNEL -# ifdef __OpenBSD__ -struct file; -# endif -# include -# undef _KERNEL -#else -# include -# if defined(NetBSD) && (__NetBSD_Version__ >= 104000000) -# include -# endif -#endif -#include -#if !defined(linux) -# include -#endif -#include -#if defined(_KERNEL) && (!defined(__SVR4) && !defined(__svr4__)) -# include -#endif -#if defined(__SVR4) || defined(__svr4__) -# include -# include -# ifdef _KERNEL -# include -# endif -# include -# include -#endif -#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000) -# include -#endif - -#include -#include - -#include "netinet/ip_compat.h" -#include "netinet/ip_fil.h" -#include "netinet/ip_nat.h" -#include "netinet/ip_lookup.h" -#include "netinet/ip_dstlist.h" - -/* END OF INCLUDES */ - -#ifdef HAS_SYS_MD5_H -# include -#else -# include "md5.h" -#endif - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: ip_dstlist.c,v 1.13.2.12 2012/07/20 08:40:19 darren_r Exp $"; -#endif - -typedef struct ipf_dstl_softc_s { - ippool_dst_t *dstlist[LOOKUP_POOL_SZ]; - ippool_dst_t **tails[LOOKUP_POOL_SZ]; - ipf_dstl_stat_t stats; -} ipf_dstl_softc_t; - - -static void *ipf_dstlist_soft_create __P((ipf_main_softc_t *)); -static void ipf_dstlist_soft_destroy __P((ipf_main_softc_t *, void *)); -static int ipf_dstlist_soft_init __P((ipf_main_softc_t *, void *)); -static void ipf_dstlist_soft_fini __P((ipf_main_softc_t *, void *)); -static int ipf_dstlist_addr_find __P((ipf_main_softc_t *, void *, int, - void *, u_int)); -static size_t ipf_dstlist_flush __P((ipf_main_softc_t *, void *, - iplookupflush_t *)); -static int ipf_dstlist_iter_deref __P((ipf_main_softc_t *, void *, int, int, - void *)); -static int ipf_dstlist_iter_next __P((ipf_main_softc_t *, void *, ipftoken_t *, - ipflookupiter_t *)); -static int ipf_dstlist_node_add __P((ipf_main_softc_t *, void *, - iplookupop_t *, int)); -static int ipf_dstlist_node_del __P((ipf_main_softc_t *, void *, - iplookupop_t *, int)); -static int ipf_dstlist_stats_get __P((ipf_main_softc_t *, void *, - iplookupop_t *)); -static int ipf_dstlist_table_add __P((ipf_main_softc_t *, void *, - iplookupop_t *)); -static int ipf_dstlist_table_del __P((ipf_main_softc_t *, void *, - iplookupop_t *)); -static int ipf_dstlist_table_deref __P((ipf_main_softc_t *, void *, void *)); -static void *ipf_dstlist_table_find __P((void *, int, char *)); -static void ipf_dstlist_table_free __P((ipf_dstl_softc_t *, ippool_dst_t *)); -static void ipf_dstlist_table_remove __P((ipf_main_softc_t *, - ipf_dstl_softc_t *, ippool_dst_t *)); -static void ipf_dstlist_table_clearnodes __P((ipf_dstl_softc_t *, - ippool_dst_t *)); -static ipf_dstnode_t *ipf_dstlist_select __P((fr_info_t *, ippool_dst_t *)); -static void *ipf_dstlist_select_ref __P((void *, int, char *)); -static void ipf_dstlist_node_free __P((ipf_dstl_softc_t *, ippool_dst_t *, ipf_dstnode_t *)); -static int ipf_dstlist_node_deref __P((void *, ipf_dstnode_t *)); -static void ipf_dstlist_expire __P((ipf_main_softc_t *, void *)); -static void ipf_dstlist_sync __P((ipf_main_softc_t *, void *)); - -ipf_lookup_t ipf_dstlist_backend = { - IPLT_DSTLIST, - ipf_dstlist_soft_create, - ipf_dstlist_soft_destroy, - ipf_dstlist_soft_init, - ipf_dstlist_soft_fini, - ipf_dstlist_addr_find, - ipf_dstlist_flush, - ipf_dstlist_iter_deref, - ipf_dstlist_iter_next, - ipf_dstlist_node_add, - ipf_dstlist_node_del, - ipf_dstlist_stats_get, - ipf_dstlist_table_add, - ipf_dstlist_table_del, - ipf_dstlist_table_deref, - ipf_dstlist_table_find, - ipf_dstlist_select_ref, - ipf_dstlist_select_node, - ipf_dstlist_expire, - ipf_dstlist_sync -}; - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_soft_create */ -/* Returns: int - 0 = success, else error */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* */ -/* Allocating a chunk of memory filled with 0's is enough for the current */ -/* soft context used with destination lists. */ -/* ------------------------------------------------------------------------ */ -static void * -ipf_dstlist_soft_create(softc) - ipf_main_softc_t *softc; -{ - ipf_dstl_softc_t *softd; - int i; - - KMALLOC(softd, ipf_dstl_softc_t *); - if (softd == NULL) { - IPFERROR(120028); - return NULL; - } - - bzero((char *)softd, sizeof(*softd)); - for (i = 0; i <= IPL_LOGMAX; i++) - softd->tails[i] = &softd->dstlist[i]; - - return softd; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_soft_destroy */ -/* Returns: Nil */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* */ -/* For destination lists, the only thing we have to do when destroying the */ -/* soft context is free it! */ -/* ------------------------------------------------------------------------ */ -static void -ipf_dstlist_soft_destroy(softc, arg) - ipf_main_softc_t *softc; - void *arg; -{ - ipf_dstl_softc_t *softd = arg; - - KFREE(softd); -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_soft_init */ -/* Returns: int - 0 = success, else error */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* */ -/* There is currently no soft context for destination list management. */ -/* ------------------------------------------------------------------------ */ -static int -ipf_dstlist_soft_init(softc, arg) - ipf_main_softc_t *softc; - void *arg; -{ - return 0; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_soft_fini */ -/* Returns: Nil */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* */ -/* There is currently no soft context for destination list management. */ -/* ------------------------------------------------------------------------ */ -static void -ipf_dstlist_soft_fini(softc, arg) - ipf_main_softc_t *softc; - void *arg; -{ - ipf_dstl_softc_t *softd = arg; - int i; - - for (i = -1; i <= IPL_LOGMAX; i++) { - while (softd->dstlist[i + 1] != NULL) { - ipf_dstlist_table_remove(softc, softd, - softd->dstlist[i + 1]); - } - } - - ASSERT(softd->stats.ipls_numderefnodes == 0); -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_addr_find */ -/* Returns: int - 0 = success, else error */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg1(I) - pointer to local context to use */ -/* arg2(I) - pointer to local context to use */ -/* arg3(I) - pointer to local context to use */ -/* arg4(I) - pointer to local context to use */ -/* */ -/* There is currently no such thing as searching a destination list for an */ -/* address so this function becomes a no-op. Its presence is required as */ -/* ipf_lookup_res_name() stores the "addr_find" function pointer in the */ -/* pointer passed in to it as funcptr, although it could be a generic null- */ -/* op function rather than a specific one. */ -/* ------------------------------------------------------------------------ */ -/*ARGSUSED*/ -static int -ipf_dstlist_addr_find(softc, arg1, arg2, arg3, arg4) - ipf_main_softc_t *softc; - void *arg1, *arg3; - int arg2; - u_int arg4; -{ - return -1; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_flush */ -/* Returns: int - number of objects deleted */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* fop(I) - pointer to lookup flush operation data */ -/* */ -/* Flush all of the destination tables that match the data passed in with */ -/* the iplookupflush_t. There are two ways to match objects: the device for */ -/* which they are to be used with and their name. */ -/* ------------------------------------------------------------------------ */ -static size_t -ipf_dstlist_flush(softc, arg, fop) - ipf_main_softc_t *softc; - void *arg; - iplookupflush_t *fop; -{ - ipf_dstl_softc_t *softd = arg; - ippool_dst_t *node, *next; - int n, i; - - for (n = 0, i = -1; i <= IPL_LOGMAX; i++) { - if (fop->iplf_unit != IPLT_ALL && fop->iplf_unit != i) - continue; - for (node = softd->dstlist[i + 1]; node != NULL; node = next) { - next = node->ipld_next; - - if ((*fop->iplf_name != '\0') && - strncmp(fop->iplf_name, node->ipld_name, - FR_GROUPLEN)) - continue; - - ipf_dstlist_table_remove(softc, softd, node); - n++; - } - } - return n; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_iter_deref */ -/* Returns: int - 0 = success, else error */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* otype(I) - type of data structure to iterate through */ -/* unit(I) - device we are working with */ -/* data(I) - address of object in kernel space */ -/* */ -/* This function is called when the iteration token is being free'd and is */ -/* responsible for dropping the reference count of the structure it points */ -/* to. */ -/* ------------------------------------------------------------------------ */ -static int -ipf_dstlist_iter_deref(softc, arg, otype, unit, data) - ipf_main_softc_t *softc; - void *arg; - int otype, unit; - void *data; -{ - if (data == NULL) { - IPFERROR(120001); - return EINVAL; - } - - if (unit < -1 || unit > IPL_LOGMAX) { - IPFERROR(120002); - return EINVAL; - } - - switch (otype) - { - case IPFLOOKUPITER_LIST : - ipf_dstlist_table_deref(softc, arg, (ippool_dst_t *)data); - break; - - case IPFLOOKUPITER_NODE : - ipf_dstlist_node_deref(arg, (ipf_dstnode_t *)data); - break; - } - - return 0; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_iter_next */ -/* Returns: int - 0 = success, else error */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* op(I) - pointer to lookup operation data */ -/* uid(I) - uid of process doing the ioctl */ -/* */ -/* This function is responsible for either selecting the next destination */ -/* list or node on a destination list to be returned as a user process */ -/* iterates through the list of destination lists or nodes. */ -/* ------------------------------------------------------------------------ */ -static int -ipf_dstlist_iter_next(softc, arg, token, iter) - ipf_main_softc_t *softc; - void *arg; - ipftoken_t *token; - ipflookupiter_t *iter; -{ - ipf_dstnode_t zn, *nextnode = NULL, *node = NULL; - ippool_dst_t zero, *next = NULL, *dsttab = NULL; - ipf_dstl_softc_t *softd = arg; - int err = 0; - void *hint; - - switch (iter->ili_otype) - { - case IPFLOOKUPITER_LIST : - dsttab = token->ipt_data; - if (dsttab == NULL) { - next = softd->dstlist[(int)iter->ili_unit + 1]; - } else { - next = dsttab->ipld_next; - } - - if (next != NULL) { - ATOMIC_INC32(next->ipld_ref); - token->ipt_data = next; - hint = next->ipld_next; - } else { - bzero((char *)&zero, sizeof(zero)); - next = &zero; - token->ipt_data = NULL; - hint = NULL; - } - break; - - case IPFLOOKUPITER_NODE : - node = token->ipt_data; - if (node == NULL) { - dsttab = ipf_dstlist_table_find(arg, iter->ili_unit, - iter->ili_name); - if (dsttab == NULL) { - IPFERROR(120004); - err = ESRCH; - nextnode = NULL; - } else { - if (dsttab->ipld_dests == NULL) - nextnode = NULL; - else - nextnode = *dsttab->ipld_dests; - dsttab = NULL; - } - } else { - nextnode = node->ipfd_next; - } - - if (nextnode != NULL) { - MUTEX_ENTER(&nextnode->ipfd_lock); - nextnode->ipfd_ref++; - MUTEX_EXIT(&nextnode->ipfd_lock); - token->ipt_data = nextnode; - hint = nextnode->ipfd_next; - } else { - bzero((char *)&zn, sizeof(zn)); - nextnode = &zn; - token->ipt_data = NULL; - hint = NULL; - } - break; - default : - IPFERROR(120003); - err = EINVAL; - break; - } - - if (err != 0) - return err; - - switch (iter->ili_otype) - { - case IPFLOOKUPITER_LIST : - if (dsttab != NULL) - ipf_dstlist_table_deref(softc, arg, dsttab); - err = COPYOUT(next, iter->ili_data, sizeof(*next)); - if (err != 0) { - IPFERROR(120005); - err = EFAULT; - } - break; - - case IPFLOOKUPITER_NODE : - if (node != NULL) - ipf_dstlist_node_deref(arg, node); - err = COPYOUT(nextnode, iter->ili_data, sizeof(*nextnode)); - if (err != 0) { - IPFERROR(120006); - err = EFAULT; - } - break; - } - - if (hint == NULL) - ipf_token_mark_complete(token); - - return err; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_node_add */ -/* Returns: int - 0 = success, else error */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* op(I) - pointer to lookup operation data */ -/* uid(I) - uid of process doing the ioctl */ -/* Locks: WRITE(ipf_poolrw) */ -/* */ -/* Add a new node to a destination list. To do this, we only copy in the */ -/* frdest_t structure because that contains the only data required from the */ -/* application to create a new node. The frdest_t doesn't contain the name */ -/* itself. When loading filter rules, fd_name is a 'pointer' to the name. */ -/* In this case, the 'pointer' does not work, instead it is the length of */ -/* the name and the name is immediately following the frdest_t structure. */ -/* fd_name must include the trailing \0, so it should be strlen(str) + 1. */ -/* For simple sanity checking, an upper bound on the size of fd_name is */ -/* imposed - 128. */ -/* ------------------------------------------------------------------------ */ -static int -ipf_dstlist_node_add(softc, arg, op, uid) - ipf_main_softc_t *softc; - void *arg; - iplookupop_t *op; - int uid; -{ - ipf_dstl_softc_t *softd = arg; - ipf_dstnode_t *node, **nodes; - ippool_dst_t *d; - frdest_t dest; - int err; - - if (op->iplo_size < sizeof(frdest_t)) { - IPFERROR(120007); - return EINVAL; - } - - err = COPYIN(op->iplo_struct, &dest, sizeof(dest)); - if (err != 0) { - IPFERROR(120009); - return EFAULT; - } - - d = ipf_dstlist_table_find(arg, op->iplo_unit, op->iplo_name); - if (d == NULL) { - IPFERROR(120010); - return ESRCH; - } - - switch (dest.fd_addr.adf_family) - { - case AF_INET : - case AF_INET6 : - break; - default : - IPFERROR(120019); - return EINVAL; - } - - if (dest.fd_name < -1 || dest.fd_name > 128) { - IPFERROR(120018); - return EINVAL; - } - - KMALLOCS(node, ipf_dstnode_t *, sizeof(*node) + dest.fd_name); - if (node == NULL) { - softd->stats.ipls_nomem++; - IPFERROR(120008); - return ENOMEM; - } - bzero((char *)node, sizeof(*node) + dest.fd_name); - - bcopy(&dest, &node->ipfd_dest, sizeof(dest)); - node->ipfd_size = sizeof(*node) + dest.fd_name; - - if (dest.fd_name > 0) { - /* - * fd_name starts out as the length of the string to copy - * in (including \0) and ends up being the offset from - * fd_names (0). - */ - err = COPYIN((char *)op->iplo_struct + sizeof(dest), - node->ipfd_names, dest.fd_name); - if (err != 0) { - IPFERROR(120017); - KFREES(node, node->ipfd_size); - return EFAULT; - } - node->ipfd_dest.fd_name = 0; - } else { - node->ipfd_dest.fd_name = -1; - } - - if (d->ipld_nodes == d->ipld_maxnodes) { - KMALLOCS(nodes, ipf_dstnode_t **, - sizeof(*nodes) * (d->ipld_maxnodes + 1)); - if (nodes == NULL) { - softd->stats.ipls_nomem++; - IPFERROR(120022); - KFREES(node, node->ipfd_size); - return ENOMEM; - } - if (d->ipld_dests != NULL) { - bcopy(d->ipld_dests, nodes, - sizeof(*nodes) * d->ipld_maxnodes); - KFREES(d->ipld_dests, sizeof(*nodes) * d->ipld_nodes); - nodes[0]->ipfd_pnext = nodes; - } - d->ipld_dests = nodes; - d->ipld_maxnodes++; - } - d->ipld_dests[d->ipld_nodes] = node; - d->ipld_nodes++; - - if (d->ipld_nodes == 1) { - node->ipfd_pnext = d->ipld_dests; - } else if (d->ipld_nodes > 1) { - node->ipfd_pnext = &d->ipld_dests[d->ipld_nodes - 2]->ipfd_next; - } - *node->ipfd_pnext = node; - - MUTEX_INIT(&node->ipfd_lock, "ipf dst node lock"); - node->ipfd_uid = uid; - node->ipfd_ref = 1; - if (node->ipfd_dest.fd_name == 0) - (void) ipf_resolvedest(softc, node->ipfd_names, - &node->ipfd_dest, AF_INET); -#ifdef USE_INET6 - if (node->ipfd_dest.fd_name == 0 && - node->ipfd_dest.fd_ptr == (void *)-1) - (void) ipf_resolvedest(softc, node->ipfd_names, - &node->ipfd_dest, AF_INET6); -#endif - - softd->stats.ipls_numnodes++; - - return 0; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_node_deref */ -/* Returns: int - 0 = success, else error */ -/* Parameters: arg(I) - pointer to local context to use */ -/* node(I) - pointer to destionation node to free */ -/* */ -/* Dereference the use count by one. If it drops to zero then we can assume */ -/* that it has been removed from any lists/tables and is ripe for freeing. */ -/* The pointer to context is required for the purpose of maintaining */ -/* statistics. */ -/* ------------------------------------------------------------------------ */ -static int -ipf_dstlist_node_deref(arg, node) - void *arg; - ipf_dstnode_t *node; -{ - ipf_dstl_softc_t *softd = arg; - int ref; - - MUTEX_ENTER(&node->ipfd_lock); - ref = --node->ipfd_ref; - MUTEX_EXIT(&node->ipfd_lock); - - if (ref > 0) - return 0; - - if ((node->ipfd_flags & IPDST_DELETE) != 0) - softd->stats.ipls_numderefnodes--; - MUTEX_DESTROY(&node->ipfd_lock); - KFREES(node, node->ipfd_size); - softd->stats.ipls_numnodes--; - - return 0; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_node_del */ -/* Returns: int - 0 = success, else error */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* op(I) - pointer to lookup operation data */ -/* uid(I) - uid of process doing the ioctl */ -/* */ -/* Look for a matching destination node on the named table and free it if */ -/* found. Because the name embedded in the frdest_t is variable in length, */ -/* it is necessary to allocate some memory locally, to complete this op. */ -/* ------------------------------------------------------------------------ */ -static int -ipf_dstlist_node_del(softc, arg, op, uid) - ipf_main_softc_t *softc; - void *arg; - iplookupop_t *op; - int uid; -{ - ipf_dstl_softc_t *softd = arg; - ipf_dstnode_t *node; - frdest_t frd, *temp; - ippool_dst_t *d; - size_t size; - int err; - - d = ipf_dstlist_table_find(arg, op->iplo_unit, op->iplo_name); - if (d == NULL) { - IPFERROR(120012); - return ESRCH; - } - - err = COPYIN(op->iplo_struct, &frd, sizeof(frd)); - if (err != 0) { - IPFERROR(120011); - return EFAULT; - } - - size = sizeof(*temp) + frd.fd_name; - KMALLOCS(temp, frdest_t *, size); - if (temp == NULL) { - softd->stats.ipls_nomem++; - IPFERROR(120026); - return ENOMEM; - } - - err = COPYIN(op->iplo_struct, temp, size); - if (err != 0) { - IPFERROR(120027); - return EFAULT; - } - - MUTEX_ENTER(&d->ipld_lock); - for (node = *d->ipld_dests; node != NULL; node = node->ipfd_next) { - if ((uid != 0) && (node->ipfd_uid != uid)) - continue; - if (node->ipfd_size != size) - continue; - if (!bcmp(&node->ipfd_dest.fd_ip6, &frd.fd_ip6, - size - offsetof(frdest_t, fd_ip6))) { - ipf_dstlist_node_free(softd, d, node); - MUTEX_EXIT(&d->ipld_lock); - KFREES(temp, size); - return 0; - } - } - MUTEX_EXIT(&d->ipld_lock); - KFREES(temp, size); - - return ESRCH; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_node_free */ -/* Returns: Nil */ -/* Parameters: softd(I) - pointer to the destination list context */ -/* d(I) - pointer to destination list */ -/* node(I) - pointer to node to free */ -/* Locks: MUTEX(ipld_lock) or WRITE(ipf_poolrw) */ -/* */ -/* Free the destination node by first removing it from any lists and then */ -/* checking if this was the last reference held to the object. While the */ -/* array of pointers to nodes is compacted, its size isn't reduced (by way */ -/* of allocating a new smaller one and copying) because the belief is that */ -/* it is likely the array will again reach that size. */ -/* ------------------------------------------------------------------------ */ -static void -ipf_dstlist_node_free(softd, d, node) - ipf_dstl_softc_t *softd; - ippool_dst_t *d; - ipf_dstnode_t *node; -{ - int i; - - /* - * Compact the array of pointers to nodes. - */ - for (i = 0; i < d->ipld_nodes; i++) - if (d->ipld_dests[i] == node) - break; - if (d->ipld_nodes - i > 1) { - bcopy(&d->ipld_dests[i + 1], &d->ipld_dests[i], - sizeof(*d->ipld_dests) * (d->ipld_nodes - i - 1)); - } - d->ipld_nodes--; - - if (node->ipfd_pnext != NULL) - *node->ipfd_pnext = node->ipfd_next; - if (node->ipfd_next != NULL) - node->ipfd_next->ipfd_pnext = node->ipfd_pnext; - node->ipfd_pnext = NULL; - node->ipfd_next = NULL; - - if ((node->ipfd_flags & IPDST_DELETE) == 0) { - softd->stats.ipls_numderefnodes++; - node->ipfd_flags |= IPDST_DELETE; - } - - ipf_dstlist_node_deref(softd, node); -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_stats_get */ -/* Returns: int - 0 = success, else error */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* op(I) - pointer to lookup operation data */ -/* */ -/* Return the current statistics for destination lists. This may be for all */ -/* of them or just information pertaining to a particular table. */ -/* ------------------------------------------------------------------------ */ -/*ARGSUSED*/ -static int -ipf_dstlist_stats_get(softc, arg, op) - ipf_main_softc_t *softc; - void *arg; - iplookupop_t *op; -{ - ipf_dstl_softc_t *softd = arg; - ipf_dstl_stat_t stats; - int unit, i, err = 0; - - if (op->iplo_size != sizeof(ipf_dstl_stat_t)) { - IPFERROR(120023); - return EINVAL; - } - - stats = softd->stats; - unit = op->iplo_unit; - if (unit == IPL_LOGALL) { - for (i = 0; i <= IPL_LOGMAX; i++) - stats.ipls_list[i] = softd->dstlist[i]; - } else if (unit >= 0 && unit <= IPL_LOGMAX) { - void *ptr; - - if (op->iplo_name[0] != '\0') - ptr = ipf_dstlist_table_find(softd, unit, - op->iplo_name); - else - ptr = softd->dstlist[unit + 1]; - stats.ipls_list[unit] = ptr; - } else { - IPFERROR(120024); - err = EINVAL; - } - - if (err == 0) { - err = COPYOUT(&stats, op->iplo_struct, sizeof(stats)); - if (err != 0) { - IPFERROR(120025); - return EFAULT; - } - } - return 0; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_table_add */ -/* Returns: int - 0 = success, else error */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* op(I) - pointer to lookup operation data */ -/* */ -/* Add a new destination table to the list of those available for the given */ -/* device. Because we seldom operate on these objects (find/add/delete), */ -/* they are just kept in a simple linked list. */ -/* ------------------------------------------------------------------------ */ -static int -ipf_dstlist_table_add(softc, arg, op) - ipf_main_softc_t *softc; - void *arg; - iplookupop_t *op; -{ - ipf_dstl_softc_t *softd = arg; - ippool_dst_t user, *d, *new; - int unit, err; - - d = ipf_dstlist_table_find(arg, op->iplo_unit, op->iplo_name); - if (d != NULL) { - IPFERROR(120013); - return EEXIST; - } - - err = COPYIN(op->iplo_struct, &user, sizeof(user)); - if (err != 0) { - IPFERROR(120021); - return EFAULT; - } - - KMALLOC(new, ippool_dst_t *); - if (new == NULL) { - softd->stats.ipls_nomem++; - IPFERROR(120014); - return ENOMEM; - } - bzero((char *)new, sizeof(*new)); - - MUTEX_INIT(&new->ipld_lock, "ipf dst table lock"); - - strncpy(new->ipld_name, op->iplo_name, FR_GROUPLEN); - unit = op->iplo_unit; - new->ipld_unit = unit; - new->ipld_policy = user.ipld_policy; - new->ipld_seed = ipf_random(); - new->ipld_ref = 1; - - new->ipld_pnext = softd->tails[unit + 1]; - *softd->tails[unit + 1] = new; - softd->tails[unit + 1] = &new->ipld_next; - softd->stats.ipls_numlists++; - - return 0; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_table_del */ -/* Returns: int - 0 = success, else error */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* op(I) - pointer to lookup operation data */ -/* */ -/* Find a named destinstion list table and delete it. If there are other */ -/* references to it, the caller isn't told. */ -/* ------------------------------------------------------------------------ */ -static int -ipf_dstlist_table_del(softc, arg, op) - ipf_main_softc_t *softc; - void *arg; - iplookupop_t *op; -{ - ippool_dst_t *d; - - d = ipf_dstlist_table_find(arg, op->iplo_unit, op->iplo_name); - if (d == NULL) { - IPFERROR(120015); - return ESRCH; - } - - if (d->ipld_dests != NULL) { - IPFERROR(120016); - return EBUSY; - } - - ipf_dstlist_table_remove(softc, arg, d); - - return 0; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_table_remove */ -/* Returns: Nil */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* softd(I) - pointer to the destination list context */ -/* d(I) - pointer to destination list */ -/* */ -/* Remove a given destination list from existance. While the IPDST_DELETE */ -/* flag is set every time we call this function and the reference count is */ -/* non-zero, the "numdereflists" counter is always incremented because the */ -/* decision about whether it will be freed or not is not made here. This */ -/* means that the only action the code can take here is to treat it as if */ -/* it will become a detached. */ -/* ------------------------------------------------------------------------ */ -static void -ipf_dstlist_table_remove(softc, softd, d) - ipf_main_softc_t *softc; - ipf_dstl_softc_t *softd; - ippool_dst_t *d; -{ - - if (softd->tails[d->ipld_unit + 1] == &d->ipld_next) - softd->tails[d->ipld_unit + 1] = d->ipld_pnext; - - if (d->ipld_pnext != NULL) - *d->ipld_pnext = d->ipld_next; - if (d->ipld_next != NULL) - d->ipld_next->ipld_pnext = d->ipld_pnext; - d->ipld_pnext = NULL; - d->ipld_next = NULL; - - ipf_dstlist_table_clearnodes(softd, d); - - softd->stats.ipls_numdereflists++; - d->ipld_flags |= IPDST_DELETE; - - ipf_dstlist_table_deref(softc, softd, d); -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_table_free */ -/* Returns: Nil */ -/* Parameters: softd(I) - pointer to the destination list context */ -/* d(I) - pointer to destination list */ -/* */ -/* Free up a destination list data structure and any other memory that was */ -/* directly allocated as part of creating it. Individual destination list */ -/* nodes are not freed. It is assumed the caller will have already emptied */ -/* the destination list. */ -/* ------------------------------------------------------------------------ */ -static void -ipf_dstlist_table_free(softd, d) - ipf_dstl_softc_t *softd; - ippool_dst_t *d; -{ - MUTEX_DESTROY(&d->ipld_lock); - - if ((d->ipld_flags & IPDST_DELETE) != 0) - softd->stats.ipls_numdereflists--; - softd->stats.ipls_numlists--; - - if (d->ipld_dests != NULL) { - KFREES(d->ipld_dests, - d->ipld_maxnodes * sizeof(*d->ipld_dests)); - } - - KFREE(d); -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_table_deref */ -/* Returns: int - 0 = success, else error */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* op(I) - pointer to lookup operation data */ -/* */ -/* Drops the reference count on a destination list table object and free's */ -/* it if 0 has been reached. */ -/* ------------------------------------------------------------------------ */ -static int -ipf_dstlist_table_deref(softc, arg, table) - ipf_main_softc_t *softc; - void *arg; - void *table; -{ - ippool_dst_t *d = table; - - d->ipld_ref--; - if (d->ipld_ref > 0) - return d->ipld_ref; - - ipf_dstlist_table_free(arg, d); - - return 0; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_table_clearnodes */ -/* Returns: Nil */ -/* Parameters: softd(I) - pointer to the destination list context */ -/* dst(I) - pointer to destination list */ -/* */ -/* Free all of the destination nodes attached to the given table. */ -/* ------------------------------------------------------------------------ */ -static void -ipf_dstlist_table_clearnodes(softd, dst) - ipf_dstl_softc_t *softd; - ippool_dst_t *dst; -{ - ipf_dstnode_t *node; - - if (dst->ipld_dests == NULL) - return; - - while ((node = *dst->ipld_dests) != NULL) { - ipf_dstlist_node_free(softd, dst, node); - } -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_table_find */ -/* Returns: int - 0 = success, else error */ -/* Parameters: arg(I) - pointer to local context to use */ -/* unit(I) - device we are working with */ -/* name(I) - destination table name to find */ -/* */ -/* Return a pointer to a destination table that matches the unit+name that */ -/* is passed in. */ -/* ------------------------------------------------------------------------ */ -static void * -ipf_dstlist_table_find(arg, unit, name) - void *arg; - int unit; - char *name; -{ - ipf_dstl_softc_t *softd = arg; - ippool_dst_t *d; - - for (d = softd->dstlist[unit + 1]; d != NULL; d = d->ipld_next) { - if ((d->ipld_unit == unit) && - !strncmp(d->ipld_name, name, FR_GROUPLEN)) { - return d; - } - } - - return NULL; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_select_ref */ -/* Returns: void * - NULL = failure, else pointer to table */ -/* Parameters: arg(I) - pointer to local context to use */ -/* unit(I) - device we are working with */ -/* name(I) - destination table name to find */ -/* */ -/* Attempt to find a destination table that matches the name passed in and */ -/* if successful, bump up the reference count on it because we intend to */ -/* store the pointer to it somewhere else. */ -/* ------------------------------------------------------------------------ */ -static void * -ipf_dstlist_select_ref(arg, unit, name) - void *arg; - int unit; - char *name; -{ - ippool_dst_t *d; - - d = ipf_dstlist_table_find(arg, unit, name); - if (d != NULL) { - MUTEX_ENTER(&d->ipld_lock); - d->ipld_ref++; - MUTEX_EXIT(&d->ipld_lock); - } - return d; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_select */ -/* Returns: void * - NULL = failure, else pointer to table */ -/* Parameters: fin(I) - pointer to packet information */ -/* d(I) - pointer to destination list */ -/* */ -/* Find the next node in the destination list to be used according to the */ -/* defined policy. Of these, "connection" is the most expensive policy to */ -/* implement as it always looks for the node with the least number of */ -/* connections associated with it. */ -/* */ -/* The hashes exclude the port numbers so that all protocols map to the */ -/* same destination. Otherwise, someone doing a ping would target a */ -/* different server than their TCP connection, etc. MD-5 is used to */ -/* transform the addressese into something random that the other end could */ -/* not easily guess and use in an attack. ipld_seed introduces an unknown */ -/* into the hash calculation to increase the difficult of an attacker */ -/* guessing the bucket. */ -/* */ -/* One final comment: mixing different address families in a single pool */ -/* will currently result in failures as the address family of the node is */ -/* only matched up with that in the packet as the last step. While this can */ -/* be coded around for the weighted connection and round-robin models, it */ -/* cannot be supported for the hash/random models as they do not search and */ -/* nor is the algorithm conducive to searching. */ -/* ------------------------------------------------------------------------ */ -static ipf_dstnode_t * -ipf_dstlist_select(fin, d) - fr_info_t *fin; - ippool_dst_t *d; -{ - ipf_dstnode_t *node, *sel; - int connects; - u_32_t hash[4]; - MD5_CTX ctx; - int family; - int x; - - if (d->ipld_dests == NULL || *d->ipld_dests == NULL) - return NULL; - - family = fin->fin_family; - - MUTEX_ENTER(&d->ipld_lock); - - switch (d->ipld_policy) - { - case IPLDP_ROUNDROBIN: - sel = d->ipld_selected; - if (sel == NULL) { - sel = *d->ipld_dests; - } else { - sel = sel->ipfd_next; - if (sel == NULL) - sel = *d->ipld_dests; - } - break; - - case IPLDP_CONNECTION: - if (d->ipld_selected == NULL) { - sel = *d->ipld_dests; - break; - } - - sel = d->ipld_selected; - connects = 0x7fffffff; - node = sel->ipfd_next; - if (node == NULL) - node = *d->ipld_dests; - while (node != d->ipld_selected) { - if (node->ipfd_states == 0) { - sel = node; - break; - } - if (node->ipfd_states < connects) { - sel = node; - connects = node->ipfd_states; - } - node = node->ipfd_next; - if (node == NULL) - node = *d->ipld_dests; - } - break; - - case IPLDP_RANDOM : - x = ipf_random() % d->ipld_nodes; - sel = d->ipld_dests[x]; - break; - - case IPLDP_HASHED : - MD5Init(&ctx); - MD5Update(&ctx, (u_char *)&d->ipld_seed, sizeof(d->ipld_seed)); - MD5Update(&ctx, (u_char *)&fin->fin_src6, - sizeof(fin->fin_src6)); - MD5Update(&ctx, (u_char *)&fin->fin_dst6, - sizeof(fin->fin_dst6)); - MD5Final((u_char *)hash, &ctx); - x = hash[0] % d->ipld_nodes; - sel = d->ipld_dests[x]; - break; - - case IPLDP_SRCHASH : - MD5Init(&ctx); - MD5Update(&ctx, (u_char *)&d->ipld_seed, sizeof(d->ipld_seed)); - MD5Update(&ctx, (u_char *)&fin->fin_src6, - sizeof(fin->fin_src6)); - MD5Final((u_char *)hash, &ctx); - x = hash[0] % d->ipld_nodes; - sel = d->ipld_dests[x]; - break; - - case IPLDP_DSTHASH : - MD5Init(&ctx); - MD5Update(&ctx, (u_char *)&d->ipld_seed, sizeof(d->ipld_seed)); - MD5Update(&ctx, (u_char *)&fin->fin_dst6, - sizeof(fin->fin_dst6)); - MD5Final((u_char *)hash, &ctx); - x = hash[0] % d->ipld_nodes; - sel = d->ipld_dests[x]; - break; - - default : - sel = NULL; - break; - } - - if (sel->ipfd_dest.fd_addr.adf_family != family) - sel = NULL; - d->ipld_selected = sel; - - MUTEX_EXIT(&d->ipld_lock); - - return sel; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_select_node */ -/* Returns: int - -1 == failure, 0 == success */ -/* Parameters: fin(I) - pointer to packet information */ -/* group(I) - destination pool to search */ -/* addr(I) - pointer to store selected address */ -/* pfdp(O) - pointer to storage for selected destination node */ -/* */ -/* This function is only responsible for obtaining the next IP address for */ -/* use and storing it in the caller's address space (addr). "addr" is only */ -/* used for storage if pfdp is NULL. No permanent reference is currently */ -/* kept on the node. */ -/* ------------------------------------------------------------------------ */ -int -ipf_dstlist_select_node(fin, group, addr, pfdp) - fr_info_t *fin; - void *group; - u_32_t *addr; - frdest_t *pfdp; -{ -#ifdef USE_MUTEXES - ipf_main_softc_t *softc = fin->fin_main_soft; -#endif - ippool_dst_t *d = group; - ipf_dstnode_t *node; - frdest_t *fdp; - - READ_ENTER(&softc->ipf_poolrw); - - node = ipf_dstlist_select(fin, d); - if (node == NULL) { - RWLOCK_EXIT(&softc->ipf_poolrw); - return -1; - } - - if (pfdp != NULL) { - bcopy(&node->ipfd_dest, pfdp, sizeof(*pfdp)); - } else { - if (fin->fin_family == AF_INET) { - addr[0] = node->ipfd_dest.fd_addr.adf_addr.i6[0]; - } else if (fin->fin_family == AF_INET6) { - addr[0] = node->ipfd_dest.fd_addr.adf_addr.i6[0]; - addr[1] = node->ipfd_dest.fd_addr.adf_addr.i6[1]; - addr[2] = node->ipfd_dest.fd_addr.adf_addr.i6[2]; - addr[3] = node->ipfd_dest.fd_addr.adf_addr.i6[3]; - } - } - - fdp = &node->ipfd_dest; - if (fdp->fd_ptr == NULL) - fdp->fd_ptr = fin->fin_ifp; - - MUTEX_ENTER(&node->ipfd_lock); - node->ipfd_states++; - MUTEX_EXIT(&node->ipfd_lock); - - RWLOCK_EXIT(&softc->ipf_poolrw); - - return 0; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_expire */ -/* Returns: Nil */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* */ -/* There are currently no objects to expire in destination lists. */ -/* ------------------------------------------------------------------------ */ -static void -ipf_dstlist_expire(softc, arg) - ipf_main_softc_t *softc; - void *arg; -{ - return; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_dstlist_sync */ -/* Returns: Nil */ -/* Parameters: softc(I) - pointer to soft context main structure */ -/* arg(I) - pointer to local context to use */ -/* */ -/* When a network interface appears or disappears, we need to revalidate */ -/* all of the network interface names that have been configured as a target */ -/* in a destination list. */ -/* ------------------------------------------------------------------------ */ -void -ipf_dstlist_sync(softc, arg) - ipf_main_softc_t *softc; - void *arg; -{ - ipf_dstl_softc_t *softd = arg; - ipf_dstnode_t *node; - ippool_dst_t *list; - int i; - int j; - - for (i = 0; i < IPL_LOGMAX; i++) { - for (list = softd->dstlist[i]; list != NULL; - list = list->ipld_next) { - for (j = 0; j < list->ipld_maxnodes; j++) { - node = list->ipld_dests[j]; - if (node == NULL) - continue; - if (node->ipfd_dest.fd_name == -1) - continue; - (void) ipf_resolvedest(softc, - node->ipfd_names, - &node->ipfd_dest, - AF_INET); - } - } - } -} diff --git a/contrib/ipfilter/ip_dstlist.h b/contrib/ipfilter/ip_dstlist.h deleted file mode 100644 index e2885e5c47ad..000000000000 --- a/contrib/ipfilter/ip_dstlist.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (C) 2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ip_dstlist.h,v 1.5.2.6 2012/07/22 08:04:23 darren_r Exp $ - */ - -#ifndef __IP_DSTLIST_H__ -#define __IP_DSTLIST_H__ - -typedef struct ipf_dstnode { - struct ipf_dstnode *ipfd_next; - struct ipf_dstnode **ipfd_pnext; - ipfmutex_t ipfd_lock; - frdest_t ipfd_dest; - u_long ipfd_syncat; - int ipfd_flags; - int ipfd_size; - int ipfd_states; - int ipfd_ref; - int ipfd_uid; - char ipfd_names[1]; -} ipf_dstnode_t; - -typedef enum ippool_policy_e { - IPLDP_NONE = 0, - IPLDP_ROUNDROBIN, - IPLDP_CONNECTION, - IPLDP_RANDOM, - IPLDP_HASHED, - IPLDP_SRCHASH, - IPLDP_DSTHASH -} ippool_policy_t; - -typedef struct ippool_dst { - struct ippool_dst *ipld_next; - struct ippool_dst **ipld_pnext; - ipfmutex_t ipld_lock; - int ipld_seed; - int ipld_unit; - int ipld_ref; - int ipld_flags; - int ipld_nodes; - int ipld_maxnodes; - ippool_policy_t ipld_policy; - ipf_dstnode_t **ipld_dests; - ipf_dstnode_t *ipld_selected; - char ipld_name[FR_GROUPLEN]; -} ippool_dst_t; - -#define IPDST_DELETE 0x01 - -typedef struct dstlist_stat_s { - void *ipls_list[LOOKUP_POOL_SZ]; - int ipls_numlists; - u_long ipls_nomem; - int ipls_numnodes; - int ipls_numdereflists; - int ipls_numderefnodes; -} ipf_dstl_stat_t; - -extern ipf_lookup_t ipf_dstlist_backend; - -extern int ipf_dstlist_select_node __P((fr_info_t *, void *, u_32_t *, - frdest_t *)); - -#endif /* __IP_DSTLIST_H__ */ diff --git a/contrib/ipfilter/ip_fil.c b/contrib/ipfilter/ip_fil.c deleted file mode 100644 index 03e40935882b..000000000000 --- a/contrib/ipfilter/ip_fil.c +++ /dev/null @@ -1,884 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Copyright (C) 2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id$ - */ -#if !defined(lint) -static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id$"; -#endif - -#include "ipf.h" -#include "md5.h" -#include "ipt.h" - -ipf_main_softc_t ipfmain; - -static struct ifnet **ifneta = NULL; -static int nifs = 0; - -struct rtentry; - -static void ipf_setifpaddr __P((struct ifnet *, char *)); -void init_ifp __P((void)); -#if defined(__sgi) && (IRIX < 60500) -static int no_output __P((struct ifnet *, struct mbuf *, - struct sockaddr *)); -static int write_output __P((struct ifnet *, struct mbuf *, - struct sockaddr *)); -#else -# if TRU64 >= 1885 -static int no_output __P((struct ifnet *, struct mbuf *, - struct sockaddr *, struct rtentry *, char *)); -static int write_output __P((struct ifnet *, struct mbuf *, - struct sockaddr *, struct rtentry *, char *)); -# else -static int no_output __P((struct ifnet *, struct mbuf *, - struct sockaddr *, struct rtentry *)); -static int write_output __P((struct ifnet *, struct mbuf *, - struct sockaddr *, struct rtentry *)); -# endif -#endif - -struct ifaddr { - struct sockaddr_storage ifa_addr; -}; - -int -ipfattach(softc) - ipf_main_softc_t *softc; -{ - return 0; -} - - -int -ipfdetach(softc) - ipf_main_softc_t *softc; -{ - return 0; -} - - -/* - * Filter ioctl interface. - */ -int -ipfioctl(softc, dev, cmd, data, mode) - ipf_main_softc_t *softc; - int dev; - ioctlcmd_t cmd; - caddr_t data; - int mode; -{ - int error = 0, unit = 0, uid; - - uid = getuid(); - unit = dev; - - SPL_NET(s); - - error = ipf_ioctlswitch(softc, unit, data, cmd, mode, uid, NULL); - if (error != -1) { - SPL_X(s); - return error; - } - SPL_X(s); - return error; -} - - -void -ipf_forgetifp(softc, ifp) - ipf_main_softc_t *softc; - void *ifp; -{ - register frentry_t *f; - - WRITE_ENTER(&softc->ipf_mutex); - for (f = softc->ipf_acct[0][softc->ipf_active]; (f != NULL); - f = f->fr_next) - if (f->fr_ifa == ifp) - f->fr_ifa = (void *)-1; - for (f = softc->ipf_acct[1][softc->ipf_active]; (f != NULL); - f = f->fr_next) - if (f->fr_ifa == ifp) - f->fr_ifa = (void *)-1; - for (f = softc->ipf_rules[0][softc->ipf_active]; (f != NULL); - f = f->fr_next) - if (f->fr_ifa == ifp) - f->fr_ifa = (void *)-1; - for (f = softc->ipf_rules[1][softc->ipf_active]; (f != NULL); - f = f->fr_next) - if (f->fr_ifa == ifp) - f->fr_ifa = (void *)-1; - RWLOCK_EXIT(&softc->ipf_mutex); - ipf_nat_sync(softc, ifp); - ipf_lookup_sync(softc, ifp); -} - - -static int -#if defined(__sgi) && (IRIX < 60500) -no_output(ifp, m, s) -#else -# if TRU64 >= 1885 -no_output (ifp, m, s, rt, cp) - char *cp; -# else -no_output(ifp, m, s, rt) -# endif - struct rtentry *rt; -#endif - struct ifnet *ifp; - struct mbuf *m; - struct sockaddr *s; -{ - return 0; -} - - -static int -#if defined(__sgi) && (IRIX < 60500) -write_output(ifp, m, s) -#else -# if TRU64 >= 1885 -write_output (ifp, m, s, rt, cp) - char *cp; -# else -write_output(ifp, m, s, rt) -# endif - struct rtentry *rt; -#endif - struct ifnet *ifp; - struct mbuf *m; - struct sockaddr *s; -{ - char fname[32]; - mb_t *mb; - ip_t *ip; - int fd; - - mb = (mb_t *)m; - ip = MTOD(mb, ip_t *); - -#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \ - (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \ - (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) - sprintf(fname, "/tmp/%s", ifp->if_xname); -#else - sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit); -#endif - fd = open(fname, O_WRONLY|O_APPEND); - if (fd == -1) { - perror("open"); - return -1; - } - write(fd, (char *)ip, ntohs(ip->ip_len)); - close(fd); - return 0; -} - - -static void -ipf_setifpaddr(ifp, addr) - struct ifnet *ifp; - char *addr; -{ -#ifdef __sgi - struct in_ifaddr *ifa; -#else - struct ifaddr *ifa; -#endif - -#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) - if (ifp->if_addrlist.tqh_first != NULL) -#else -# ifdef __sgi - if (ifp->in_ifaddr != NULL) -# else - if (ifp->if_addrlist != NULL) -# endif -#endif - return; - - ifa = (struct ifaddr *)malloc(sizeof(*ifa)); -#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) - ifp->if_addrlist.tqh_first = ifa; -#else -# ifdef __sgi - ifp->in_ifaddr = ifa; -# else - ifp->if_addrlist = ifa; -# endif -#endif - - if (ifa != NULL) { - struct sockaddr_in *sin; - -#ifdef __sgi - sin = (struct sockaddr_in *)&ifa->ia_addr; -#else - sin = (struct sockaddr_in *)&ifa->ifa_addr; -#endif -#ifdef USE_INET6 - if (index(addr, ':') != NULL) { - struct sockaddr_in6 *sin6; - - sin6 = (struct sockaddr_in6 *)&ifa->ifa_addr; - sin6->sin6_family = AF_INET6; - /* Abort if bad address. */ - switch (inet_pton(AF_INET6, addr, &sin6->sin6_addr)) - { - case 1: - break; - case -1: - perror("inet_pton"); - abort(); - break; - default: - abort(); - break; - } - } else -#endif - { - sin->sin_family = AF_INET; - sin->sin_addr.s_addr = inet_addr(addr); - if (sin->sin_addr.s_addr == 0) - abort(); - } - } -} - -struct ifnet * -get_unit(name, family) - char *name; - int family; -{ - struct ifnet *ifp, **ifpp, **old_ifneta; - char *addr; -#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \ - (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \ - (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) - - if (!*name) - return NULL; - - if (name == NULL) - name = "anon0"; - - addr = strchr(name, '='); - if (addr != NULL) - *addr++ = '\0'; - - for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) { - if (!strcmp(name, ifp->if_xname)) { - if (addr != NULL) - ipf_setifpaddr(ifp, addr); - return ifp; - } - } -#else - char *s, ifname[LIFNAMSIZ+1]; - - if (name == NULL) - name = "anon0"; - - addr = strchr(name, '='); - if (addr != NULL) - *addr++ = '\0'; - - for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) { - COPYIFNAME(family, ifp, ifname); - if (!strcmp(name, ifname)) { - if (addr != NULL) - ipf_setifpaddr(ifp, addr); - return ifp; - } - } -#endif - - if (!ifneta) { - ifneta = (struct ifnet **)malloc(sizeof(ifp) * 2); - if (!ifneta) - return NULL; - ifneta[1] = NULL; - ifneta[0] = (struct ifnet *)calloc(1, sizeof(*ifp)); - if (!ifneta[0]) { - free(ifneta); - return NULL; - } - nifs = 1; - } else { - old_ifneta = ifneta; - nifs++; - ifneta = (struct ifnet **)realloc(ifneta, - (nifs + 1) * sizeof(ifp)); - if (!ifneta) { - free(old_ifneta); - nifs = 0; - return NULL; - } - ifneta[nifs] = NULL; - ifneta[nifs - 1] = (struct ifnet *)malloc(sizeof(*ifp)); - if (!ifneta[nifs - 1]) { - nifs--; - return NULL; - } - } - ifp = ifneta[nifs - 1]; - -#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) - TAILQ_INIT(&ifp->if_addrlist); -#endif -#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \ - (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \ - (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) - (void) strncpy(ifp->if_xname, name, sizeof(ifp->if_xname)); -#else - s = name + strlen(name) - 1; - for (; s > name; s--) { - if (!ISDIGIT(*s)) { - s++; - break; - } - } - - if ((s > name) && (*s != 0) && ISDIGIT(*s)) { - ifp->if_unit = atoi(s); - ifp->if_name = (char *)malloc(s - name + 1); - (void) strncpy(ifp->if_name, name, s - name); - ifp->if_name[s - name] = '\0'; - } else { - ifp->if_name = strdup(name); - ifp->if_unit = -1; - } -#endif - ifp->if_output = (void *)no_output; - - if (addr != NULL) { - ipf_setifpaddr(ifp, addr); - } - - return ifp; -} - - -char * -get_ifname(ifp) - struct ifnet *ifp; -{ - static char ifname[LIFNAMSIZ]; - -#if defined(__OpenBSD__) || defined(__NetBSD__) || defined(linux) || \ - (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) - sprintf(ifname, "%s", ifp->if_xname); -#else - if (ifp->if_unit != -1) - sprintf(ifname, "%s%d", ifp->if_name, ifp->if_unit); - else - strcpy(ifname, ifp->if_name); -#endif - return ifname; -} - - - -void -init_ifp() -{ - struct ifnet *ifp, **ifpp; - char fname[32]; - int fd; - -#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \ - (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \ - (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) - for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) { - ifp->if_output = (void *)write_output; - sprintf(fname, "/tmp/%s", ifp->if_xname); - fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600); - if (fd == -1) - perror("open"); - else - close(fd); - } -#else - - for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) { - ifp->if_output = (void *)write_output; - sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit); - fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600); - if (fd == -1) - perror("open"); - else - close(fd); - } -#endif -} - - -int -ipf_fastroute(m, mpp, fin, fdp) - mb_t *m, **mpp; - fr_info_t *fin; - frdest_t *fdp; -{ - struct ifnet *ifp; - ip_t *ip = fin->fin_ip; - frdest_t node; - int error = 0; - frentry_t *fr; - void *sifp; - int sout; - - sifp = fin->fin_ifp; - sout = fin->fin_out; - fr = fin->fin_fr; - ip->ip_sum = 0; - - if (!(fr->fr_flags & FR_KEEPSTATE) && (fdp != NULL) && - (fdp->fd_type == FRD_DSTLIST)) { - bzero(&node, sizeof(node)); - ipf_dstlist_select_node(fin, fdp->fd_ptr, NULL, &node); - fdp = &node; - } - ifp = fdp->fd_ptr; - - if (ifp == NULL) - return 0; /* no routing table out here */ - - if (fin->fin_out == 0) { - fin->fin_ifp = ifp; - fin->fin_out = 1; - (void) ipf_acctpkt(fin, NULL); - fin->fin_fr = NULL; - if (!fr || !(fr->fr_flags & FR_RETMASK)) { - u_32_t pass; - - (void) ipf_state_check(fin, &pass); - } - - switch (ipf_nat_checkout(fin, NULL)) - { - case 0 : - break; - case 1 : - ip->ip_sum = 0; - break; - case -1 : - error = -1; - goto done; - break; - } - - } - - m->mb_ifp = ifp; - printpacket(fin->fin_out, m); - -#if defined(__sgi) && (IRIX < 60500) - (*ifp->if_output)(ifp, (void *)ip, NULL); -# if TRU64 >= 1885 - (*ifp->if_output)(ifp, (void *)m, NULL, 0, 0); -# else - (*ifp->if_output)(ifp, (void *)m, NULL, 0); -# endif -#endif -done: - fin->fin_ifp = sifp; - fin->fin_out = sout; - return error; -} - - -int -ipf_send_reset(fin) - fr_info_t *fin; -{ - ipfkverbose("- TCP RST sent\n"); - return 0; -} - - -int -ipf_send_icmp_err(type, fin, dst) - int type; - fr_info_t *fin; - int dst; -{ - ipfkverbose("- ICMP unreachable sent\n"); - return 0; -} - - -void -m_freem(m) - mb_t *m; -{ - return; -} - - -void -m_copydata(m, off, len, cp) - mb_t *m; - int off, len; - caddr_t cp; -{ - bcopy((char *)m + off, cp, len); -} - - -int -ipfuiomove(buf, len, rwflag, uio) - caddr_t buf; - int len, rwflag; - struct uio *uio; -{ - int left, ioc, num, offset; - struct iovec *io; - char *start; - - if (rwflag == UIO_READ) { - left = len; - ioc = 0; - - offset = uio->uio_offset; - - while ((left > 0) && (ioc < uio->uio_iovcnt)) { - io = uio->uio_iov + ioc; - num = io->iov_len; - if (num > left) - num = left; - start = (char *)io->iov_base + offset; - if (start > (char *)io->iov_base + io->iov_len) { - offset -= io->iov_len; - ioc++; - continue; - } - bcopy(buf, start, num); - uio->uio_resid -= num; - uio->uio_offset += num; - left -= num; - if (left > 0) - ioc++; - } - if (left > 0) - return EFAULT; - } - return 0; -} - - -u_32_t -ipf_newisn(fin) - fr_info_t *fin; -{ - static int iss_seq_off = 0; - u_char hash[16]; - u_32_t newiss; - MD5_CTX ctx; - - /* - * Compute the base value of the ISS. It is a hash - * of (saddr, sport, daddr, dport, secret). - */ - MD5Init(&ctx); - - MD5Update(&ctx, (u_char *) &fin->fin_fi.fi_src, - sizeof(fin->fin_fi.fi_src)); - MD5Update(&ctx, (u_char *) &fin->fin_fi.fi_dst, - sizeof(fin->fin_fi.fi_dst)); - MD5Update(&ctx, (u_char *) &fin->fin_dat, sizeof(fin->fin_dat)); - - /* MD5Update(&ctx, ipf_iss_secret, sizeof(ipf_iss_secret)); */ - - MD5Final(hash, &ctx); - - memcpy(&newiss, hash, sizeof(newiss)); - - /* - * Now increment our "timer", and add it in to - * the computed value. - * - * XXX Use `addin'? - * XXX TCP_ISSINCR too large to use? - */ - iss_seq_off += 0x00010000; - newiss += iss_seq_off; - return newiss; -} - - -/* ------------------------------------------------------------------------ */ -/* Function: ipf_nextipid */ -/* Returns: int - 0 == success, -1 == error (packet should be droppped) */ -/* Parameters: fin(I) - pointer to packet information */ -/* */ -/* Returns the next IPv4 ID to use for this packet. */ -/* ------------------------------------------------------------------------ */ -INLINE u_short -ipf_nextipid(fin) - fr_info_t *fin; -{ - static u_short ipid = 0; - ipf_main_softc_t *softc = fin->fin_main_soft; - u_short id; - - MUTEX_ENTER(&softc->ipf_rw); - if (fin->fin_pktnum != 0) { - /* - * The -1 is for aligned test results. - */ - id = (fin->fin_pktnum - 1) & 0xffff; - } else { - } - id = ipid++; - MUTEX_EXIT(&softc->ipf_rw); - - return id; -} - - -INLINE int -ipf_checkv4sum(fin) - fr_info_t *fin; -{ - - if (fin->fin_flx & FI_SHORT) - return 1; - - if (ipf_checkl4sum(fin) == -1) { - fin->fin_flx |= FI_BAD; - return -1; - } - return 0; -} - - -#ifdef USE_INET6 -INLINE int -ipf_checkv6sum(fin) - fr_info_t *fin; -{ - if (fin->fin_flx & FI_SHORT) - return 1; - - if (ipf_checkl4sum(fin) == -1) { - fin->fin_flx |= FI_BAD; - return -1; - } - return 0; -} -#endif - - -#if 0 -/* - * See above for description, except that all addressing is in user space. - */ -int -copyoutptr(softc, src, dst, size) - void *src, *dst; - size_t size; -{ - caddr_t ca; - - bcopy(dst, (char *)&ca, sizeof(ca)); - bcopy(src, ca, size); - return 0; -} - - -/* - * See above for description, except that all addressing is in user space. - */ -int -copyinptr(src, dst, size) - void *src, *dst; - size_t size; -{ - caddr_t ca; - - bcopy(src, (char *)&ca, sizeof(ca)); - bcopy(ca, dst, size); - return 0; -} -#endif - - -/* - * return the first IP Address associated with an interface - */ -int -ipf_ifpaddr(softc, v, atype, ifptr, inp, inpmask) - ipf_main_softc_t *softc; - int v, atype; - void *ifptr; - i6addr_t *inp, *inpmask; -{ - struct ifnet *ifp = ifptr; -#ifdef __sgi - struct in_ifaddr *ifa; -#else - struct ifaddr *ifa; -#endif - -#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) - ifa = ifp->if_addrlist.tqh_first; -#else -# ifdef __sgi - ifa = (struct in_ifaddr *)ifp->in_ifaddr; -# else - ifa = ifp->if_addrlist; -# endif -#endif - if (ifa != NULL) { - if (v == 4) { - struct sockaddr_in *sin, mask; - - mask.sin_addr.s_addr = 0xffffffff; - -#ifdef __sgi - sin = (struct sockaddr_in *)&ifa->ia_addr; -#else - sin = (struct sockaddr_in *)&ifa->ifa_addr; -#endif - - return ipf_ifpfillv4addr(atype, sin, &mask, - &inp->in4, &inpmask->in4); - } -#ifdef USE_INET6 - if (v == 6) { - struct sockaddr_in6 *sin6, mask; - - sin6 = (struct sockaddr_in6 *)&ifa->ifa_addr; - ((i6addr_t *)&mask.sin6_addr)->i6[0] = 0xffffffff; - ((i6addr_t *)&mask.sin6_addr)->i6[1] = 0xffffffff; - ((i6addr_t *)&mask.sin6_addr)->i6[2] = 0xffffffff; - ((i6addr_t *)&mask.sin6_addr)->i6[3] = 0xffffffff; - return ipf_ifpfillv6addr(atype, sin6, &mask, - inp, inpmask); - } -#endif - } - return 0; -} - - -/* - * This function is not meant to be random, rather just produce a - * sequence of numbers that isn't linear to show "randomness". - */ -u_32_t -ipf_random() -{ - static unsigned int last = 0xa5a5a5a5; - static int calls = 0; - int number; - - calls++; - - /* - * These are deliberately chosen to ensure that there is some - * attempt to test whether the output covers the range in test n18. - */ - switch (calls) - { - case 1 : - number = 0; - break; - case 2 : - number = 4; - break; - case 3 : - number = 3999; - break; - case 4 : - number = 4000; - break; - case 5 : - number = 48999; - break; - case 6 : - number = 49000; - break; - default : - number = last; - last *= calls; - last++; - number ^= last; - break; - } - return number; -} - - -int -ipf_verifysrc(fin) - fr_info_t *fin; -{ - return 1; -} - - -int -ipf_inject(fin, m) - fr_info_t *fin; - mb_t *m; -{ - FREE_MB_T(m); - - return 0; -} - - -u_int -ipf_pcksum(fin, hlen, sum) - fr_info_t *fin; - int hlen; - u_int sum; -{ - u_short *sp; - u_int sum2; - int slen; - - slen = fin->fin_plen - hlen; - sp = (u_short *)((u_char *)fin->fin_ip + hlen); - - for (; slen > 1; slen -= 2) - sum += *sp++; - if (slen) - sum += ntohs(*(u_char *)sp << 8); - while (sum > 0xffff) - sum = (sum & 0xffff) + (sum >> 16); - sum2 = (u_short)(~sum & 0xffff); - - return sum2; -} - - -void * -ipf_pullup(m, fin, plen) - mb_t *m; - fr_info_t *fin; - int plen; -{ - if (M_LEN(m) >= plen) - return fin->fin_ip; - - /* - * Fake ipf_pullup failing - */ - fin->fin_reason = FRB_PULLUP; - *fin->fin_mp = NULL; - fin->fin_m = NULL; - fin->fin_ip = NULL; - return NULL; -} diff --git a/contrib/ipfilter/ip_fil_compat.c b/contrib/ipfilter/ip_fil_compat.c deleted file mode 100644 index d0b356f76904..000000000000 --- a/contrib/ipfilter/ip_fil_compat.c +++ /dev/null @@ -1,4854 +0,0 @@ -/* - * Copyright (C) 2002-2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if defined(KERNEL) || defined(_KERNEL) -# undef KERNEL -# undef _KERNEL -# define KERNEL 1 -# define _KERNEL 1 -#endif -#if defined(__osf__) -# define _PROTO_NET_H_ -#endif -#include -#include -#include -#include -#include -#if __FreeBSD_version >= 220000 && defined(_KERNEL) -# include -# include -#else -# include -#endif -#if !defined(_KERNEL) -# include -# define _KERNEL -# ifdef __OpenBSD__ -struct file; -# endif -# include -# undef _KERNEL -#endif -#include -#if (defined(__osf__) || defined(AIX) || defined(__hpux) || defined(__sgi)) && defined(_KERNEL) -# include "radix_ipf_local.h" -# define _RADIX_H_ -#endif -#include -#if defined(__FreeBSD__) -# include -# include -#endif -#if defined(_KERNEL) -# include -# if !defined(__SVR4) && !defined(__svr4__) -# include -# endif -#endif -#include - -#include "netinet/ip_compat.h" -#include "netinet/ip_fil.h" -#include "netinet/ip_pool.h" -#include "netinet/ip_htable.h" -#include "netinet/ip_lookup.h" -#include "netinet/ip_nat.h" -#include "netinet/ip_state.h" -#include "netinet/ip_proxy.h" -#include "netinet/ip_auth.h" -/* END OF INCLUDES */ - -/* - * NetBSD has moved to 64bit time_t for all architectures. - * For some, such as sparc64, there is no change because long is already - * 64bit, but for others (i386), there is... - */ -#ifdef IPFILTER_COMPAT - -# ifdef __NetBSD__ -typedef struct timeval_l { - long tv_sec; - long tv_usec; -} timeval_l_t; -# endif - -/* ------------------------------------------------------------------------ */ - -typedef struct tcpinfo4 { - u_short ts_sport; - u_short ts_dport; - tcpdata_t ts_data[2]; -} tcpinfo4_t; - -static void ipf_v5tcpinfoto4 __P((tcpinfo_t *, tcpinfo4_t *)); - -static void -ipf_v5tcpinfoto4(v5, v4) - tcpinfo_t *v5; - tcpinfo4_t *v4; -{ - v4->ts_sport = v5->ts_sport; - v4->ts_dport = v5->ts_dport; - v4->ts_data[0] = v5->ts_data[0]; - v4->ts_data[1] = v5->ts_data[1]; -} - -typedef struct fr_ip4 { - u_32_t fi_v:4; - u_32_t fi_xx:4; - u_32_t fi_tos:8; - u_32_t fi_ttl:8; - u_32_t fi_p:8; - u_32_t fi_optmsk; - i6addr_t fi_src; - i6addr_t fi_dst; - u_short ofi_secmsk; - u_short ofi_auth; - u_32_t fi_flx; - u_32_t fi_tcpmsk; - u_32_t fi_res1; -} frip4_t; - -typedef struct frpcmp4 { - int frp_cmp; - u_short frp_port; - u_short frp_top; -} frpcmp4_t; - -typedef struct frtuc4 { - u_char ftu_tcpfm; - u_char ftu_tcpf; - frpcmp4_t ftu_src; - frpcmp4_t ftu_dst; -} frtuc4_t; - -typedef struct fripf4 { - frip4_t fri_ip; - frip4_t fri_mip; - - u_short fri_icmpm; - u_short fri_icmp; - - frtuc4_t fri_tuc; - int fri_satype; - int fri_datype; - int fri_sifpidx; - int fri_difpidx; -} fripf4_t; - -typedef struct frdest_4 { - void *fd_ifp; - i6addr_t ofd_ip6; - char fd_ifname[LIFNAMSIZ]; -} frdest_4_t; - -/* ------------------------------------------------------------------------ */ - -/* 5.1.0 new release (current) - * 4.1.34 changed the size of the time structure used for pps - * 4.1.16 moved the location of fr_flineno - * 4.1.0 base version - */ -typedef struct frentry_4_1_34 { - ipfmutex_t fr_lock; - struct frentry *fr_next; - struct frentry **fr_grp; - struct ipscan *fr_isc; - void *fr_ifas[4]; - void *fr_ptr; /* for use with fr_arg */ - char *fr_comment; /* text comment for rule */ - int fr_ref; /* reference count - for grouping */ - int fr_statecnt; /* state count - for limit rules */ - int fr_flineno; /* line number from conf file */ - U_QUAD_T fr_hits; - U_QUAD_T fr_bytes; - union { - struct timeval frp_lastpkt; - char frp_bytes[12]; - } fr_lpu; - int fr_curpps; - union { - void *fru_data; - char *fru_caddr; - fripf4_t *fru_ipf; - frentfunc_t fru_func; - } fr_dun; - ipfunc_t fr_func; /* call this function */ - int fr_dsize; - int fr_pps; - int fr_statemax; /* max reference count */ - u_32_t fr_type; - u_32_t fr_flags; /* per-rule flags && options (see below) */ - u_32_t fr_logtag; /* user defined log tag # */ - u_32_t fr_collect; /* collection number */ - u_int fr_arg; /* misc. numeric arg for rule */ - u_int fr_loglevel; /* syslog log facility + priority */ - u_int fr_age[2]; /* non-TCP timeouts */ - u_char fr_v; - u_char fr_icode; /* return ICMP code */ - char fr_group[FR_GROUPLEN]; /* group to which this rule belongs */ - char fr_grhead[FR_GROUPLEN]; /* group # which this rule starts */ - ipftag_t fr_nattag; - char fr_ifnames[4][LIFNAMSIZ]; - char fr_isctag[16]; - frdest_4_t fr_tifs[2]; /* "to"/"reply-to" interface */ - frdest_4_t fr_dif; /* duplicate packet interface */ - u_int fr_cksum; /* checksum on filter rules for performance */ -} frentry_4_1_34_t; - -typedef struct frentry_4_1_16 { - ipfmutex_t fr_lock; - struct frentry *fr_next; - struct frentry **fr_grp; - struct ipscan *fr_isc; - void *fr_ifas[4]; - void *fr_ptr; - char *fr_comment; - int fr_ref; - int fr_statecnt; - int fr_flineno; - U_QUAD_T fr_hits; - U_QUAD_T fr_bytes; - union { -#ifdef __NetBSD__ - timeval_l_t frp_lastpkt; -#else - struct timeval frp_lastpkt; -#endif - } fr_lpu; - int fr_curpps; - union { - void *fru_data; - caddr_t fru_caddr; - fripf4_t *fru_ipf; - frentfunc_t fru_func; - } fr_dun; - ipfunc_t fr_func; - int fr_dsize; - int fr_pps; - int fr_statemax; - u_32_t fr_type; - u_32_t fr_flags; - u_32_t fr_logtag; - u_32_t fr_collect; - u_int fr_arg; - u_int fr_loglevel; - u_int fr_age[2]; - u_char fr_v; - u_char fr_icode; - char fr_group[FR_GROUPLEN]; - char fr_grhead[FR_GROUPLEN]; - ipftag_t fr_nattag; - char fr_ifnames[4][LIFNAMSIZ]; - char fr_isctag[16]; - frdest_4_t fr_tifs[2]; - frdest_4_t fr_dif; - u_int fr_cksum; -} frentry_4_1_16_t; - -typedef struct frentry_4_1_0 { - ipfmutex_t fr_lock; - struct frentry *fr_next; - struct frentry **fr_grp; - struct ipscan *fr_isc; - void *fr_ifas[4]; - void *fr_ptr; - char *fr_comment; - int fr_ref; - int fr_statecnt; - U_QUAD_T fr_hits; - U_QUAD_T fr_bytes; - union { -#ifdef __NetBSD__ - timeval_l_t frp_lastpkt; -#else - struct timeval frp_lastpkt; -#endif - } fr_lpu; - int fr_curpps; - - union { - void *fru_data; - caddr_t fru_caddr; - fripf4_t *fru_ipf; - frentfunc_t fru_func; - } fr_dun; - /* - * Fields after this may not change whilst in the kernel. - */ - ipfunc_t fr_func; - int fr_dsize; - int fr_pps; - int fr_statemax; - int fr_flineno; - u_32_t fr_type; - u_32_t fr_flags; - u_32_t fr_logtag; - u_32_t fr_collect; - u_int fr_arg; - u_int fr_loglevel; - u_int fr_age[2]; - u_char fr_v; - u_char fr_icode; - char fr_group[FR_GROUPLEN]; - char fr_grhead[FR_GROUPLEN]; - ipftag_t fr_nattag; - char fr_ifnames[4][LIFNAMSIZ]; - char fr_isctag[16]; - frdest_4_t fr_tifs[2]; - frdest_4_t fr_dif; - u_int fr_cksum; -} frentry_4_1_0_t; - -/* ------------------------------------------------------------------------ */ - -/* - * 5.1.0 new release (current) - * 4.1.32 removed both fin_state and fin_nat, added fin_pktnum - * 4.1.24 added fin_cksum - * 4.1.23 added fin_exthdr - * 4.1.11 added fin_ifname - * 4.1.4 added fin_hbuf - */ -typedef struct fr_info_4_1_32 { - void *fin_ifp; /* interface packet is `on' */ - frip4_t fin_fi; /* IP Packet summary */ - union { - u_short fid_16[2]; /* TCP/UDP ports, ICMP code/type */ - u_32_t fid_32; - } fin_dat; - int fin_out; /* in or out ? 1 == out, 0 == in */ - int fin_rev; /* state only: 1 = reverse */ - u_short fin_hlen; /* length of IP header in bytes */ - u_char ofin_tcpf; /* TCP header flags (SYN, ACK, etc) */ - u_char fin_icode; /* ICMP error to return */ - u_32_t fin_rule; /* rule # last matched */ - char fin_group[FR_GROUPLEN]; /* group number, -1 for none */ - struct frentry *fin_fr; /* last matching rule */ - void *fin_dp; /* start of data past IP header */ - int fin_dlen; /* length of data portion of packet */ - int fin_plen; - int fin_ipoff; /* # bytes from buffer start to hdr */ - u_short fin_id; /* IP packet id field */ - u_short fin_off; - int fin_depth; /* Group nesting depth */ - int fin_error; /* Error code to return */ - int fin_cksum; /* -1 bad, 1 good, 0 not done */ - u_int fin_pktnum; - void *fin_nattag; - void *fin_exthdr; - ip_t *ofin_ip; - mb_t **fin_mp; /* pointer to pointer to mbuf */ - mb_t *fin_m; /* pointer to mbuf */ -#ifdef MENTAT - mb_t *fin_qfm; /* pointer to mblk where pkt starts */ - void *fin_qpi; - char fin_ifname[LIFNAMSIZ]; -#endif -#ifdef __sgi - void *fin_hbuf; -#endif -} fr_info_4_1_32_t; - -typedef struct fr_info_4_1_24 { - void *fin_ifp; - frip4_t fin_fi; - union { - u_short fid_16[2]; - u_32_t fid_32; - } fin_dat; - int fin_out; - int fin_rev; - u_short fin_hlen; - u_char ofin_tcpf; - u_char fin_icode; - u_32_t fin_rule; - char fin_group[FR_GROUPLEN]; - struct frentry *fin_fr; - void *fin_dp; - int fin_dlen; - int fin_plen; - int fin_ipoff; - u_short fin_id; - u_short fin_off; - int fin_depth; - int fin_error; - int fin_cksum; - void *fin_state; - void *fin_nat; - void *fin_nattag; - void *fin_exthdr; - ip_t *ofin_ip; - mb_t **fin_mp; - mb_t *fin_m; -#ifdef MENTAT - mb_t *fin_qfm; - void *fin_qpi; - char fin_ifname[LIFNAMSIZ]; -#endif -#ifdef __sgi - void *fin_hbuf; -#endif -} fr_info_4_1_24_t; - -typedef struct fr_info_4_1_23 { - void *fin_ifp; - frip4_t fin_fi; - union { - u_short fid_16[2]; - u_32_t fid_32; - } fin_dat; - int fin_out; - int fin_rev; - u_short fin_hlen; - u_char ofin_tcpf; - u_char fin_icode; - u_32_t fin_rule; - char fin_group[FR_GROUPLEN]; - struct frentry *fin_fr; - void *fin_dp; - int fin_dlen; - int fin_plen; - int fin_ipoff; - u_short fin_id; - u_short fin_off; - int fin_depth; - int fin_error; - void *fin_state; - void *fin_nat; - void *fin_nattag; - void *fin_exthdr; - ip_t *ofin_ip; - mb_t **fin_mp; - mb_t *fin_m; -#ifdef MENTAT - mb_t *fin_qfm; - void *fin_qpi; - char fin_ifname[LIFNAMSIZ]; -#endif -#ifdef __sgi - void *fin_hbuf; -#endif -} fr_info_4_1_23_t; - -typedef struct fr_info_4_1_11 { - void *fin_ifp; - frip4_t fin_fi; - union { - u_short fid_16[2]; - u_32_t fid_32; - } fin_dat; - int fin_out; - int fin_rev; - u_short fin_hlen; - u_char ofin_tcpf; - u_char fin_icode; - u_32_t fin_rule; - char fin_group[FR_GROUPLEN]; - struct frentry *fin_fr; - void *fin_dp; - int fin_dlen; - int fin_plen; - int fin_ipoff; - u_short fin_id; - u_short fin_off; - int fin_depth; - int fin_error; - void *fin_state; - void *fin_nat; - void *fin_nattag; - ip_t *ofin_ip; - mb_t **fin_mp; - mb_t *fin_m; -#ifdef MENTAT - mb_t *fin_qfm; - void *fin_qpi; - char fin_ifname[LIFNAMSIZ]; -#endif -#ifdef __sgi - void *fin_hbuf; -#endif -} fr_info_4_1_11_t; - -/* ------------------------------------------------------------------------ */ - -typedef struct filterstats_4_1 { - u_long fr_pass; /* packets allowed */ - u_long fr_block; /* packets denied */ - u_long fr_nom; /* packets which don't match any rule */ - u_long fr_short; /* packets which are short */ - u_long fr_ppkl; /* packets allowed and logged */ - u_long fr_bpkl; /* packets denied and logged */ - u_long fr_npkl; /* packets unmatched and logged */ - u_long fr_pkl; /* packets logged */ - u_long fr_skip; /* packets to be logged but buffer full */ - u_long fr_ret; /* packets for which a return is sent */ - u_long fr_acct; /* packets for which counting was performed */ - u_long fr_bnfr; /* bad attempts to allocate fragment state */ - u_long fr_nfr; /* new fragment state kept */ - u_long fr_cfr; /* add new fragment state but complete pkt */ - u_long fr_bads; /* bad attempts to allocate packet state */ - u_long fr_ads; /* new packet state kept */ - u_long fr_chit; /* cached hit */ - u_long fr_tcpbad; /* TCP checksum check failures */ - u_long fr_pull[2]; /* good and bad pullup attempts */ - u_long fr_badsrc; /* source received doesn't match route */ - u_long fr_badttl; /* TTL in packet doesn't reach minimum */ - u_long fr_bad; /* bad IP packets to the filter */ - u_long fr_ipv6; /* IPv6 packets in/out */ - u_long fr_ppshit; /* dropped because of pps ceiling */ - u_long fr_ipud; /* IP id update failures */ -} filterstats_4_1_t; - -/* - * 5.1.0 new release (current) - * 4.1.33 changed the size of f_locks from IPL_LOGMAX to IPL_LOGSIZE - */ -typedef struct friostat_4_1_33 { - struct filterstats_4_1 of_st[2]; - struct frentry *f_ipf[2][2]; - struct frentry *f_acct[2][2]; - struct frentry *f_ipf6[2][2]; - struct frentry *f_acct6[2][2]; - struct frentry *f_auth; - struct frgroup *f_groups[IPL_LOGSIZE][2]; - u_long f_froute[2]; - u_long f_ticks; - int f_locks[IPL_LOGSIZE]; - size_t f_kmutex_sz; - size_t f_krwlock_sz; - int f_defpass; /* default pass - from fr_pass */ - int f_active; /* 1 or 0 - active rule set */ - int f_running; /* 1 if running, else 0 */ - int f_logging; /* 1 if enabled, else 0 */ - int f_features; - char f_version[32]; /* version string */ -} friostat_4_1_33_t; - -typedef struct friostat_4_1_0 { - struct filterstats_4_1 of_st[2]; - struct frentry *f_ipf[2][2]; - struct frentry *f_acct[2][2]; - struct frentry *f_ipf6[2][2]; - struct frentry *f_acct6[2][2]; - struct frentry *f_auth; - struct frgroup *f_groups[IPL_LOGSIZE][2]; - u_long f_froute[2]; - u_long f_ticks; - int f_locks[IPL_LOGMAX]; - size_t f_kmutex_sz; - size_t f_krwlock_sz; - int f_defpass; - int f_active; - int f_running; - int f_logging; - int f_features; - char f_version[32]; -} friostat_4_1_0_t; - -/* ------------------------------------------------------------------------ */ - -/* - * 5.1.0 new release (current) - * 4.1.14 added in_lock - */ -typedef struct ipnat_4_1_14 { - ipfmutex_t in_lock; - struct ipnat *in_next; /* NAT rule list next */ - struct ipnat *in_rnext; /* rdr rule hash next */ - struct ipnat **in_prnext; /* prior rdr next ptr */ - struct ipnat *in_mnext; /* map rule hash next */ - struct ipnat **in_pmnext; /* prior map next ptr */ - struct ipftq *in_tqehead[2]; - void *in_ifps[2]; - void *in_apr; - char *in_comment; - i6addr_t in_next6; - u_long in_space; - u_long in_hits; - u_int in_use; - u_int in_hv; - int in_flineno; /* conf. file line number */ - u_short in_pnext; - u_char in_v; - u_char in_xxx; - /* From here to the end is covered by IPN_CMPSIZ */ - u_32_t in_flags; - u_32_t in_mssclamp; /* if != 0 clamp MSS to this */ - u_int in_age[2]; - int in_redir; /* see below for values */ - int in_p; /* protocol. */ - i6addr_t in_in[2]; - i6addr_t in_out[2]; - i6addr_t in_src[2]; - frtuc4_t in_tuc; - u_short in_port[2]; - u_short in_ppip; /* ports per IP. */ - u_short in_ippip; /* IP #'s per IP# */ - char in_ifnames[2][LIFNAMSIZ]; - char in_plabel[APR_LABELLEN]; /* proxy label. */ - ipftag_t in_tag; -} ipnat_4_1_14_t; - -typedef struct ipnat_4_1_0 { - struct ipnat *in_next; - struct ipnat *in_rnext; - struct ipnat **in_prnext; - struct ipnat *in_mnext; - struct ipnat **in_pmnext; - struct ipftq *in_tqehead[2]; - void *in_ifps[2]; - void *in_apr; - char *in_comment; - i6addr_t in_next6; - u_long in_space; - u_long in_hits; - u_int in_use; - u_int in_hv; - int in_flineno; - u_short in_pnext; - u_char in_v; - u_char in_xxx; - u_32_t in_flags; - u_32_t in_mssclamp; - u_int in_age[2]; - int in_redir; - int in_p; - i6addr_t in_in[2]; - i6addr_t in_out[2]; - i6addr_t in_src[2]; - frtuc4_t in_tuc; - u_short in_port[2]; - u_short in_ppip; - u_short in_ippip; - char in_ifnames[2][LIFNAMSIZ]; - char in_plabel[APR_LABELLEN]; - ipftag_t in_tag; -} ipnat_4_1_0_t; - -/* ------------------------------------------------------------------------ */ - -typedef struct natlookup_4_1_1 { - struct in_addr onl_inip; - struct in_addr onl_outip; - struct in_addr onl_realip; - int nl_flags; - u_short nl_inport; - u_short nl_outport; - u_short nl_realport; -} natlookup_4_1_1_t; - -/* ------------------------------------------------------------------------ */ - -/* - * 4.1.25 added nat_seqnext (current) - * 4.1.14 added nat_redir - * 4.1.3 moved nat_rev - * 4.1.2 added nat_rev - */ -typedef struct nat_4_1_25 { - ipfmutex_t nat_lock; - struct nat_4_1_25 *nat_next; - struct nat_4_1_25 **nat_pnext; - struct nat_4_1_25 *nat_hnext[2]; - struct nat_4_1_25 **nat_phnext[2]; - struct hostmap *nat_hm; - void *nat_data; - struct nat_4_1_25 **nat_me; - struct ipstate *nat_state; - struct ap_session *nat_aps; - frentry_t *nat_fr; - struct ipnat_4_1_14 *nat_ptr; - void *nat_ifps[2]; - void *nat_sync; - ipftqent_t nat_tqe; - u_32_t nat_flags; - u_32_t nat_sumd[2]; - u_32_t nat_ipsumd; - u_32_t nat_mssclamp; - i6addr_t nat_inip6; - i6addr_t nat_outip6; - i6addr_t nat_oip6; - U_QUAD_T nat_pkts[2]; - U_QUAD_T nat_bytes[2]; - union { - udpinfo_t nat_unu; - tcpinfo4_t nat_unt; - icmpinfo_t nat_uni; - greinfo_t nat_ugre; - } nat_un; - u_short nat_oport; - u_short nat_use; - u_char nat_p; - int nat_dir; - int nat_ref; - int nat_hv[2]; - char nat_ifnames[2][LIFNAMSIZ]; - int nat_rev; - int nat_redir; - u_32_t nat_seqnext[2]; -} nat_4_1_25_t; - -typedef struct nat_4_1_14 { - ipfmutex_t nat_lock; - struct nat *nat_next; - struct nat **nat_pnext; - struct nat *nat_hnext[2]; - struct nat **nat_phnext[2]; - struct hostmap *nat_hm; - void *nat_data; - struct nat **nat_me; - struct ipstate *nat_state; - struct ap_session *nat_aps; - frentry_t *nat_fr; - struct ipnat *nat_ptr; - void *nat_ifps[2]; - void *nat_sync; - ipftqent_t nat_tqe; - u_32_t nat_flags; - u_32_t nat_sumd[2]; - u_32_t nat_ipsumd; - u_32_t nat_mssclamp; - i6addr_t nat_inip6; - i6addr_t nat_outip6; - i6addr_t nat_oip6; - U_QUAD_T nat_pkts[2]; - U_QUAD_T nat_bytes[2]; - union { - udpinfo_t nat_unu; - tcpinfo4_t nat_unt; - icmpinfo_t nat_uni; - greinfo_t nat_ugre; - } nat_un; - u_short nat_oport; - u_short nat_use; - u_char nat_p; - int nat_dir; - int nat_ref; - int nat_hv[2]; - char nat_ifnames[2][LIFNAMSIZ]; - int nat_rev; - int nat_redir; -} nat_4_1_14_t; - -typedef struct nat_4_1_3 { - ipfmutex_t nat_lock; - struct nat *nat_next; - struct nat **nat_pnext; - struct nat *nat_hnext[2]; - struct nat **nat_phnext[2]; - struct hostmap *nat_hm; - void *nat_data; - struct nat **nat_me; - struct ipstate *nat_state; - struct ap_session *nat_aps; - frentry_t *nat_fr; - struct ipnat *nat_ptr; - void *nat_ifps[2]; - void *nat_sync; - ipftqent_t nat_tqe; - u_32_t nat_flags; - u_32_t nat_sumd[2]; - u_32_t nat_ipsumd; - u_32_t nat_mssclamp; - i6addr_t nat_inip6; - i6addr_t nat_outip6; - i6addr_t nat_oip6; - U_QUAD_T nat_pkts[2]; - U_QUAD_T nat_bytes[2]; - union { - udpinfo_t nat_unu; - tcpinfo4_t nat_unt; - icmpinfo_t nat_uni; - greinfo_t nat_ugre; - } nat_un; - u_short nat_oport; - u_short nat_use; - u_char nat_p; - int nat_dir; - int nat_ref; - int nat_hv[2]; - char nat_ifnames[2][LIFNAMSIZ]; - int nat_rev; -} nat_4_1_3_t; - - - -typedef struct nat_save_4_1_34 { - void *ipn_next; - struct nat_4_1_25 ipn_nat; - struct ipnat_4_1_14 ipn_ipnat; - struct frentry_4_1_34 ipn_fr; - int ipn_dsize; - char ipn_data[4]; -} nat_save_4_1_34_t; - -typedef struct nat_save_4_1_16 { - void *ipn_next; - nat_4_1_14_t ipn_nat; - ipnat_t ipn_ipnat; - frentry_4_1_16_t ipn_fr; - int ipn_dsize; - char ipn_data[4]; -} nat_save_4_1_16_t; - -typedef struct nat_save_4_1_14 { - void *ipn_next; - nat_4_1_14_t ipn_nat; - ipnat_t ipn_ipnat; - frentry_4_1_0_t ipn_fr; - int ipn_dsize; - char ipn_data[4]; -} nat_save_4_1_14_t; - -typedef struct nat_save_4_1_3 { - void *ipn_next; - nat_4_1_3_t ipn_nat; - ipnat_4_1_0_t ipn_ipnat; - frentry_4_1_0_t ipn_fr; - int ipn_dsize; - char ipn_data[4]; -} nat_save_4_1_3_t; - -/* ------------------------------------------------------------------------ */ - -/* - * 5.1.0 new release (current) - * 4.1.32 added ns_uncreate - * 4.1.27 added ns_orphans - * 4.1.16 added ns_ticks - */ -typedef struct natstat_4_1_32 { - u_long ns_mapped[2]; - u_long ns_rules; - u_long ns_added; - u_long ns_expire; - u_long ns_inuse; - u_long ns_logged; - u_long ns_logfail; - u_long ns_memfail; - u_long ns_badnat; - u_long ns_addtrpnt; - nat_t **ns_table[2]; - hostmap_t **ns_maptable; - ipnat_t *ns_list; - void *ns_apslist; - u_int ns_wilds; - u_int ns_nattab_sz; - u_int ns_nattab_max; - u_int ns_rultab_sz; - u_int ns_rdrtab_sz; - u_int ns_trpntab_sz; - u_int ns_hostmap_sz; - nat_t *ns_instances; - hostmap_t *ns_maplist; - u_long *ns_bucketlen[2]; - u_long ns_ticks; - u_int ns_orphans; - u_long ns_uncreate[2][2]; -} natstat_4_1_32_t; - -typedef struct natstat_4_1_27 { - u_long ns_mapped[2]; - u_long ns_rules; - u_long ns_added; - u_long ns_expire; - u_long ns_inuse; - u_long ns_logged; - u_long ns_logfail; - u_long ns_memfail; - u_long ns_badnat; - u_long ns_addtrpnt; - nat_t **ns_table[2]; - hostmap_t **ns_maptable; - ipnat_t *ns_list; - void *ns_apslist; - u_int ns_wilds; - u_int ns_nattab_sz; - u_int ns_nattab_max; - u_int ns_rultab_sz; - u_int ns_rdrtab_sz; - u_int ns_trpntab_sz; - u_int ns_hostmap_sz; - nat_t *ns_instances; - hostmap_t *ns_maplist; - u_long *ns_bucketlen[2]; - u_long ns_ticks; - u_int ns_orphans; -} natstat_4_1_27_t; - -typedef struct natstat_4_1_16 { - u_long ns_mapped[2]; - u_long ns_rules; - u_long ns_added; - u_long ns_expire; - u_long ns_inuse; - u_long ns_logged; - u_long ns_logfail; - u_long ns_memfail; - u_long ns_badnat; - u_long ns_addtrpnt; - nat_t **ns_table[2]; - hostmap_t **ns_maptable; - ipnat_t *ns_list; - void *ns_apslist; - u_int ns_wilds; - u_int ns_nattab_sz; - u_int ns_nattab_max; - u_int ns_rultab_sz; - u_int ns_rdrtab_sz; - u_int ns_trpntab_sz; - u_int ns_hostmap_sz; - nat_t *ns_instances; - hostmap_t *ns_maplist; - u_long *ns_bucketlen[2]; - u_long ns_ticks; -} natstat_4_1_16_t; - -typedef struct natstat_4_1_0 { - u_long ns_mapped[2]; - u_long ns_rules; - u_long ns_added; - u_long ns_expire; - u_long ns_inuse; - u_long ns_logged; - u_long ns_logfail; - u_long ns_memfail; - u_long ns_badnat; - u_long ns_addtrpnt; - nat_t **ns_table[2]; - hostmap_t **ns_maptable; - ipnat_t *ns_list; - void *ns_apslist; - u_int ns_wilds; - u_int ns_nattab_sz; - u_int ns_nattab_max; - u_int ns_rultab_sz; - u_int ns_rdrtab_sz; - u_int ns_trpntab_sz; - u_int ns_hostmap_sz; - nat_t *ns_instances; - hostmap_t *ns_maplist; - u_long *ns_bucketlen[2]; -} natstat_4_1_0_t; - -/* ------------------------------------------------------------------------ */ - -/* - * 5.1.0 new release (current) - * 4.1.32 fra_info:removed both fin_state & fin_nat, added fin_pktnum - * 4.1.29 added fra_flx - * 4.1.24 fra_info:added fin_cksum - * 4.1.23 fra_info:added fin_exthdr - * 4.1.11 fra_info:added fin_ifname - * 4.1.4 fra_info:added fin_hbuf - */ - -typedef struct frauth_4_1_32 { - int fra_age; - int fra_len; - int fra_index; - u_32_t fra_pass; - fr_info_4_1_32_t fra_info; - char *fra_buf; - u_32_t fra_flx; -#ifdef MENTAT - queue_t *fra_q; - mb_t *fra_m; -#endif -} frauth_4_1_32_t; - -typedef struct frauth_4_1_29 { - int fra_age; - int fra_len; - int fra_index; - u_32_t fra_pass; - fr_info_4_1_24_t fra_info; - char *fra_buf; - u_32_t fra_flx; -#ifdef MENTAT - queue_t *fra_q; - mb_t *fra_m; -#endif -} frauth_4_1_29_t; - -typedef struct frauth_4_1_24 { - int fra_age; - int fra_len; - int fra_index; - u_32_t fra_pass; - fr_info_4_1_24_t fra_info; - char *fra_buf; -#ifdef MENTAT - queue_t *fra_q; - mb_t *fra_m; -#endif -} frauth_4_1_24_t; - -typedef struct frauth_4_1_23 { - int fra_age; - int fra_len; - int fra_index; - u_32_t fra_pass; - fr_info_4_1_23_t fra_info; - char *fra_buf; -#ifdef MENTAT - queue_t *fra_q; - mb_t *fra_m; -#endif -} frauth_4_1_23_t; - -typedef struct frauth_4_1_11 { - int fra_age; - int fra_len; - int fra_index; - u_32_t fra_pass; - fr_info_4_1_11_t fra_info; - char *fra_buf; -#ifdef MENTAT - queue_t *fra_q; - mb_t *fra_m; -#endif -} frauth_4_1_11_t; - -/* ------------------------------------------------------------------------ */ - -/* - * 5.1.0 new release (current) - * 4.1.16 removed is_nat - */ -typedef struct ipstate_4_1_16 { - ipfmutex_t is_lock; - struct ipstate *is_next; - struct ipstate **is_pnext; - struct ipstate *is_hnext; - struct ipstate **is_phnext; - struct ipstate **is_me; - void *is_ifp[4]; - void *is_sync; - frentry_t *is_rule; - struct ipftq *is_tqehead[2]; - struct ipscan *is_isc; - U_QUAD_T is_pkts[4]; - U_QUAD_T is_bytes[4]; - U_QUAD_T is_icmppkts[4]; - struct ipftqent is_sti; - u_int is_frage[2]; - int is_ref; /* reference count */ - int is_isninc[2]; - u_short is_sumd[2]; - i6addr_t is_src; - i6addr_t is_dst; - u_int is_pass; - u_char is_p; /* Protocol */ - u_char is_v; - u_32_t is_hv; - u_32_t is_tag; - u_32_t is_opt[2]; /* packet options set */ - u_32_t is_optmsk[2]; /* " " mask */ - u_short is_sec; /* security options set */ - u_short is_secmsk; /* " " mask */ - u_short is_auth; /* authentication options set */ - u_short is_authmsk; /* " " mask */ - union { - icmpinfo_t is_ics; - tcpinfo4_t is_ts; - udpinfo_t is_us; - greinfo_t is_ug; - } is_ps; - u_32_t is_flags; - int is_flx[2][2]; - u_32_t is_rulen; /* rule number when created */ - u_32_t is_s0[2]; - u_short is_smsk[2]; - char is_group[FR_GROUPLEN]; - char is_sbuf[2][16]; - char is_ifname[4][LIFNAMSIZ]; -} ipstate_4_1_16_t; - -typedef struct ipstate_4_1_0 { - ipfmutex_t is_lock; - struct ipstate *is_next; - struct ipstate **is_pnext; - struct ipstate *is_hnext; - struct ipstate **is_phnext; - struct ipstate **is_me; - void *is_ifp[4]; - void *is_sync; - void *is_nat[2]; - frentry_t *is_rule; - struct ipftq *is_tqehead[2]; - struct ipscan *is_isc; - U_QUAD_T is_pkts[4]; - U_QUAD_T is_bytes[4]; - U_QUAD_T is_icmppkts[4]; - struct ipftqent is_sti; - u_int is_frage[2]; - int is_ref; - int is_isninc[2]; - u_short is_sumd[2]; - i6addr_t is_src; - i6addr_t is_dst; - u_int is_pass; - u_char is_p; - u_char is_v; - u_32_t is_hv; - u_32_t is_tag; - u_32_t is_opt[2]; - u_32_t is_optmsk[2]; - u_short is_sec; - u_short is_secmsk; - u_short is_auth; - u_short is_authmsk; - union { - icmpinfo_t is_ics; - tcpinfo4_t is_ts; - udpinfo_t is_us; - greinfo_t is_ug; - } is_ps; - u_32_t is_flags; - int is_flx[2][2]; - u_32_t is_rulen; - u_32_t is_s0[2]; - u_short is_smsk[2]; - char is_group[FR_GROUPLEN]; - char is_sbuf[2][16]; - char is_ifname[4][LIFNAMSIZ]; -} ipstate_4_1_0_t; - -typedef struct ipstate_save_4_1_34 { - void *ips_next; - struct ipstate_4_1_16 ips_is; - struct frentry_4_1_34 ips_fr; -} ipstate_save_4_1_34_t; - -typedef struct ipstate_save_4_1_16 { - void *ips_next; - ipstate_4_1_0_t ips_is; - frentry_4_1_16_t ips_fr; -} ipstate_save_4_1_16_t; - -typedef struct ipstate_save_4_1_0 { - void *ips_next; - ipstate_4_1_0_t ips_is; - frentry_4_1_0_t ips_fr; -} ipstate_save_4_1_0_t; - -/* ------------------------------------------------------------------------ */ - -/* - * 5.1.0 new release (current) - * 4.1.21 added iss_tcptab - */ -typedef struct ips_stat_4_1_21 { - u_long iss_hits; - u_long iss_miss; - u_long iss_max; - u_long iss_maxref; - u_long iss_tcp; - u_long iss_udp; - u_long iss_icmp; - u_long iss_nomem; - u_long iss_expire; - u_long iss_fin; - u_long iss_active; - u_long iss_logged; - u_long iss_logfail; - u_long iss_inuse; - u_long iss_wild; - u_long iss_killed; - u_long iss_ticks; - u_long iss_bucketfull; - int iss_statesize; - int iss_statemax; - ipstate_t **iss_table; - ipstate_t *iss_list; - u_long *iss_bucketlen; - ipftq_t *iss_tcptab; -} ips_stat_4_1_21_t; - -typedef struct ips_stat_4_1_0 { - u_long iss_hits; - u_long iss_miss; - u_long iss_max; - u_long iss_maxref; - u_long iss_tcp; - u_long iss_udp; - u_long iss_icmp; - u_long iss_nomem; - u_long iss_expire; - u_long iss_fin; - u_long iss_active; - u_long iss_logged; - u_long iss_logfail; - u_long iss_inuse; - u_long iss_wild; - u_long iss_killed; - u_long iss_ticks; - u_long iss_bucketfull; - int iss_statesize; - int iss_statemax; - ipstate_t **iss_table; - ipstate_t *iss_list; - u_long *iss_bucketlen; -} ips_stat_4_1_0_t; - -/* ------------------------------------------------------------------------ */ - -typedef struct ipfrstat_4_1_1 { - u_long ifs_exists; /* add & already exists */ - u_long ifs_nomem; - u_long ifs_new; - u_long ifs_hits; - u_long ifs_expire; - u_long ifs_inuse; - u_long ifs_retrans0; - u_long ifs_short; - struct ipfr **ifs_table; - struct ipfr **ifs_nattab; -} ipfrstat_4_1_1_t; - -/* ------------------------------------------------------------------------ */ -static int ipf_addfrstr __P((char *, int, char *, int)); -static void ipf_v4iptov5 __P((frip4_t *, fr_ip_t *)); -static void ipf_v5iptov4 __P((fr_ip_t *, frip4_t *)); -static void ipfv4tuctov5 __P((frtuc4_t *, frtuc_t *)); -static void ipfv5tuctov4 __P((frtuc_t *, frtuc4_t *)); -static int ipf_v4fripftov5 __P((fripf4_t *, char *)); -static void ipf_v5fripftov4 __P((fripf_t *, fripf4_t *)); -static int fr_frflags4to5 __P((u_32_t)); -static int fr_frflags5to4 __P((u_32_t)); - -static void friostat_current_to_4_1_0 __P((void *, friostat_4_1_0_t *, int)); -static void friostat_current_to_4_1_33 __P((void *, friostat_4_1_33_t *, int)); -static void ipstate_current_to_4_1_0 __P((void *, ipstate_4_1_0_t *)); -static void ipstate_current_to_4_1_16 __P((void *, ipstate_4_1_16_t *)); -static void ipnat_current_to_4_1_0 __P((void *, ipnat_4_1_0_t *)); -static void ipnat_current_to_4_1_14 __P((void *, ipnat_4_1_14_t *)); -static void frauth_current_to_4_1_11 __P((void *, frauth_4_1_11_t *)); -static void frauth_current_to_4_1_23 __P((void *, frauth_4_1_23_t *)); -static void frauth_current_to_4_1_24 __P((void *, frauth_4_1_24_t *)); -static void frauth_current_to_4_1_29 __P((void *, frauth_4_1_29_t *)); -static void frentry_current_to_4_1_0 __P((void *, frentry_4_1_0_t *)); -static void frentry_current_to_4_1_16 __P((void *, frentry_4_1_16_t *)); -static void frentry_current_to_4_1_34 __P((void *, frentry_4_1_34_t *)); -static void fr_info_current_to_4_1_11 __P((void *, fr_info_4_1_11_t *)); -static void fr_info_current_to_4_1_23 __P((void *, fr_info_4_1_23_t *)); -static void fr_info_current_to_4_1_24 __P((void *, fr_info_4_1_24_t *)); -static void nat_save_current_to_4_1_3 __P((void *, nat_save_4_1_3_t *)); -static void nat_save_current_to_4_1_14 __P((void *, nat_save_4_1_14_t *)); -static void nat_save_current_to_4_1_16 __P((void *, nat_save_4_1_16_t *)); -static void ipstate_save_current_to_4_1_0 __P((void *, ipstate_save_4_1_0_t *)); -static void ipstate_save_current_to_4_1_16 __P((void *, ipstate_save_4_1_16_t *)); -static void ips_stat_current_to_4_1_0 __P((void *, ips_stat_4_1_0_t *)); -static void ips_stat_current_to_4_1_21 __P((void *, ips_stat_4_1_21_t *)); -static void natstat_current_to_4_1_0 __P((void *, natstat_4_1_0_t *)); -static void natstat_current_to_4_1_16 __P((void *, natstat_4_1_16_t *)); -static void natstat_current_to_4_1_27 __P((void *, natstat_4_1_27_t *)); -static void natstat_current_to_4_1_32 __P((void *, natstat_4_1_32_t *)); -static void nat_current_to_4_1_3 __P((void *, nat_4_1_3_t *)); -static void nat_current_to_4_1_14 __P((void *, nat_4_1_14_t *)); -static void nat_current_to_4_1_25 __P((void *, nat_4_1_25_t *)); - -static void friostat_4_1_0_to_current __P((friostat_4_1_0_t *, void *)); -static void friostat_4_1_33_to_current __P((friostat_4_1_33_t *, void *)); -static void ipnat_4_1_0_to_current __P((ipnat_4_1_0_t *, void *, int)); -static void ipnat_4_1_14_to_current __P((ipnat_4_1_14_t *, void *, int)); -static void frauth_4_1_11_to_current __P((frauth_4_1_11_t *, void *)); -static void frauth_4_1_23_to_current __P((frauth_4_1_23_t *, void *)); -static void frauth_4_1_24_to_current __P((frauth_4_1_24_t *, void *)); -static void frauth_4_1_29_to_current __P((frauth_4_1_29_t *, void *)); -static void frauth_4_1_32_to_current __P((frauth_4_1_32_t *, void *)); -static void frentry_4_1_0_to_current __P((ipf_main_softc_t *, frentry_4_1_0_t *, void *, int)); -static void frentry_4_1_16_to_current __P((ipf_main_softc_t *, frentry_4_1_16_t *, void *, int)); -static void frentry_4_1_34_to_current __P((ipf_main_softc_t *, frentry_4_1_34_t *, void *, int)); -static void fr_info_4_1_11_to_current __P((fr_info_4_1_11_t *, void *)); -static void fr_info_4_1_23_to_current __P((fr_info_4_1_23_t *, void *)); -static void fr_info_4_1_24_to_current __P((fr_info_4_1_24_t *, void *)); -static void fr_info_4_1_32_to_current __P((fr_info_4_1_32_t *, void *)); -static void nat_save_4_1_3_to_current __P((ipf_main_softc_t *, nat_save_4_1_3_t *, void *)); -static void nat_save_4_1_14_to_current __P((ipf_main_softc_t *, nat_save_4_1_14_t *, void *)); -static void nat_save_4_1_16_to_current __P((ipf_main_softc_t *, nat_save_4_1_16_t *, void *)); - -/* ------------------------------------------------------------------------ */ -/* In this section is a series of short routines that deal with translating */ -/* the smaller data structures used above as their internal changes make */ -/* them inappropriate for simple assignment. */ -/* ------------------------------------------------------------------------ */ - - -static int -ipf_addfrstr(char *names, int namelen, char *str, int maxlen) -{ - char *t; - int i; - - for (i = maxlen, t = str; (*t != '\0') && (i > 0); i--) { - names[namelen++] = *t++; - } - names[namelen++] = '\0'; - return namelen; -} - - -static void -ipf_v4iptov5(v4, v5) - frip4_t *v4; - fr_ip_t *v5; -{ - v5->fi_v = v4->fi_v; - v5->fi_p = v4->fi_p; - v5->fi_xx = v4->fi_xx; - v5->fi_tos = v4->fi_tos; - v5->fi_ttl = v4->fi_ttl; - v5->fi_p = v4->fi_p; - v5->fi_optmsk = v4->fi_optmsk; - v5->fi_src = v4->fi_src; - v5->fi_dst = v4->fi_dst; - v5->fi_secmsk = v4->ofi_secmsk; - v5->fi_auth = v4->ofi_auth; - v5->fi_flx = v4->fi_flx; - v5->fi_tcpmsk = v4->fi_tcpmsk; -} - -static void -ipf_v5iptov4(v5, v4) - fr_ip_t *v5; - frip4_t *v4; -{ - v4->fi_v = v5->fi_v; - v4->fi_p = v5->fi_p; - v4->fi_xx = v5->fi_xx; - v4->fi_tos = v5->fi_tos; - v4->fi_ttl = v5->fi_ttl; - v4->fi_p = v5->fi_p; - v4->fi_optmsk = v5->fi_optmsk; - v4->fi_src = v5->fi_src; - v4->fi_dst = v5->fi_dst; - v4->ofi_secmsk = v5->fi_secmsk; - v4->ofi_auth = v5->fi_auth; - v4->fi_flx = v5->fi_flx; - v4->fi_tcpmsk = v5->fi_tcpmsk; -} - - -static void -ipfv4tuctov5(v4, v5) - frtuc4_t *v4; - frtuc_t *v5; -{ - v5->ftu_src.frp_cmp = v4->ftu_src.frp_cmp; - v5->ftu_src.frp_port = v4->ftu_src.frp_port; - v5->ftu_src.frp_top = v4->ftu_src.frp_top; - v5->ftu_dst.frp_cmp = v4->ftu_dst.frp_cmp; - v5->ftu_dst.frp_port = v4->ftu_dst.frp_port; - v5->ftu_dst.frp_top = v4->ftu_dst.frp_top; -} - - -static void -ipfv5tuctov4(v5, v4) - frtuc_t *v5; - frtuc4_t *v4; -{ - v4->ftu_src.frp_cmp = v5->ftu_src.frp_cmp; - v4->ftu_src.frp_port = v5->ftu_src.frp_port; - v4->ftu_src.frp_top = v5->ftu_src.frp_top; - v4->ftu_dst.frp_cmp = v5->ftu_dst.frp_cmp; - v4->ftu_dst.frp_port = v5->ftu_dst.frp_port; - v4->ftu_dst.frp_top = v5->ftu_dst.frp_top; -} - - -static int -ipf_v4fripftov5(frp4, dst) - fripf4_t *frp4; - char *dst; -{ - fripf_t *frp; - - frp = (fripf_t *)dst; - - ipf_v4iptov5(&frp4->fri_ip, &frp->fri_ip); - ipf_v4iptov5(&frp4->fri_mip, &frp->fri_mip); - frp->fri_icmpm = frp4->fri_icmpm; - frp->fri_icmp = frp4->fri_icmp; - frp->fri_tuc.ftu_tcpfm = frp4->fri_tuc.ftu_tcpfm; - frp->fri_tuc.ftu_tcpf = frp4->fri_tuc.ftu_tcpf; - ipfv4tuctov5(&frp4->fri_tuc, &frp->fri_tuc); - frp->fri_satype = frp4->fri_satype; - frp->fri_datype = frp4->fri_datype; - frp->fri_sifpidx = frp4->fri_sifpidx; - frp->fri_difpidx = frp4->fri_difpidx; - return 0; -} - - -static void -ipf_v5fripftov4(frp, frp4) - fripf_t *frp; - fripf4_t *frp4; -{ - - ipf_v5iptov4(&frp->fri_ip, &frp4->fri_ip); - ipf_v5iptov4(&frp->fri_mip, &frp4->fri_mip); - frp4->fri_icmpm = frp->fri_icmpm; - frp4->fri_icmp = frp->fri_icmp; - frp4->fri_tuc.ftu_tcpfm = frp->fri_tuc.ftu_tcpfm; - frp4->fri_tuc.ftu_tcpf = frp->fri_tuc.ftu_tcpf; - ipfv5tuctov4(&frp->fri_tuc, &frp4->fri_tuc); - frp4->fri_satype = frp->fri_satype; - frp4->fri_datype = frp->fri_datype; - frp4->fri_sifpidx = frp->fri_sifpidx; - frp4->fri_difpidx = frp->fri_difpidx; -} - - -/* ------------------------------------------------------------------------ */ -/* ipf_in_compat is the first of two service routines. It is responsible for*/ -/* converting data structures from user space into what's required by the */ -/* kernel module. */ -/* ------------------------------------------------------------------------ */ -int -ipf_in_compat(softc, obj, ptr, size) - ipf_main_softc_t *softc; - ipfobj_t *obj; - void *ptr; - int size; -{ - int error; - int sz; - - IPFERROR(140000); - error = EINVAL; - - switch (obj->ipfo_type) - { - default : - break; - - case IPFOBJ_FRENTRY : - if (obj->ipfo_rev >= 4013400) { - frentry_4_1_34_t *old; - - KMALLOC(old, frentry_4_1_34_t *); - if (old == NULL) { - IPFERROR(140001); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old, sizeof(*old)); - if (error == 0) { - if (old->fr_type != FR_T_NONE && - old->fr_type != FR_T_IPF) { - IPFERROR(140002); - error = EINVAL; - KFREE(old); - break; - } - frentry_4_1_34_to_current(softc, old, - ptr, size); - } else { - IPFERROR(140003); - } - KFREE(old); - } else if (obj->ipfo_rev >= 4011600) { - frentry_4_1_16_t *old; - - KMALLOC(old, frentry_4_1_16_t *); - if (old == NULL) { - IPFERROR(140004); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old, sizeof(*old)); - if (error == 0) { - if (old->fr_type != FR_T_NONE && - old->fr_type != FR_T_IPF) { - IPFERROR(140005); - error = EINVAL; - KFREE(old); - break; - } - frentry_4_1_16_to_current(softc, old, - ptr, size); - } else { - IPFERROR(140006); - } - KFREE(old); - } else { - frentry_4_1_0_t *old; - - KMALLOC(old, frentry_4_1_0_t *); - if (old == NULL) { - IPFERROR(140007); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old, sizeof(*old)); - if (error == 0) { - if (old->fr_type != FR_T_NONE && - old->fr_type != FR_T_IPF) { - IPFERROR(140008); - error = EINVAL; - KFREE(old); - break; - } - frentry_4_1_0_to_current(softc, old, ptr, size); - } else { - IPFERROR(140009); - } - KFREE(old); - } - break; - - case IPFOBJ_IPFSTAT : - if (obj->ipfo_rev >= 4013300) { - friostat_4_1_33_t *old; - - KMALLOC(old, friostat_4_1_33_t *); - if (old == NULL) { - IPFERROR(140010); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old, sizeof(*old)); - if (error == 0) { - friostat_4_1_33_to_current(old, ptr); - } else { - IPFERROR(140011); - } - } else { - friostat_4_1_0_t *old; - - KMALLOC(old, friostat_4_1_0_t *); - if (old == NULL) { - IPFERROR(140012); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old, sizeof(*old)); - if (error == 0) { - friostat_4_1_0_to_current(old, ptr); - } else { - IPFERROR(140013); - } - } - break; - - case IPFOBJ_IPFINFO : /* unused */ - break; - - case IPFOBJ_IPNAT : - if (obj->ipfo_rev >= 4011400) { - ipnat_4_1_14_t *old; - - KMALLOC(old, ipnat_4_1_14_t *); - if (old == NULL) { - IPFERROR(140014); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old, sizeof(*old)); - if (error == 0) { - ipnat_4_1_14_to_current(old, ptr, size); - } else { - IPFERROR(140015); - } - KFREE(old); - } else { - ipnat_4_1_0_t *old; - - KMALLOC(old, ipnat_4_1_0_t *); - if (old == NULL) { - IPFERROR(140016); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old, sizeof(*old)); - if (error == 0) { - ipnat_4_1_0_to_current(old, ptr, size); - } else { - IPFERROR(140017); - } - KFREE(old); - } - break; - - case IPFOBJ_NATSTAT : - /* - * Statistics are not copied in. - */ - break; - - case IPFOBJ_NATSAVE : - if (obj->ipfo_rev >= 4011600) { - nat_save_4_1_16_t *old16; - - KMALLOC(old16, nat_save_4_1_16_t *); - if (old16 == NULL) { - IPFERROR(140018); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old16, sizeof(*old16)); - if (error == 0) { - nat_save_4_1_16_to_current(softc, old16, ptr); - } else { - IPFERROR(140019); - } - KFREE(old16); - } else if (obj->ipfo_rev >= 4011400) { - nat_save_4_1_14_t *old14; - - KMALLOC(old14, nat_save_4_1_14_t *); - if (old14 == NULL) { - IPFERROR(140020); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old14, sizeof(*old14)); - if (error == 0) { - nat_save_4_1_14_to_current(softc, old14, ptr); - } else { - IPFERROR(140021); - } - KFREE(old14); - } else if (obj->ipfo_rev >= 4010300) { - nat_save_4_1_3_t *old3; - - KMALLOC(old3, nat_save_4_1_3_t *); - if (old3 == NULL) { - IPFERROR(140022); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old3, sizeof(*old3)); - if (error == 0) { - nat_save_4_1_3_to_current(softc, old3, ptr); - } else { - IPFERROR(140023); - } - KFREE(old3); - } - break; - - case IPFOBJ_STATESAVE : - if (obj->ipfo_rev >= 4013400) { - ipstate_save_4_1_34_t *old; - - KMALLOC(old, ipstate_save_4_1_34_t *); - if (old == NULL) { - IPFERROR(140024); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old, sizeof(*old)); - if (error != 0) { - IPFERROR(140025); - } - KFREE(old); - } else if (obj->ipfo_rev >= 4011600) { - ipstate_save_4_1_16_t *old; - - KMALLOC(old, ipstate_save_4_1_16_t *); - if (old == NULL) { - IPFERROR(140026); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old, sizeof(*old)); - if (error != 0) { - IPFERROR(140027); - } - KFREE(old); - } else { - ipstate_save_4_1_0_t *old; - - KMALLOC(old, ipstate_save_4_1_0_t *); - if (old == NULL) { - IPFERROR(140028); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old, sizeof(*old)); - if (error != 0) { - IPFERROR(140029); - } - KFREE(old); - } - break; - - case IPFOBJ_IPSTATE : - /* - * This structure is not copied in by itself. - */ - break; - - case IPFOBJ_STATESTAT : - /* - * Statistics are not copied in. - */ - break; - - case IPFOBJ_FRAUTH : - if (obj->ipfo_rev >= 4013200) { - frauth_4_1_32_t *old32; - - KMALLOC(old32, frauth_4_1_32_t *); - if (old32 == NULL) { - IPFERROR(140030); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old32, sizeof(*old32)); - if (error == 0) { - frauth_4_1_32_to_current(old32, ptr); - } else { - IPFERROR(140031); - } - KFREE(old32); - } else if (obj->ipfo_rev >= 4012900) { - frauth_4_1_29_t *old29; - - KMALLOC(old29, frauth_4_1_29_t *); - if (old29 == NULL) { - IPFERROR(140032); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old29, sizeof(*old29)); - if (error == 0) { - frauth_4_1_29_to_current(old29, ptr); - } else { - IPFERROR(140033); - } - KFREE(old29); - } else if (obj->ipfo_rev >= 4012400) { - frauth_4_1_24_t *old24; - - KMALLOC(old24, frauth_4_1_24_t *); - if (old24 == NULL) { - IPFERROR(140034); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old24, sizeof(*old24)); - if (error == 0) { - frauth_4_1_24_to_current(old24, ptr); - } else { - IPFERROR(140035); - } - KFREE(old24); - } else if (obj->ipfo_rev >= 4012300) { - frauth_4_1_23_t *old23; - - KMALLOC(old23, frauth_4_1_23_t *); - if (old23 == NULL) { - IPFERROR(140036); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old23, sizeof(*old23)); - if (error == 0) - frauth_4_1_23_to_current(old23, ptr); - KFREE(old23); - } else if (obj->ipfo_rev >= 4011100) { - frauth_4_1_11_t *old11; - - KMALLOC(old11, frauth_4_1_11_t *); - if (old11 == NULL) { - IPFERROR(140037); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old11, sizeof(*old11)); - if (error == 0) { - frauth_4_1_11_to_current(old11, ptr); - } else { - IPFERROR(140038); - } - KFREE(old11); - } - break; - - case IPFOBJ_NAT : - if (obj->ipfo_rev >= 4011400) { - sz = sizeof(nat_4_1_14_t); - } else if (obj->ipfo_rev >= 4010300) { - sz = sizeof(nat_4_1_3_t); - } else { - break; - } - bzero(ptr, sizeof(nat_t)); - error = COPYIN(obj->ipfo_ptr, ptr, sz); - if (error != 0) { - IPFERROR(140039); - } - break; - - case IPFOBJ_FRIPF : - if (obj->ipfo_rev < 5000000) { - fripf4_t *old; - - KMALLOC(old, fripf4_t *); - if (old == NULL) { - IPFERROR(140040); - error = ENOMEM; - break; - } - error = COPYIN(obj->ipfo_ptr, old, sizeof(*old)); - if (error == 0) { - ipf_v4fripftov5(old, ptr); - } else { - IPFERROR(140041); - } - KFREE(old); - } - break; - } - - return error; -} -/* ------------------------------------------------------------------------ */ - - -/* - * flags is v4 flags, returns v5 flags. - */ -static int -fr_frflags4to5(flags) - u_32_t flags; -{ - u_32_t nflags = 0; - - switch (flags & 0xf) { - case 0x0 : - nflags |= FR_CALL; - break; - case 0x1 : - nflags |= FR_BLOCK; - break; - case 0x2 : - nflags |= FR_PASS; - break; - case 0x3 : - nflags |= FR_AUTH; - break; - case 0x4 : - nflags |= FR_PREAUTH; - break; - case 0x5 : - nflags |= FR_ACCOUNT; - break; - case 0x6 : - nflags |= FR_SKIP; - break; - default : - break; - } - - if (flags & 0x00010) - nflags |= FR_LOG; - if (flags & 0x00020) - nflags |= FR_CALLNOW; - if (flags & 0x00080) - nflags |= FR_NOTSRCIP; - if (flags & 0x00040) - nflags |= FR_NOTDSTIP; - if (flags & 0x00100) - nflags |= FR_QUICK; - if (flags & 0x00200) - nflags |= FR_KEEPFRAG; - if (flags & 0x00400) - nflags |= FR_KEEPSTATE; - if (flags & 0x00800) - nflags |= FR_FASTROUTE; - if (flags & 0x01000) - nflags |= FR_RETRST; - if (flags & 0x02000) - nflags |= FR_RETICMP; - if (flags & 0x03000) - nflags |= FR_FAKEICMP; - if (flags & 0x04000) - nflags |= FR_OUTQUE; - if (flags & 0x08000) - nflags |= FR_INQUE; - if (flags & 0x10000) - nflags |= FR_LOGBODY; - if (flags & 0x20000) - nflags |= FR_LOGFIRST; - if (flags & 0x40000) - nflags |= FR_LOGORBLOCK; - if (flags & 0x100000) - nflags |= FR_FRSTRICT; - if (flags & 0x200000) - nflags |= FR_STSTRICT; - if (flags & 0x400000) - nflags |= FR_NEWISN; - if (flags & 0x800000) - nflags |= FR_NOICMPERR; - if (flags & 0x1000000) - nflags |= FR_STATESYNC; - if (flags & 0x8000000) - nflags |= FR_NOMATCH; - if (flags & 0x40000000) - nflags |= FR_COPIED; - if (flags & 0x80000000) - nflags |= FR_INACTIVE; - - return nflags; -} - -static void -frentry_4_1_34_to_current(softc, old, current, size) - ipf_main_softc_t *softc; - frentry_4_1_34_t *old; - void *current; - int size; -{ - frentry_t *fr = (frentry_t *)current; - - fr->fr_comment = -1; - fr->fr_ref = old->fr_ref; - fr->fr_statecnt = old->fr_statecnt; - fr->fr_hits = old->fr_hits; - fr->fr_bytes = old->fr_bytes; - fr->fr_lastpkt.tv_sec = old->fr_lastpkt.tv_sec; - fr->fr_lastpkt.tv_usec = old->fr_lastpkt.tv_usec; - bcopy(&old->fr_dun, &fr->fr_dun, sizeof(old->fr_dun)); - fr->fr_func = old->fr_func; - fr->fr_dsize = old->fr_dsize; - fr->fr_pps = old->fr_pps; - fr->fr_statemax = old->fr_statemax; - fr->fr_flineno = old->fr_flineno; - fr->fr_type = old->fr_type; - fr->fr_flags = fr_frflags4to5(old->fr_flags); - fr->fr_logtag = old->fr_logtag; - fr->fr_collect = old->fr_collect; - fr->fr_arg = old->fr_arg; - fr->fr_loglevel = old->fr_loglevel; - fr->fr_age[0] = old->fr_age[0]; - fr->fr_age[1] = old->fr_age[1]; - fr->fr_tifs[0].fd_ip6 = old->fr_tifs[0].ofd_ip6; - fr->fr_tifs[0].fd_type = FRD_NORMAL; - fr->fr_tifs[1].fd_ip6 = old->fr_tifs[1].ofd_ip6; - fr->fr_tifs[1].fd_type = FRD_NORMAL; - fr->fr_dif.fd_ip6 = old->fr_dif.ofd_ip6; - fr->fr_dif.fd_type = FRD_NORMAL; - if (old->fr_v == 4) - fr->fr_family = AF_INET; - if (old->fr_v == 6) - fr->fr_family = AF_INET6; - fr->fr_icode = old->fr_icode; - fr->fr_cksum = old->fr_cksum; - fr->fr_namelen = 0; - fr->fr_ifnames[0] = -1; - fr->fr_ifnames[1] = -1; - fr->fr_ifnames[2] = -1; - fr->fr_ifnames[3] = -1; - fr->fr_dif.fd_name = -1; - fr->fr_tifs[0].fd_name = -1; - fr->fr_tifs[1].fd_name = -1; - fr->fr_group = -1; - fr->fr_grhead = -1; - fr->fr_icmphead = -1; - if (size == 0) { - fr->fr_size = sizeof(*fr) + LIFNAMSIZ * 7 + FR_GROUPLEN * 2; - fr->fr_size += sizeof(fripf_t) + 16; - fr->fr_size += 9; /* room for \0's */ - } else { - char *names = fr->fr_names; - int nlen = fr->fr_namelen; - - fr->fr_size = size; - if (old->fr_ifnames[0][0] != '\0') { - fr->fr_ifnames[0] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[0], - LIFNAMSIZ); - } - if (old->fr_ifnames[1][0] != '\0') { - fr->fr_ifnames[1] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[1], - LIFNAMSIZ); - } - if (old->fr_ifnames[2][0] != '\0') { - fr->fr_ifnames[2] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[2], - LIFNAMSIZ); - } - if (old->fr_ifnames[3][0] != '\0') { - fr->fr_ifnames[3] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[3], - LIFNAMSIZ); - } - if (old->fr_tifs[0].fd_ifname[0] != '\0') { - fr->fr_tifs[0].fd_name = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_tifs[0].fd_ifname, - LIFNAMSIZ); - } - if (old->fr_tifs[1].fd_ifname[0] != '\0') { - fr->fr_tifs[1].fd_name = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_tifs[1].fd_ifname, - LIFNAMSIZ); - } - if (old->fr_dif.fd_ifname[0] != '\0') { - fr->fr_dif.fd_name = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_dif.fd_ifname, LIFNAMSIZ); - } - if (old->fr_group[0] != '\0') { - fr->fr_group = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_group, LIFNAMSIZ); - } - if (old->fr_grhead[0] != '\0') { - fr->fr_grhead = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_grhead, LIFNAMSIZ); - } - fr->fr_namelen = nlen; - - if (old->fr_type == FR_T_IPF) { - int offset = fr->fr_namelen; - ipfobj_t obj; - int error; - - obj.ipfo_type = IPFOBJ_FRIPF; - obj.ipfo_rev = 4010100; - obj.ipfo_ptr = old->fr_data; - - if ((offset & 7) != 0) - offset += 8 - (offset & 7); - error = ipf_in_compat(softc, &obj, - fr->fr_names + offset, 0); - if (error == 0) { - fr->fr_data = fr->fr_names + offset; - fr->fr_dsize = sizeof(fripf_t); - } - } - } -} - -static void -frentry_4_1_16_to_current(softc, old, current, size) - ipf_main_softc_t *softc; - frentry_4_1_16_t *old; - void *current; - int size; -{ - frentry_t *fr = (frentry_t *)current; - - fr->fr_comment = -1; - fr->fr_ref = old->fr_ref; - fr->fr_statecnt = old->fr_statecnt; - fr->fr_hits = old->fr_hits; - fr->fr_bytes = old->fr_bytes; - fr->fr_lastpkt.tv_sec = old->fr_lastpkt.tv_sec; - fr->fr_lastpkt.tv_usec = old->fr_lastpkt.tv_usec; - bcopy(&old->fr_dun, &fr->fr_dun, sizeof(old->fr_dun)); - fr->fr_func = old->fr_func; - fr->fr_dsize = old->fr_dsize; - fr->fr_pps = old->fr_pps; - fr->fr_statemax = old->fr_statemax; - fr->fr_flineno = old->fr_flineno; - fr->fr_type = old->fr_type; - fr->fr_flags = fr_frflags4to5(old->fr_flags); - fr->fr_logtag = old->fr_logtag; - fr->fr_collect = old->fr_collect; - fr->fr_arg = old->fr_arg; - fr->fr_loglevel = old->fr_loglevel; - fr->fr_age[0] = old->fr_age[0]; - fr->fr_age[1] = old->fr_age[1]; - fr->fr_tifs[0].fd_ip6 = old->fr_tifs[0].ofd_ip6; - fr->fr_tifs[0].fd_type = FRD_NORMAL; - fr->fr_tifs[1].fd_ip6 = old->fr_tifs[1].ofd_ip6; - fr->fr_tifs[1].fd_type = FRD_NORMAL; - fr->fr_dif.fd_ip6 = old->fr_dif.ofd_ip6; - fr->fr_dif.fd_type = FRD_NORMAL; - if (old->fr_v == 4) - fr->fr_family = AF_INET; - if (old->fr_v == 6) - fr->fr_family = AF_INET6; - fr->fr_icode = old->fr_icode; - fr->fr_cksum = old->fr_cksum; - fr->fr_namelen = 0; - fr->fr_ifnames[0] = -1; - fr->fr_ifnames[1] = -1; - fr->fr_ifnames[2] = -1; - fr->fr_ifnames[3] = -1; - fr->fr_dif.fd_name = -1; - fr->fr_tifs[0].fd_name = -1; - fr->fr_tifs[1].fd_name = -1; - fr->fr_group = -1; - fr->fr_grhead = -1; - fr->fr_icmphead = -1; - if (size == 0) { - fr->fr_size = sizeof(*fr) + LIFNAMSIZ * 7 + FR_GROUPLEN * 2; - fr->fr_size += 9; /* room for \0's */ - } else { - char *names = fr->fr_names; - int nlen = fr->fr_namelen; - - fr->fr_size = size; - if (old->fr_ifnames[0][0] != '\0') { - fr->fr_ifnames[0] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[0], - LIFNAMSIZ); - } - if (old->fr_ifnames[1][0] != '\0') { - fr->fr_ifnames[1] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[1], - LIFNAMSIZ); - } - if (old->fr_ifnames[2][0] != '\0') { - fr->fr_ifnames[2] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[2], - LIFNAMSIZ); - } - if (old->fr_ifnames[3][0] != '\0') { - fr->fr_ifnames[3] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[3], - LIFNAMSIZ); - } - if (old->fr_tifs[0].fd_ifname[0] != '\0') { - fr->fr_tifs[0].fd_name = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_tifs[0].fd_ifname, - LIFNAMSIZ); - } - if (old->fr_tifs[1].fd_ifname[0] != '\0') { - fr->fr_tifs[1].fd_name = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_tifs[1].fd_ifname, - LIFNAMSIZ); - } - if (old->fr_dif.fd_ifname[0] != '\0') { - fr->fr_dif.fd_name = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_dif.fd_ifname, LIFNAMSIZ); - } - if (old->fr_group[0] != '\0') { - fr->fr_group = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_group, LIFNAMSIZ); - } - if (old->fr_grhead[0] != '\0') { - fr->fr_grhead = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_grhead, LIFNAMSIZ); - } - fr->fr_namelen = nlen; - - if (old->fr_type == FR_T_IPF) { - int offset = fr->fr_namelen; - ipfobj_t obj; - int error; - - obj.ipfo_type = IPFOBJ_FRIPF; - obj.ipfo_rev = 4010100; - obj.ipfo_ptr = old->fr_data; - - if ((offset & 7) != 0) - offset += 8 - (offset & 7); - error = ipf_in_compat(softc, &obj, - fr->fr_names + offset, 0); - if (error == 0) { - fr->fr_data = fr->fr_names + offset; - fr->fr_dsize = sizeof(fripf_t); - } - } - } -} - - -static void -frentry_4_1_0_to_current(softc, old, current, size) - ipf_main_softc_t *softc; - frentry_4_1_0_t *old; - void *current; - int size; -{ - frentry_t *fr = (frentry_t *)current; - - fr->fr_size = sizeof(*fr); - fr->fr_comment = -1; - fr->fr_ref = old->fr_ref; - fr->fr_statecnt = old->fr_statecnt; - fr->fr_hits = old->fr_hits; - fr->fr_bytes = old->fr_bytes; - fr->fr_lastpkt.tv_sec = old->fr_lastpkt.tv_sec; - fr->fr_lastpkt.tv_usec = old->fr_lastpkt.tv_usec; - bcopy(&old->fr_dun, &fr->fr_dun, sizeof(old->fr_dun)); - fr->fr_func = old->fr_func; - fr->fr_dsize = old->fr_dsize; - fr->fr_pps = old->fr_pps; - fr->fr_statemax = old->fr_statemax; - fr->fr_flineno = old->fr_flineno; - fr->fr_type = old->fr_type; - fr->fr_flags = fr_frflags4to5(old->fr_flags); - fr->fr_logtag = old->fr_logtag; - fr->fr_collect = old->fr_collect; - fr->fr_arg = old->fr_arg; - fr->fr_loglevel = old->fr_loglevel; - fr->fr_age[0] = old->fr_age[0]; - fr->fr_age[1] = old->fr_age[1]; - fr->fr_tifs[0].fd_ip6 = old->fr_tifs[0].ofd_ip6; - fr->fr_tifs[0].fd_type = FRD_NORMAL; - fr->fr_tifs[1].fd_ip6 = old->fr_tifs[1].ofd_ip6; - fr->fr_tifs[1].fd_type = FRD_NORMAL; - fr->fr_dif.fd_ip6 = old->fr_dif.ofd_ip6; - fr->fr_dif.fd_type = FRD_NORMAL; - if (old->fr_v == 4) - fr->fr_family = AF_INET; - if (old->fr_v == 6) - fr->fr_family = AF_INET6; - fr->fr_icode = old->fr_icode; - fr->fr_cksum = old->fr_cksum; - fr->fr_namelen = 0; - fr->fr_ifnames[0] = -1; - fr->fr_ifnames[1] = -1; - fr->fr_ifnames[2] = -1; - fr->fr_ifnames[3] = -1; - fr->fr_dif.fd_name = -1; - fr->fr_tifs[0].fd_name = -1; - fr->fr_tifs[1].fd_name = -1; - fr->fr_group = -1; - fr->fr_grhead = -1; - fr->fr_icmphead = -1; - if (size == 0) { - fr->fr_size = sizeof(*fr) + LIFNAMSIZ * 7 + FR_GROUPLEN * 2; - fr->fr_size += 9; /* room for \0's */ - } else { - char *names = fr->fr_names; - int nlen = fr->fr_namelen; - - fr->fr_size = size; - if (old->fr_ifnames[0][0] != '\0') { - fr->fr_ifnames[0] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[0], - LIFNAMSIZ); - } - if (old->fr_ifnames[1][0] != '\0') { - fr->fr_ifnames[1] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[1], - LIFNAMSIZ); - } - if (old->fr_ifnames[2][0] != '\0') { - fr->fr_ifnames[2] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[2], - LIFNAMSIZ); - } - if (old->fr_ifnames[3][0] != '\0') { - fr->fr_ifnames[3] = nlen; - nlen = ipf_addfrstr(names, nlen, old->fr_ifnames[3], - LIFNAMSIZ); - } - if (old->fr_tifs[0].fd_ifname[0] != '\0') { - fr->fr_tifs[0].fd_name = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_tifs[0].fd_ifname, - LIFNAMSIZ); - } - if (old->fr_tifs[1].fd_ifname[0] != '\0') { - fr->fr_tifs[1].fd_name = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_tifs[1].fd_ifname, - LIFNAMSIZ); - } - if (old->fr_dif.fd_ifname[0] != '\0') { - fr->fr_dif.fd_name = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_dif.fd_ifname, LIFNAMSIZ); - } - if (old->fr_group[0] != '\0') { - fr->fr_group = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_group, LIFNAMSIZ); - } - if (old->fr_grhead[0] != '\0') { - fr->fr_grhead = nlen; - nlen = ipf_addfrstr(names, nlen, - old->fr_grhead, LIFNAMSIZ); - } - fr->fr_namelen = nlen; - - if (old->fr_type == FR_T_IPF) { - int offset = fr->fr_namelen; - ipfobj_t obj; - int error; - - obj.ipfo_type = IPFOBJ_FRIPF; - obj.ipfo_rev = 4010100; - obj.ipfo_ptr = old->fr_data; - - if ((offset & 7) != 0) - offset += 8 - (offset & 7); - offset += 8 - (offset & 7); - error = ipf_in_compat(softc, &obj, - fr->fr_names + offset, 0); - if (error == 0) { - fr->fr_data = fr->fr_names + offset; - fr->fr_dsize = sizeof(fripf_t); - } - } - } -} - - -static void -friostat_4_1_33_to_current(old, current) - friostat_4_1_33_t *old; - void *current; -{ - friostat_t *fiop = (friostat_t *)current; - - bcopy(&old->of_st[0], &fiop->f_st[0].fr_pass, sizeof(old->of_st[0])); - bcopy(&old->of_st[1], &fiop->f_st[1].fr_pass, sizeof(old->of_st[1])); - - fiop->f_ipf[0][0] = old->f_ipf[0][0]; - fiop->f_ipf[0][1] = old->f_ipf[0][1]; - fiop->f_ipf[1][0] = old->f_ipf[1][0]; - fiop->f_ipf[1][1] = old->f_ipf[1][1]; - fiop->f_acct[0][0] = old->f_acct[0][0]; - fiop->f_acct[0][1] = old->f_acct[0][1]; - fiop->f_acct[1][0] = old->f_acct[1][0]; - fiop->f_acct[1][1] = old->f_acct[1][1]; - fiop->f_auth = fiop->f_auth; - bcopy(&old->f_groups, &fiop->f_groups, sizeof(old->f_groups)); - bcopy(&old->f_froute, &fiop->f_froute, sizeof(old->f_froute)); - fiop->f_ticks = old->f_ticks; - bcopy(&old->f_locks, &fiop->f_locks, sizeof(old->f_locks)); - fiop->f_defpass = old->f_defpass; - fiop->f_active = old->f_active; - fiop->f_running = old->f_running; - fiop->f_logging = old->f_logging; - fiop->f_features = old->f_features; - bcopy(old->f_version, fiop->f_version, sizeof(old->f_version)); -} - - -static void -friostat_4_1_0_to_current(old, current) - friostat_4_1_0_t *old; - void *current; -{ - friostat_t *fiop = (friostat_t *)current; - - bcopy(&old->of_st[0], &fiop->f_st[0].fr_pass, sizeof(old->of_st[0])); - bcopy(&old->of_st[1], &fiop->f_st[1].fr_pass, sizeof(old->of_st[1])); - - fiop->f_ipf[0][0] = old->f_ipf[0][0]; - fiop->f_ipf[0][1] = old->f_ipf[0][1]; - fiop->f_ipf[1][0] = old->f_ipf[1][0]; - fiop->f_ipf[1][1] = old->f_ipf[1][1]; - fiop->f_acct[0][0] = old->f_acct[0][0]; - fiop->f_acct[0][1] = old->f_acct[0][1]; - fiop->f_acct[1][0] = old->f_acct[1][0]; - fiop->f_acct[1][1] = old->f_acct[1][1]; - fiop->f_auth = fiop->f_auth; - bcopy(&old->f_groups, &fiop->f_groups, sizeof(old->f_groups)); - bcopy(&old->f_froute, &fiop->f_froute, sizeof(old->f_froute)); - fiop->f_ticks = old->f_ticks; - bcopy(&old->f_locks, &fiop->f_locks, sizeof(old->f_locks)); - fiop->f_defpass = old->f_defpass; - fiop->f_active = old->f_active; - fiop->f_running = old->f_running; - fiop->f_logging = old->f_logging; - fiop->f_features = old->f_features; - bcopy(old->f_version, fiop->f_version, sizeof(old->f_version)); -} - - -static void -ipnat_4_1_14_to_current(old, current, size) - ipnat_4_1_14_t *old; - void *current; - int size; -{ - ipnat_t *np = (ipnat_t *)current; - - np->in_space = old->in_space; - np->in_hv[0] = old->in_hv; - np->in_hv[1] = old->in_hv; - np->in_flineno = old->in_flineno; - if (old->in_redir == NAT_REDIRECT) - np->in_dpnext = old->in_pnext; - else - np->in_spnext = old->in_pnext; - np->in_v[0] = old->in_v; - np->in_v[1] = old->in_v; - np->in_flags = old->in_flags; - np->in_mssclamp = old->in_mssclamp; - np->in_age[0] = old->in_age[0]; - np->in_age[1] = old->in_age[1]; - np->in_redir = old->in_redir; - np->in_pr[0] = old->in_p; - np->in_pr[1] = old->in_p; - if (np->in_redir == NAT_REDIRECT) { - np->in_ndst.na_nextaddr = old->in_next6; - np->in_ndst.na_addr[0] = old->in_in[0]; - np->in_ndst.na_addr[1] = old->in_in[1]; - np->in_ndst.na_atype = FRI_NORMAL; - np->in_odst.na_addr[0] = old->in_out[0]; - np->in_odst.na_addr[1] = old->in_out[1]; - np->in_odst.na_atype = FRI_NORMAL; - np->in_osrc.na_addr[0] = old->in_src[0]; - np->in_osrc.na_addr[1] = old->in_src[1]; - np->in_osrc.na_atype = FRI_NORMAL; - } else { - np->in_nsrc.na_nextaddr = old->in_next6; - np->in_nsrc.na_addr[0] = old->in_out[0]; - np->in_nsrc.na_addr[1] = old->in_out[1]; - np->in_nsrc.na_atype = FRI_NORMAL; - np->in_osrc.na_addr[0] = old->in_in[0]; - np->in_osrc.na_addr[1] = old->in_in[1]; - np->in_osrc.na_atype = FRI_NORMAL; - np->in_odst.na_addr[0] = old->in_src[0]; - np->in_odst.na_addr[1] = old->in_src[1]; - np->in_odst.na_atype = FRI_NORMAL; - } - ipfv4tuctov5(&old->in_tuc, &np->in_tuc); - if (np->in_redir == NAT_REDIRECT) { - np->in_dpmin = old->in_port[0]; - np->in_dpmax = old->in_port[1]; - } else { - np->in_spmin = old->in_port[0]; - np->in_spmax = old->in_port[1]; - } - np->in_ppip = old->in_ppip; - np->in_ippip = old->in_ippip; - np->in_tag = old->in_tag; - - np->in_namelen = 0; - np->in_plabel = -1; - np->in_ifnames[0] = -1; - np->in_ifnames[1] = -1; - - if (size == 0) { - np->in_size = sizeof(*np); - np->in_size += LIFNAMSIZ * 2 + APR_LABELLEN; - np->in_size += 3; - } else { - int nlen = np->in_namelen; - char *names = np->in_names; - - if (old->in_ifnames[0][0] != '\0') { - np->in_ifnames[0] = nlen; - nlen = ipf_addfrstr(names, nlen, old->in_ifnames[0], - LIFNAMSIZ); - } - if (old->in_ifnames[1][0] != '\0') { - np->in_ifnames[0] = nlen; - nlen = ipf_addfrstr(names, nlen, old->in_ifnames[1], - LIFNAMSIZ); - } - if (old->in_plabel[0] != '\0') { - np->in_plabel = nlen; - nlen = ipf_addfrstr(names, nlen, old->in_plabel, - LIFNAMSIZ); - } - np->in_namelen = nlen; - np->in_size = size; - } -} - - -static void -ipnat_4_1_0_to_current(old, current, size) - ipnat_4_1_0_t *old; - void *current; - int size; -{ - ipnat_t *np = (ipnat_t *)current; - - np->in_space = old->in_space; - np->in_hv[0] = old->in_hv; - np->in_hv[1] = old->in_hv; - np->in_flineno = old->in_flineno; - if (old->in_redir == NAT_REDIRECT) - np->in_dpnext = old->in_pnext; - else - np->in_spnext = old->in_pnext; - np->in_v[0] = old->in_v; - np->in_v[1] = old->in_v; - np->in_flags = old->in_flags; - np->in_mssclamp = old->in_mssclamp; - np->in_age[0] = old->in_age[0]; - np->in_age[1] = old->in_age[1]; - np->in_redir = old->in_redir; - np->in_pr[0] = old->in_p; - np->in_pr[1] = old->in_p; - if (np->in_redir == NAT_REDIRECT) { - np->in_ndst.na_nextaddr = old->in_next6; - bcopy(&old->in_in, &np->in_ndst.na_addr, sizeof(old->in_in)); - bcopy(&old->in_out, &np->in_odst.na_addr, sizeof(old->in_out)); - bcopy(&old->in_src, &np->in_osrc.na_addr, sizeof(old->in_src)); - } else { - np->in_nsrc.na_nextaddr = old->in_next6; - bcopy(&old->in_in, &np->in_osrc.na_addr, sizeof(old->in_in)); - bcopy(&old->in_out, &np->in_nsrc.na_addr, sizeof(old->in_out)); - bcopy(&old->in_src, &np->in_odst.na_addr, sizeof(old->in_src)); - } - ipfv4tuctov5(&old->in_tuc, &np->in_tuc); - if (np->in_redir == NAT_REDIRECT) { - np->in_dpmin = old->in_port[0]; - np->in_dpmax = old->in_port[1]; - } else { - np->in_spmin = old->in_port[0]; - np->in_spmax = old->in_port[1]; - } - np->in_ppip = old->in_ppip; - np->in_ippip = old->in_ippip; - bcopy(&old->in_tag, &np->in_tag, sizeof(np->in_tag)); - - np->in_namelen = 0; - np->in_plabel = -1; - np->in_ifnames[0] = -1; - np->in_ifnames[1] = -1; - - if (size == 0) { - np->in_size = sizeof(*np); - np->in_size += LIFNAMSIZ * 2 + APR_LABELLEN; - np->in_size += 3; - } else { - int nlen = np->in_namelen; - char *names = np->in_names; - - if (old->in_ifnames[0][0] != '\0') { - np->in_ifnames[0] = nlen; - nlen = ipf_addfrstr(names, nlen, old->in_ifnames[0], - LIFNAMSIZ); - } - if (old->in_ifnames[1][0] != '\0') { - np->in_ifnames[0] = nlen; - nlen = ipf_addfrstr(names, nlen, old->in_ifnames[1], - LIFNAMSIZ); - } - if (old->in_plabel[0] != '\0') { - np->in_plabel = nlen; - nlen = ipf_addfrstr(names, nlen, old->in_plabel, - LIFNAMSIZ); - } - np->in_namelen = nlen; - np->in_size = size; - } -} - - -static void -frauth_4_1_32_to_current(old, current) - frauth_4_1_32_t *old; - void *current; -{ - frauth_t *fra = (frauth_t *)current; - - fra->fra_age = old->fra_age; - fra->fra_len = old->fra_len; - fra->fra_index = old->fra_index; - fra->fra_pass = old->fra_pass; - fr_info_4_1_32_to_current(&old->fra_info, &fra->fra_info); - fra->fra_buf = old->fra_buf; - fra->fra_flx = old->fra_flx; -#ifdef MENTAT - fra->fra_q = old->fra_q; - fra->fra_m = old->fra_m; -#endif -} - - -static void -frauth_4_1_29_to_current(old, current) - frauth_4_1_29_t *old; - void *current; -{ - frauth_t *fra = (frauth_t *)current; - - fra->fra_age = old->fra_age; - fra->fra_len = old->fra_len; - fra->fra_index = old->fra_index; - fra->fra_pass = old->fra_pass; - fr_info_4_1_24_to_current(&old->fra_info, &fra->fra_info); - fra->fra_buf = old->fra_buf; - fra->fra_flx = old->fra_flx; -#ifdef MENTAT - fra->fra_q = old->fra_q; - fra->fra_m = old->fra_m; -#endif -} - - -static void -frauth_4_1_24_to_current(old, current) - frauth_4_1_24_t *old; - void *current; -{ - frauth_t *fra = (frauth_t *)current; - - fra->fra_age = old->fra_age; - fra->fra_len = old->fra_len; - fra->fra_index = old->fra_index; - fra->fra_pass = old->fra_pass; - fr_info_4_1_24_to_current(&old->fra_info, &fra->fra_info); - fra->fra_buf = old->fra_buf; -#ifdef MENTAT - fra->fra_q = old->fra_q; - fra->fra_m = old->fra_m; -#endif -} - - -static void -frauth_4_1_23_to_current(old, current) - frauth_4_1_23_t *old; - void *current; -{ - frauth_t *fra = (frauth_t *)current; - - fra->fra_age = old->fra_age; - fra->fra_len = old->fra_len; - fra->fra_index = old->fra_index; - fra->fra_pass = old->fra_pass; - fr_info_4_1_23_to_current(&old->fra_info, &fra->fra_info); - fra->fra_buf = old->fra_buf; -#ifdef MENTAT - fra->fra_q = old->fra_q; - fra->fra_m = old->fra_m; -#endif -} - - -static void -frauth_4_1_11_to_current(old, current) - frauth_4_1_11_t *old; - void *current; -{ - frauth_t *fra = (frauth_t *)current; - - fra->fra_age = old->fra_age; - fra->fra_len = old->fra_len; - fra->fra_index = old->fra_index; - fra->fra_pass = old->fra_pass; - fr_info_4_1_11_to_current(&old->fra_info, &fra->fra_info); - fra->fra_buf = old->fra_buf; -#ifdef MENTAT - fra->fra_q = old->fra_q; - fra->fra_m = old->fra_m; -#endif -} - - -static void -fr_info_4_1_32_to_current(old, current) - fr_info_4_1_32_t *old; - void *current; -{ - fr_info_t *fin = (fr_info_t *)current; - - fin->fin_ifp = old->fin_ifp; - ipf_v4iptov5(&old->fin_fi, &fin->fin_fi); - bcopy(&old->fin_dat, &fin->fin_dat, sizeof(old->fin_dat)); - fin->fin_out = old->fin_out; - fin->fin_rev = old->fin_rev; - fin->fin_hlen = old->fin_hlen; - fin->fin_tcpf = old->ofin_tcpf; - fin->fin_icode = old->fin_icode; - fin->fin_rule = old->fin_rule; - bcopy(old->fin_group, fin->fin_group, sizeof(old->fin_group)); - fin->fin_fr = old->fin_fr; - fin->fin_dp = old->fin_dp; - fin->fin_dlen = old->fin_dlen; - fin->fin_plen = old->fin_plen; - fin->fin_ipoff = old->fin_ipoff; - fin->fin_id = old->fin_id; - fin->fin_off = old->fin_off; - fin->fin_depth = old->fin_depth; - fin->fin_error = old->fin_error; - fin->fin_cksum = old->fin_cksum; - fin->fin_nattag = old->fin_nattag; - fin->fin_ip = old->ofin_ip; - fin->fin_mp = old->fin_mp; - fin->fin_m = old->fin_m; -#ifdef MENTAT - fin->fin_qfm = old->fin_qfm; - fin->fin_qpi = old->fin_qpi; -#endif -#ifdef __sgi - fin->fin_hbuf = old->fin_hbuf; -#endif -} - - -static void -fr_info_4_1_24_to_current(old, current) - fr_info_4_1_24_t *old; - void *current; -{ - fr_info_t *fin = (fr_info_t *)current; - - fin->fin_ifp = old->fin_ifp; - ipf_v4iptov5(&old->fin_fi, &fin->fin_fi); - bcopy(&old->fin_dat, &fin->fin_dat, sizeof(old->fin_dat)); - fin->fin_out = old->fin_out; - fin->fin_rev = old->fin_rev; - fin->fin_hlen = old->fin_hlen; - fin->fin_tcpf = old->ofin_tcpf; - fin->fin_icode = old->fin_icode; - fin->fin_rule = old->fin_rule; - bcopy(old->fin_group, fin->fin_group, sizeof(old->fin_group)); - fin->fin_fr = old->fin_fr; - fin->fin_dp = old->fin_dp; - fin->fin_dlen = old->fin_dlen; - fin->fin_plen = old->fin_plen; - fin->fin_ipoff = old->fin_ipoff; - fin->fin_id = old->fin_id; - fin->fin_off = old->fin_off; - fin->fin_depth = old->fin_depth; - fin->fin_error = old->fin_error; - fin->fin_cksum = old->fin_cksum; - fin->fin_nattag = old->fin_nattag; - fin->fin_ip = old->ofin_ip; - fin->fin_mp = old->fin_mp; - fin->fin_m = old->fin_m; -#ifdef MENTAT - fin->fin_qfm = old->fin_qfm; - fin->fin_qpi = old->fin_qpi; -#endif -#ifdef __sgi - fin->fin_hbuf = old->fin_hbuf; -#endif -} - - -static void -fr_info_4_1_23_to_current(old, current) - fr_info_4_1_23_t *old; - void *current; -{ - fr_info_t *fin = (fr_info_t *)current; - - fin->fin_ifp = old->fin_ifp; - ipf_v4iptov5(&old->fin_fi, &fin->fin_fi); - bcopy(&old->fin_dat, &fin->fin_dat, sizeof(old->fin_dat)); - fin->fin_out = old->fin_out; - fin->fin_rev = old->fin_rev; - fin->fin_hlen = old->fin_hlen; - fin->fin_tcpf = old->ofin_tcpf; - fin->fin_icode = old->fin_icode; - fin->fin_rule = old->fin_rule; - bcopy(old->fin_group, fin->fin_group, sizeof(old->fin_group)); - fin->fin_fr = old->fin_fr; - fin->fin_dp = old->fin_dp; - fin->fin_dlen = old->fin_dlen; - fin->fin_plen = old->fin_plen; - fin->fin_ipoff = old->fin_ipoff; - fin->fin_id = old->fin_id; - fin->fin_off = old->fin_off; - fin->fin_depth = old->fin_depth; - fin->fin_error = old->fin_error; - fin->fin_nattag = old->fin_nattag; - fin->fin_ip = old->ofin_ip; - fin->fin_mp = old->fin_mp; - fin->fin_m = old->fin_m; -#ifdef MENTAT - fin->fin_qfm = old->fin_qfm; - fin->fin_qpi = old->fin_qpi; -#endif -#ifdef __sgi - fin->fin_hbuf = fin->fin_hbuf; -#endif -} - - -static void -fr_info_4_1_11_to_current(old, current) - fr_info_4_1_11_t *old; - void *current; -{ - fr_info_t *fin = (fr_info_t *)current; - - fin->fin_ifp = old->fin_ifp; - ipf_v4iptov5(&old->fin_fi, &fin->fin_fi); - bcopy(&old->fin_dat, &fin->fin_dat, sizeof(old->fin_dat)); - fin->fin_out = old->fin_out; - fin->fin_rev = old->fin_rev; - fin->fin_hlen = old->fin_hlen; - fin->fin_tcpf = old->ofin_tcpf; - fin->fin_icode = old->fin_icode; - fin->fin_rule = old->fin_rule; - bcopy(old->fin_group, fin->fin_group, sizeof(old->fin_group)); - fin->fin_fr = old->fin_fr; - fin->fin_dp = old->fin_dp; - fin->fin_dlen = old->fin_dlen; - fin->fin_plen = old->fin_plen; - fin->fin_ipoff = old->fin_ipoff; - fin->fin_id = old->fin_id; - fin->fin_off = old->fin_off; - fin->fin_depth = old->fin_depth; - fin->fin_error = old->fin_error; - fin->fin_nattag = old->fin_nattag; - fin->fin_ip = old->ofin_ip; - fin->fin_mp = old->fin_mp; - fin->fin_m = old->fin_m; -#ifdef MENTAT - fin->fin_qfm = old->fin_qfm; - fin->fin_qpi = old->fin_qpi; -#endif -#ifdef __sgi - fin->fin_hbuf = fin->fin_hbuf; -#endif -} - - -static void -nat_4_1_3_to_current(nat_4_1_3_t *old, nat_t *current) -{ - bzero((void *)current, sizeof(*current)); - bcopy((void *)old, (void *)current, sizeof(*old)); -} - - -static void -nat_4_1_14_to_current(nat_4_1_14_t *old, nat_t *current) -{ - bzero((void *)current, sizeof(*current)); - bcopy((void *)old, (void *)current, sizeof(*old)); -} - - -static void -nat_save_4_1_16_to_current(softc, old, current) - ipf_main_softc_t *softc; - nat_save_4_1_16_t *old; - void *current; -{ - nat_save_t *nats = (nat_save_t *)current; - - nats->ipn_next = old->ipn_next; - nat_4_1_14_to_current(&old->ipn_nat, &nats->ipn_nat); - bcopy(&old->ipn_ipnat, &nats->ipn_ipnat, sizeof(old->ipn_ipnat)); - frentry_4_1_16_to_current(softc, &old->ipn_fr, &nats->ipn_fr, 0); - nats->ipn_dsize = old->ipn_dsize; - bcopy(old->ipn_data, nats->ipn_data, sizeof(nats->ipn_data)); -} - - -static void -nat_save_4_1_14_to_current(softc, old, current) - ipf_main_softc_t *softc; - nat_save_4_1_14_t *old; - void *current; -{ - nat_save_t *nats = (nat_save_t *)current; - - nats->ipn_next = old->ipn_next; - nat_4_1_14_to_current(&old->ipn_nat, &nats->ipn_nat); - bcopy(&old->ipn_ipnat, &nats->ipn_ipnat, sizeof(old->ipn_ipnat)); - frentry_4_1_0_to_current(softc, &old->ipn_fr, &nats->ipn_fr, 0); - nats->ipn_dsize = old->ipn_dsize; - bcopy(old->ipn_data, nats->ipn_data, sizeof(nats->ipn_data)); -} - - -static void -nat_save_4_1_3_to_current(softc, old, current) - ipf_main_softc_t *softc; - nat_save_4_1_3_t *old; - void *current; -{ - nat_save_t *nats = (nat_save_t *)current; - - nats->ipn_next = old->ipn_next; - nat_4_1_3_to_current(&old->ipn_nat, &nats->ipn_nat); - ipnat_4_1_0_to_current(&old->ipn_ipnat, &nats->ipn_ipnat, 0); - frentry_4_1_0_to_current(softc, &old->ipn_fr, &nats->ipn_fr, 0); - nats->ipn_dsize = old->ipn_dsize; - bcopy(old->ipn_data, nats->ipn_data, sizeof(nats->ipn_data)); -} - - -static void -natstat_current_to_4_1_32(current, old) - void *current; - natstat_4_1_32_t *old; -{ - natstat_t *ns = (natstat_t *)current; - - old->ns_mapped[0] = ns->ns_side[0].ns_translated; - old->ns_mapped[1] = ns->ns_side[1].ns_translated; - old->ns_rules = ns->ns_side[0].ns_inuse + ns->ns_side[1].ns_inuse; - old->ns_added = ns->ns_side[0].ns_added + ns->ns_side[1].ns_added; - old->ns_expire = ns->ns_expire; - old->ns_inuse = ns->ns_side[0].ns_inuse + ns->ns_side[1].ns_inuse; - old->ns_logged = ns->ns_log_ok; - old->ns_logfail = ns->ns_log_fail; - old->ns_memfail = ns->ns_side[0].ns_memfail + ns->ns_side[1].ns_memfail; - old->ns_badnat = ns->ns_side[0].ns_badnat + ns->ns_side[1].ns_badnat; - old->ns_addtrpnt = ns->ns_addtrpnt; - old->ns_table[0] = ns->ns_side[0].ns_table; - old->ns_table[1] = ns->ns_side[1].ns_table; - old->ns_maptable = NULL; - old->ns_list = ns->ns_list; - old->ns_apslist = NULL; - old->ns_wilds = ns->ns_wilds; - old->ns_nattab_sz = ns->ns_nattab_sz; - old->ns_nattab_max = ns->ns_nattab_max; - old->ns_rultab_sz = ns->ns_rultab_sz; - old->ns_rdrtab_sz = ns->ns_rdrtab_sz; - old->ns_trpntab_sz = ns->ns_trpntab_sz; - old->ns_hostmap_sz = 0; - old->ns_instances = ns->ns_instances; - old->ns_maplist = ns->ns_maplist; - old->ns_bucketlen[0] = (u_long *)ns->ns_side[0].ns_bucketlen; - old->ns_bucketlen[1] = (u_long *)ns->ns_side[1].ns_bucketlen; - old->ns_ticks = ns->ns_ticks; - old->ns_orphans = ns->ns_orphans; - old->ns_uncreate[0][0] = ns->ns_side[0].ns_uncreate[0]; - old->ns_uncreate[0][1] = ns->ns_side[0].ns_uncreate[1]; - old->ns_uncreate[1][0] = ns->ns_side[1].ns_uncreate[0]; - old->ns_uncreate[1][1] = ns->ns_side[1].ns_uncreate[1]; -} - - -static void -natstat_current_to_4_1_27(current, old) - void *current; - natstat_4_1_27_t *old; -{ - natstat_t *ns = (natstat_t *)current; - - old->ns_mapped[0] = ns->ns_side[0].ns_translated; - old->ns_mapped[1] = ns->ns_side[1].ns_translated; - old->ns_rules = ns->ns_side[0].ns_inuse + ns->ns_side[1].ns_inuse; - old->ns_added = ns->ns_side[0].ns_added + ns->ns_side[1].ns_added; - old->ns_expire = ns->ns_expire; - old->ns_inuse = ns->ns_side[0].ns_inuse + ns->ns_side[1].ns_inuse; - old->ns_logged = ns->ns_log_ok; - old->ns_logfail = ns->ns_log_fail; - old->ns_memfail = ns->ns_side[0].ns_memfail + ns->ns_side[1].ns_memfail; - old->ns_badnat = ns->ns_side[0].ns_badnat + ns->ns_side[1].ns_badnat; - old->ns_addtrpnt = ns->ns_addtrpnt; - old->ns_table[0] = ns->ns_side[0].ns_table; - old->ns_table[1] = ns->ns_side[1].ns_table; - old->ns_maptable = NULL; - old->ns_list = ns->ns_list; - old->ns_apslist = NULL; - old->ns_wilds = ns->ns_wilds; - old->ns_nattab_sz = ns->ns_nattab_sz; - old->ns_nattab_max = ns->ns_nattab_max; - old->ns_rultab_sz = ns->ns_rultab_sz; - old->ns_rdrtab_sz = ns->ns_rdrtab_sz; - old->ns_trpntab_sz = ns->ns_trpntab_sz; - old->ns_hostmap_sz = 0; - old->ns_instances = ns->ns_instances; - old->ns_maplist = ns->ns_maplist; - old->ns_bucketlen[0] = (u_long *)ns->ns_side[0].ns_bucketlen; - old->ns_bucketlen[1] = (u_long *)ns->ns_side[1].ns_bucketlen; - old->ns_ticks = ns->ns_ticks; - old->ns_orphans = ns->ns_orphans; -} - - -static void -natstat_current_to_4_1_16(current, old) - void *current; - natstat_4_1_16_t *old; -{ - natstat_t *ns = (natstat_t *)current; - - old->ns_mapped[0] = ns->ns_side[0].ns_translated; - old->ns_mapped[1] = ns->ns_side[1].ns_translated; - old->ns_rules = ns->ns_side[0].ns_inuse + ns->ns_side[1].ns_inuse; - old->ns_added = ns->ns_side[0].ns_added + ns->ns_side[1].ns_added; - old->ns_expire = ns->ns_expire; - old->ns_inuse = ns->ns_side[0].ns_inuse + ns->ns_side[1].ns_inuse; - old->ns_logged = ns->ns_log_ok; - old->ns_logfail = ns->ns_log_fail; - old->ns_memfail = ns->ns_side[0].ns_memfail + ns->ns_side[1].ns_memfail; - old->ns_badnat = ns->ns_side[0].ns_badnat + ns->ns_side[1].ns_badnat; - old->ns_addtrpnt = ns->ns_addtrpnt; - old->ns_table[0] = ns->ns_side[0].ns_table; - old->ns_table[1] = ns->ns_side[1].ns_table; - old->ns_maptable = NULL; - old->ns_list = ns->ns_list; - old->ns_apslist = NULL; - old->ns_wilds = ns->ns_wilds; - old->ns_nattab_sz = ns->ns_nattab_sz; - old->ns_nattab_max = ns->ns_nattab_max; - old->ns_rultab_sz = ns->ns_rultab_sz; - old->ns_rdrtab_sz = ns->ns_rdrtab_sz; - old->ns_trpntab_sz = ns->ns_trpntab_sz; - old->ns_hostmap_sz = 0; - old->ns_instances = ns->ns_instances; - old->ns_maplist = ns->ns_maplist; - old->ns_bucketlen[0] = (u_long *)ns->ns_side[0].ns_bucketlen; - old->ns_bucketlen[1] = (u_long *)ns->ns_side[1].ns_bucketlen; - old->ns_ticks = ns->ns_ticks; -} - - -static void -natstat_current_to_4_1_0(current, old) - void *current; - natstat_4_1_0_t *old; -{ - natstat_t *ns = (natstat_t *)current; - - old->ns_mapped[0] = ns->ns_side[0].ns_translated; - old->ns_mapped[1] = ns->ns_side[1].ns_translated; - old->ns_rules = ns->ns_side[0].ns_inuse + ns->ns_side[1].ns_inuse; - old->ns_added = ns->ns_side[0].ns_added + ns->ns_side[1].ns_added; - old->ns_expire = ns->ns_expire; - old->ns_inuse = ns->ns_side[0].ns_inuse + ns->ns_side[1].ns_inuse; - old->ns_logged = ns->ns_log_ok; - old->ns_logfail = ns->ns_log_fail; - old->ns_memfail = ns->ns_side[0].ns_memfail + ns->ns_side[1].ns_memfail; - old->ns_badnat = ns->ns_side[0].ns_badnat + ns->ns_side[1].ns_badnat; - old->ns_addtrpnt = ns->ns_addtrpnt; - old->ns_table[0] = ns->ns_side[0].ns_table; - old->ns_table[1] = ns->ns_side[1].ns_table; - old->ns_maptable = NULL; - old->ns_list = ns->ns_list; - old->ns_apslist = NULL; - old->ns_wilds = ns->ns_wilds; - old->ns_nattab_sz = ns->ns_nattab_sz; - old->ns_nattab_max = ns->ns_nattab_max; - old->ns_rultab_sz = ns->ns_rultab_sz; - old->ns_rdrtab_sz = ns->ns_rdrtab_sz; - old->ns_trpntab_sz = ns->ns_trpntab_sz; - old->ns_hostmap_sz = 0; - old->ns_instances = ns->ns_instances; - old->ns_maplist = ns->ns_maplist; - old->ns_bucketlen[0] = (u_long *)ns->ns_side[0].ns_bucketlen; - old->ns_bucketlen[1] = (u_long *)ns->ns_side[1].ns_bucketlen; -} - - -static void -ipstate_save_current_to_4_1_16(current, old) - void *current; - ipstate_save_4_1_16_t *old; -{ - ipstate_save_t *ips = (ipstate_save_t *)current; - - old->ips_next = ips->ips_next; - ipstate_current_to_4_1_0(&ips->ips_is, &old->ips_is); - frentry_current_to_4_1_16(&ips->ips_fr, &old->ips_fr); -} - - -static void -ipstate_save_current_to_4_1_0(current, old) - void *current; - ipstate_save_4_1_0_t *old; -{ - ipstate_save_t *ips = (ipstate_save_t *)current; - - old->ips_next = ips->ips_next; - ipstate_current_to_4_1_0(&ips->ips_is, &old->ips_is); - frentry_current_to_4_1_0(&ips->ips_fr, &old->ips_fr); -} - - -int -ipf_out_compat(softc, obj, ptr) - ipf_main_softc_t *softc; - ipfobj_t *obj; - void *ptr; -{ - frentry_t *fr; - int error; - - IPFERROR(140042); - error = EINVAL; - - switch (obj->ipfo_type) - { - default : - break; - - case IPFOBJ_FRENTRY : - if (obj->ipfo_rev >= 4013400) { - frentry_4_1_34_t *old; - - KMALLOC(old, frentry_4_1_34_t *); - if (old == NULL) { - IPFERROR(140043); - error = ENOMEM; - break; - } - frentry_current_to_4_1_34(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error == 0 && old->fr_dsize > 0) { - char *dst = obj->ipfo_ptr; - - fr = ptr; - dst += sizeof(*old); - error = COPYOUT(fr->fr_data, dst, - old->fr_dsize); - if (error != 0) { - IPFERROR(140044); - } - } - KFREE(old); - obj->ipfo_size = sizeof(*old); - } else if (obj->ipfo_rev >= 4011600) { - frentry_4_1_16_t *old; - - KMALLOC(old, frentry_4_1_16_t *); - if (old == NULL) { - IPFERROR(140045); - error = ENOMEM; - break; - } - frentry_current_to_4_1_16(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140046); - } - KFREE(old); - obj->ipfo_size = sizeof(*old); - } else { - frentry_4_1_0_t *old; - - KMALLOC(old, frentry_4_1_0_t *); - if (old == NULL) { - IPFERROR(140047); - error = ENOMEM; - break; - } - frentry_current_to_4_1_0(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140048); - } - KFREE(old); - obj->ipfo_size = sizeof(*old); - } - break; - - case IPFOBJ_IPFSTAT : - if (obj->ipfo_rev >= 4013300) { - friostat_4_1_33_t *old; - - KMALLOC(old, friostat_4_1_33_t *); - if (old == NULL) { - IPFERROR(140049); - error = ENOMEM; - break; - } - friostat_current_to_4_1_33(ptr, old, obj->ipfo_rev); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140050); - } - KFREE(old); - } else { - friostat_4_1_0_t *old; - - KMALLOC(old, friostat_4_1_0_t *); - if (old == NULL) { - IPFERROR(140051); - error = ENOMEM; - break; - } - friostat_current_to_4_1_0(ptr, old, obj->ipfo_rev); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140052); - } - KFREE(old); - } - break; - - case IPFOBJ_IPFINFO : /* unused */ - break; - - case IPFOBJ_IPNAT : - if (obj->ipfo_rev >= 4011400) { - ipnat_4_1_14_t *old; - - KMALLOC(old, ipnat_4_1_14_t *); - if (old == NULL) { - IPFERROR(140053); - error = ENOMEM; - break; - } - ipnat_current_to_4_1_14(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140054); - } - KFREE(old); - } else { - ipnat_4_1_0_t *old; - - KMALLOC(old, ipnat_4_1_0_t *); - if (old == NULL) { - IPFERROR(140055); - error = ENOMEM; - break; - } - ipnat_current_to_4_1_0(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140056); - } - KFREE(old); - } - break; - - case IPFOBJ_NATSTAT : - if (obj->ipfo_rev >= 4013200) { - natstat_4_1_32_t *old; - - KMALLOC(old, natstat_4_1_32_t *); - if (old == NULL) { - IPFERROR(140057); - error = ENOMEM; - break; - } - natstat_current_to_4_1_32(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140058); - } - KFREE(old); - } else if (obj->ipfo_rev >= 4012700) { - natstat_4_1_27_t *old; - - KMALLOC(old, natstat_4_1_27_t *); - if (old == NULL) { - IPFERROR(140059); - error = ENOMEM; - break; - } - natstat_current_to_4_1_27(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140060); - } - KFREE(old); - } else if (obj->ipfo_rev >= 4011600) { - natstat_4_1_16_t *old; - - KMALLOC(old, natstat_4_1_16_t *); - if (old == NULL) { - IPFERROR(140061); - error = ENOMEM; - break; - } - natstat_current_to_4_1_16(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140062); - } - KFREE(old); - } else { - natstat_4_1_0_t *old; - - KMALLOC(old, natstat_4_1_0_t *); - if (old == NULL) { - IPFERROR(140063); - error = ENOMEM; - break; - } - natstat_current_to_4_1_0(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140064); - } - KFREE(old); - } - break; - - case IPFOBJ_STATESAVE : - if (obj->ipfo_rev >= 4011600) { - ipstate_save_4_1_16_t *old; - - KMALLOC(old, ipstate_save_4_1_16_t *); - if (old == NULL) { - IPFERROR(140065); - error = ENOMEM; - break; - } - ipstate_save_current_to_4_1_16(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140066); - } - KFREE(old); - } else { - ipstate_save_4_1_0_t *old; - - KMALLOC(old, ipstate_save_4_1_0_t *); - if (old == NULL) { - IPFERROR(140067); - error = ENOMEM; - break; - } - ipstate_save_current_to_4_1_0(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140068); - } - KFREE(old); - } - break; - - case IPFOBJ_NATSAVE : - if (obj->ipfo_rev >= 4011600) { - nat_save_4_1_16_t *old16; - - KMALLOC(old16, nat_save_4_1_16_t *); - if (old16 == NULL) { - IPFERROR(140069); - error = ENOMEM; - break; - } - nat_save_current_to_4_1_16(ptr, old16); - error = COPYOUT(&old16, obj->ipfo_ptr, sizeof(*old16)); - if (error != 0) { - IPFERROR(140070); - } - KFREE(old16); - } else if (obj->ipfo_rev >= 4011400) { - nat_save_4_1_14_t *old14; - - KMALLOC(old14, nat_save_4_1_14_t *); - if (old14 == NULL) { - IPFERROR(140071); - error = ENOMEM; - break; - } - nat_save_current_to_4_1_14(ptr, old14); - error = COPYOUT(&old14, obj->ipfo_ptr, sizeof(*old14)); - if (error != 0) { - IPFERROR(140072); - } - KFREE(old14); - } else if (obj->ipfo_rev >= 4010300) { - nat_save_4_1_3_t *old3; - - KMALLOC(old3, nat_save_4_1_3_t *); - if (old3 == NULL) { - IPFERROR(140073); - error = ENOMEM; - break; - } - nat_save_current_to_4_1_3(ptr, old3); - error = COPYOUT(&old3, obj->ipfo_ptr, sizeof(*old3)); - if (error != 0) { - IPFERROR(140074); - } - KFREE(old3); - } - break; - - case IPFOBJ_IPSTATE : - if (obj->ipfo_rev >= 4011600) { - ipstate_4_1_16_t *old; - - KMALLOC(old, ipstate_4_1_16_t *); - if (old == NULL) { - IPFERROR(140075); - error = ENOMEM; - break; - } - ipstate_current_to_4_1_16(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140076); - } - KFREE(old); - } else { - ipstate_4_1_0_t *old; - - KMALLOC(old, ipstate_4_1_0_t *); - if (old == NULL) { - IPFERROR(140077); - error = ENOMEM; - break; - } - ipstate_current_to_4_1_0(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140078); - } - KFREE(old); - } - break; - - case IPFOBJ_STATESTAT : - if (obj->ipfo_rev >= 4012100) { - ips_stat_4_1_21_t *old; - - KMALLOC(old, ips_stat_4_1_21_t *); - if (old == NULL) { - IPFERROR(140079); - error = ENOMEM; - break; - } - ips_stat_current_to_4_1_21(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140080); - } - KFREE(old); - } else { - ips_stat_4_1_0_t *old; - - KMALLOC(old, ips_stat_4_1_0_t *); - if (old == NULL) { - IPFERROR(140081); - error = ENOMEM; - break; - } - ips_stat_current_to_4_1_0(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140082); - } - KFREE(old); - } - break; - - case IPFOBJ_FRAUTH : - if (obj->ipfo_rev >= 4012900) { - frauth_4_1_29_t *old29; - - KMALLOC(old29, frauth_4_1_29_t *); - if (old29 == NULL) { - IPFERROR(140083); - error = ENOMEM; - break; - } - frauth_current_to_4_1_29(ptr, old29); - error = COPYOUT(old29, obj->ipfo_ptr, sizeof(*old29)); - if (error != 0) { - IPFERROR(140084); - } - KFREE(old29); - } else if (obj->ipfo_rev >= 4012400) { - frauth_4_1_24_t *old24; - - KMALLOC(old24, frauth_4_1_24_t *); - if (old24 == NULL) { - IPFERROR(140085); - error = ENOMEM; - break; - } - frauth_current_to_4_1_24(ptr, old24); - error = COPYOUT(old24, obj->ipfo_ptr, sizeof(*old24)); - if (error != 0) { - IPFERROR(140086); - } - KFREE(old24); - } else if (obj->ipfo_rev >= 4012300) { - frauth_4_1_23_t *old23; - - KMALLOC(old23, frauth_4_1_23_t *); - if (old23 == NULL) { - IPFERROR(140087); - error = ENOMEM; - break; - } - frauth_current_to_4_1_23(ptr, old23); - error = COPYOUT(old23, obj->ipfo_ptr, sizeof(*old23)); - if (error != 0) { - IPFERROR(140088); - } - KFREE(old23); - } else if (obj->ipfo_rev >= 4011100) { - frauth_4_1_11_t *old11; - - KMALLOC(old11, frauth_4_1_11_t *); - if (old11 == NULL) { - IPFERROR(140089); - error = ENOMEM; - break; - } - frauth_current_to_4_1_11(ptr, old11); - error = COPYOUT(old11, obj->ipfo_ptr, sizeof(*old11)); - if (error != 0) { - IPFERROR(140090); - } - KFREE(old11); - } - break; - - case IPFOBJ_NAT : - if (obj->ipfo_rev >= 4012500) { - nat_4_1_25_t *old; - - KMALLOC(old, nat_4_1_25_t *); - if (old == NULL) { - IPFERROR(140091); - error = ENOMEM; - break; - } - nat_current_to_4_1_25(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140092); - } - KFREE(old); - } else if (obj->ipfo_rev >= 4011400) { - nat_4_1_14_t *old; - - KMALLOC(old, nat_4_1_14_t *); - if (old == NULL) { - IPFERROR(140093); - error = ENOMEM; - break; - } - nat_current_to_4_1_14(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140094); - } - KFREE(old); - } else if (obj->ipfo_rev >= 4010300) { - nat_4_1_3_t *old; - - KMALLOC(old, nat_4_1_3_t *); - if (old == NULL) { - IPFERROR(140095); - error = ENOMEM; - break; - } - nat_current_to_4_1_3(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140096); - } - KFREE(old); - } - break; - - case IPFOBJ_FRIPF : - if (obj->ipfo_rev < 5000000) { - fripf4_t *old; - - KMALLOC(old, fripf4_t *); - if (old == NULL) { - IPFERROR(140097); - error = ENOMEM; - break; - } - ipf_v5fripftov4(ptr, old); - error = COPYOUT(old, obj->ipfo_ptr, sizeof(*old)); - if (error != 0) { - IPFERROR(140098); - } - KFREE(old); - } - break; - } - return error; -} - - -static void -friostat_current_to_4_1_33(current, old, rev) - void *current; - friostat_4_1_33_t *old; - int rev; -{ - friostat_t *fiop = (friostat_t *)current; - - bcopy(&fiop->f_st[0].fr_pass, &old->of_st[0], sizeof(old->of_st[0])); - bcopy(&fiop->f_st[1].fr_pass, &old->of_st[1], sizeof(old->of_st[1])); - - old->f_ipf[0][0] = fiop->f_ipf[0][0]; - old->f_ipf[0][1] = fiop->f_ipf[0][1]; - old->f_ipf[1][0] = fiop->f_ipf[1][0]; - old->f_ipf[1][1] = fiop->f_ipf[1][1]; - old->f_acct[0][0] = fiop->f_acct[0][0]; - old->f_acct[0][1] = fiop->f_acct[0][1]; - old->f_acct[1][0] = fiop->f_acct[1][0]; - old->f_acct[1][1] = fiop->f_acct[1][1]; - old->f_ipf6[0][0] = NULL; - old->f_ipf6[0][1] = NULL; - old->f_ipf6[1][0] = NULL; - old->f_ipf6[1][1] = NULL; - old->f_acct6[0][0] = NULL; - old->f_acct6[0][1] = NULL; - old->f_acct6[1][0] = NULL; - old->f_acct6[1][1] = NULL; - old->f_auth = fiop->f_auth; - bcopy(&fiop->f_groups, &old->f_groups, sizeof(old->f_groups)); - bcopy(&fiop->f_froute, &old->f_froute, sizeof(old->f_froute)); - old->f_ticks = fiop->f_ticks; - bcopy(&fiop->f_locks, &old->f_locks, sizeof(old->f_locks)); - old->f_kmutex_sz = 0; - old->f_krwlock_sz = 0; - old->f_defpass = fiop->f_defpass; - old->f_active = fiop->f_active; - old->f_running = fiop->f_running; - old->f_logging = fiop->f_logging; - old->f_features = fiop->f_features; - sprintf(old->f_version, "IP Filter: v%d.%d.%d", - (rev / 1000000) % 100, - (rev / 10000) % 100, - (rev / 100) % 100); -} - - -static void -friostat_current_to_4_1_0(current, old, rev) - void *current; - friostat_4_1_0_t *old; - int rev; -{ - friostat_t *fiop = (friostat_t *)current; - - bcopy(&fiop->f_st[0].fr_pass, &old->of_st[0], sizeof(old->of_st[0])); - bcopy(&fiop->f_st[1].fr_pass, &old->of_st[1], sizeof(old->of_st[1])); - - old->f_ipf[0][0] = fiop->f_ipf[0][0]; - old->f_ipf[0][1] = fiop->f_ipf[0][1]; - old->f_ipf[1][0] = fiop->f_ipf[1][0]; - old->f_ipf[1][1] = fiop->f_ipf[1][1]; - old->f_acct[0][0] = fiop->f_acct[0][0]; - old->f_acct[0][1] = fiop->f_acct[0][1]; - old->f_acct[1][0] = fiop->f_acct[1][0]; - old->f_acct[1][1] = fiop->f_acct[1][1]; - old->f_ipf6[0][0] = NULL; - old->f_ipf6[0][1] = NULL; - old->f_ipf6[1][0] = NULL; - old->f_ipf6[1][1] = NULL; - old->f_acct6[0][0] = NULL; - old->f_acct6[0][1] = NULL; - old->f_acct6[1][0] = NULL; - old->f_acct6[1][1] = NULL; - old->f_auth = fiop->f_auth; - bcopy(&fiop->f_groups, &old->f_groups, sizeof(old->f_groups)); - bcopy(&fiop->f_froute, &old->f_froute, sizeof(old->f_froute)); - old->f_ticks = fiop->f_ticks; - old->f_ipf[0][0] = fiop->f_ipf[0][0]; - old->f_ipf[0][1] = fiop->f_ipf[0][1]; - old->f_ipf[1][0] = fiop->f_ipf[1][0]; - old->f_ipf[1][1] = fiop->f_ipf[1][1]; - old->f_acct[0][0] = fiop->f_acct[0][0]; - old->f_acct[0][1] = fiop->f_acct[0][1]; - old->f_acct[1][0] = fiop->f_acct[1][0]; - old->f_acct[1][1] = fiop->f_acct[1][1]; - old->f_ipf6[0][0] = NULL; - old->f_ipf6[0][1] = NULL; - old->f_ipf6[1][0] = NULL; - old->f_ipf6[1][1] = NULL; - old->f_acct6[0][0] = NULL; - old->f_acct6[0][1] = NULL; - old->f_acct6[1][0] = NULL; - old->f_acct6[1][1] = NULL; - old->f_auth = fiop->f_auth; - bcopy(&fiop->f_groups, &old->f_groups, sizeof(old->f_groups)); - bcopy(&fiop->f_froute, &old->f_froute, sizeof(old->f_froute)); - old->f_ticks = fiop->f_ticks; - bcopy(&fiop->f_locks, &old->f_locks, sizeof(old->f_locks)); - old->f_kmutex_sz = 0; - old->f_krwlock_sz = 0; - old->f_defpass = fiop->f_defpass; - old->f_active = fiop->f_active; - old->f_running = fiop->f_running; - old->f_logging = fiop->f_logging; - old->f_features = fiop->f_features; - sprintf(old->f_version, "IP Filter: v%d.%d.%d", - (rev / 1000000) % 100, - (rev / 10000) % 100, - (rev / 100) % 100); -} - - -/* - * nflags is v5 flags, returns v4 flags. - */ -static int -fr_frflags5to4(nflags) - u_32_t nflags; -{ - u_32_t oflags = 0; - - switch (nflags & FR_CMDMASK) { - case FR_CALL : - oflags = 0x0; - break; - case FR_BLOCK : - oflags = 0x1; - break; - case FR_PASS : - oflags = 0x2; - break; - case FR_AUTH : - oflags = 0x3; - break; - case FR_PREAUTH : - oflags = 0x4; - break; - case FR_ACCOUNT : - oflags = 0x5; - break; - case FR_SKIP : - oflags = 0x6; - break; - default : - break; - } - - if (nflags & FR_LOG) - oflags |= 0x00010; - if (nflags & FR_CALLNOW) - oflags |= 0x00020; - if (nflags & FR_NOTSRCIP) - oflags |= 0x00080; - if (nflags & FR_NOTDSTIP) - oflags |= 0x00040; - if (nflags & FR_QUICK) - oflags |= 0x00100; - if (nflags & FR_KEEPFRAG) - oflags |= 0x00200; - if (nflags & FR_KEEPSTATE) - oflags |= 0x00400; - if (nflags & FR_FASTROUTE) - oflags |= 0x00800; - if (nflags & FR_RETRST) - oflags |= 0x01000; - if (nflags & FR_RETICMP) - oflags |= 0x02000; - if (nflags & FR_FAKEICMP) - oflags |= 0x03000; - if (nflags & FR_OUTQUE) - oflags |= 0x04000; - if (nflags & FR_INQUE) - oflags |= 0x08000; - if (nflags & FR_LOGBODY) - oflags |= 0x10000; - if (nflags & FR_LOGFIRST) - oflags |= 0x20000; - if (nflags & FR_LOGORBLOCK) - oflags |= 0x40000; - if (nflags & FR_FRSTRICT) - oflags |= 0x100000; - if (nflags & FR_STSTRICT) - oflags |= 0x200000; - if (nflags & FR_NEWISN) - oflags |= 0x400000; - if (nflags & FR_NOICMPERR) - oflags |= 0x800000; - if (nflags & FR_STATESYNC) - oflags |= 0x1000000; - if (nflags & FR_NOMATCH) - oflags |= 0x8000000; - if (nflags & FR_COPIED) - oflags |= 0x40000000; - if (nflags & FR_INACTIVE) - oflags |= 0x80000000; - - return oflags; -} - - -static void -frentry_current_to_4_1_34(current, old) - void *current; - frentry_4_1_34_t *old; -{ - frentry_t *fr = (frentry_t *)current; - - old->fr_lock = fr->fr_lock; - old->fr_next = fr->fr_next; - old->fr_grp = (void *)fr->fr_grp; - old->fr_isc = fr->fr_isc; - old->fr_ifas[0] = fr->fr_ifas[0]; - old->fr_ifas[1] = fr->fr_ifas[1]; - old->fr_ifas[2] = fr->fr_ifas[2]; - old->fr_ifas[3] = fr->fr_ifas[3]; - old->fr_ptr = fr->fr_ptr; - old->fr_comment = NULL; - old->fr_ref = fr->fr_ref; - old->fr_statecnt = fr->fr_statecnt; - old->fr_hits = fr->fr_hits; - old->fr_bytes = fr->fr_bytes; - old->fr_lastpkt.tv_sec = fr->fr_lastpkt.tv_sec; - old->fr_lastpkt.tv_usec = fr->fr_lastpkt.tv_usec; - old->fr_curpps = fr->fr_curpps; - old->fr_dun.fru_data = fr->fr_dun.fru_data; - old->fr_func = fr->fr_func; - old->fr_dsize = fr->fr_dsize; - old->fr_pps = fr->fr_pps; - old->fr_statemax = fr->fr_statemax; - old->fr_flineno = fr->fr_flineno; - old->fr_type = fr->fr_type; - old->fr_flags = fr_frflags5to4(fr->fr_flags); - old->fr_logtag = fr->fr_logtag; - old->fr_collect = fr->fr_collect; - old->fr_arg = fr->fr_arg; - old->fr_loglevel = fr->fr_loglevel; - old->fr_age[0] = fr->fr_age[0]; - old->fr_age[1] = fr->fr_age[1]; - if (fr->fr_family == AF_INET) - old->fr_v = 4; - if (fr->fr_family == AF_INET6) - old->fr_v = 6; - old->fr_icode = fr->fr_icode; - old->fr_cksum = fr->fr_cksum; - old->fr_tifs[0].ofd_ip6 = fr->fr_tifs[0].fd_ip6; - old->fr_tifs[1].ofd_ip6 = fr->fr_tifs[0].fd_ip6; - old->fr_dif.ofd_ip6 = fr->fr_dif.fd_ip6; - if (fr->fr_ifnames[0] >= 0) { - strncpy(old->fr_ifnames[0], fr->fr_names + fr->fr_ifnames[0], - LIFNAMSIZ); - old->fr_ifnames[0][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_ifnames[1] >= 0) { - strncpy(old->fr_ifnames[1], fr->fr_names + fr->fr_ifnames[1], - LIFNAMSIZ); - old->fr_ifnames[1][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_ifnames[2] >= 0) { - strncpy(old->fr_ifnames[2], fr->fr_names + fr->fr_ifnames[2], - LIFNAMSIZ); - old->fr_ifnames[2][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_ifnames[3] >= 0) { - strncpy(old->fr_ifnames[3], fr->fr_names + fr->fr_ifnames[3], - LIFNAMSIZ); - old->fr_ifnames[3][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_tifs[0].fd_name >= 0) { - strncpy(old->fr_tifs[0].fd_ifname, - fr->fr_names + fr->fr_tifs[0].fd_name, LIFNAMSIZ); - old->fr_tifs[0].fd_ifname[LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_tifs[1].fd_name >= 0) { - strncpy(old->fr_tifs[1].fd_ifname, - fr->fr_names + fr->fr_tifs[1].fd_name, LIFNAMSIZ); - old->fr_tifs[1].fd_ifname[LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_dif.fd_name >= 0) { - strncpy(old->fr_dif.fd_ifname, - fr->fr_names + fr->fr_dif.fd_name, LIFNAMSIZ); - old->fr_dif.fd_ifname[LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_group >= 0) { - strncpy(old->fr_group, fr->fr_names + fr->fr_group, - FR_GROUPLEN); - old->fr_group[FR_GROUPLEN - 1] = '\0'; - } - if (fr->fr_grhead >= 0) { - strncpy(old->fr_grhead, fr->fr_names + fr->fr_grhead, - FR_GROUPLEN); - old->fr_grhead[FR_GROUPLEN - 1] = '\0'; - } -} - - -static void -frentry_current_to_4_1_16(current, old) - void *current; - frentry_4_1_16_t *old; -{ - frentry_t *fr = (frentry_t *)current; - - old->fr_lock = fr->fr_lock; - old->fr_next = fr->fr_next; - old->fr_grp = (void *)fr->fr_grp; - old->fr_isc = fr->fr_isc; - old->fr_ifas[0] = fr->fr_ifas[0]; - old->fr_ifas[1] = fr->fr_ifas[1]; - old->fr_ifas[2] = fr->fr_ifas[2]; - old->fr_ifas[3] = fr->fr_ifas[3]; - old->fr_ptr = fr->fr_ptr; - old->fr_comment = NULL; - old->fr_ref = fr->fr_ref; - old->fr_statecnt = fr->fr_statecnt; - old->fr_hits = fr->fr_hits; - old->fr_bytes = fr->fr_bytes; - old->fr_lastpkt.tv_sec = fr->fr_lastpkt.tv_sec; - old->fr_lastpkt.tv_usec = fr->fr_lastpkt.tv_usec; - old->fr_curpps = fr->fr_curpps; - old->fr_dun.fru_data = fr->fr_dun.fru_data; - old->fr_func = fr->fr_func; - old->fr_dsize = fr->fr_dsize; - old->fr_pps = fr->fr_pps; - old->fr_statemax = fr->fr_statemax; - old->fr_flineno = fr->fr_flineno; - old->fr_type = fr->fr_type; - old->fr_flags = fr_frflags5to4(fr->fr_flags); - old->fr_logtag = fr->fr_logtag; - old->fr_collect = fr->fr_collect; - old->fr_arg = fr->fr_arg; - old->fr_loglevel = fr->fr_loglevel; - old->fr_age[0] = fr->fr_age[0]; - old->fr_age[1] = fr->fr_age[1]; - if (old->fr_v == 4) - fr->fr_family = AF_INET; - if (old->fr_v == 6) - fr->fr_family = AF_INET6; - old->fr_icode = fr->fr_icode; - old->fr_cksum = fr->fr_cksum; - old->fr_tifs[0].ofd_ip6 = fr->fr_tifs[0].fd_ip6; - old->fr_tifs[1].ofd_ip6 = fr->fr_tifs[0].fd_ip6; - old->fr_dif.ofd_ip6 = fr->fr_dif.fd_ip6; - if (fr->fr_ifnames[0] >= 0) { - strncpy(old->fr_ifnames[0], fr->fr_names + fr->fr_ifnames[0], - LIFNAMSIZ); - old->fr_ifnames[0][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_ifnames[1] >= 0) { - strncpy(old->fr_ifnames[1], fr->fr_names + fr->fr_ifnames[1], - LIFNAMSIZ); - old->fr_ifnames[1][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_ifnames[2] >= 0) { - strncpy(old->fr_ifnames[2], fr->fr_names + fr->fr_ifnames[2], - LIFNAMSIZ); - old->fr_ifnames[2][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_ifnames[3] >= 0) { - strncpy(old->fr_ifnames[3], fr->fr_names + fr->fr_ifnames[3], - LIFNAMSIZ); - old->fr_ifnames[3][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_tifs[0].fd_name >= 0) { - strncpy(old->fr_tifs[0].fd_ifname, - fr->fr_names + fr->fr_tifs[0].fd_name, LIFNAMSIZ); - old->fr_tifs[0].fd_ifname[LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_tifs[1].fd_name >= 0) { - strncpy(old->fr_tifs[1].fd_ifname, - fr->fr_names + fr->fr_tifs[1].fd_name, LIFNAMSIZ); - old->fr_tifs[1].fd_ifname[LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_dif.fd_name >= 0) { - strncpy(old->fr_dif.fd_ifname, - fr->fr_names + fr->fr_dif.fd_name, LIFNAMSIZ); - old->fr_dif.fd_ifname[LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_group >= 0) { - strncpy(old->fr_group, fr->fr_names + fr->fr_group, - FR_GROUPLEN); - old->fr_group[FR_GROUPLEN - 1] = '\0'; - } - if (fr->fr_grhead >= 0) { - strncpy(old->fr_grhead, fr->fr_names + fr->fr_grhead, - FR_GROUPLEN); - old->fr_grhead[FR_GROUPLEN - 1] = '\0'; - } -} - - -static void -frentry_current_to_4_1_0(current, old) - void *current; - frentry_4_1_0_t *old; -{ - frentry_t *fr = (frentry_t *)current; - - old->fr_lock = fr->fr_lock; - old->fr_next = fr->fr_next; - old->fr_grp = (void *)fr->fr_grp; - old->fr_isc = fr->fr_isc; - old->fr_ifas[0] = fr->fr_ifas[0]; - old->fr_ifas[1] = fr->fr_ifas[1]; - old->fr_ifas[2] = fr->fr_ifas[2]; - old->fr_ifas[3] = fr->fr_ifas[3]; - old->fr_ptr = fr->fr_ptr; - old->fr_comment = NULL; - old->fr_ref = fr->fr_ref; - old->fr_statecnt = fr->fr_statecnt; - old->fr_hits = fr->fr_hits; - old->fr_bytes = fr->fr_bytes; - old->fr_lastpkt.tv_sec = fr->fr_lastpkt.tv_sec; - old->fr_lastpkt.tv_usec = fr->fr_lastpkt.tv_usec; - old->fr_curpps = fr->fr_curpps; - old->fr_dun.fru_data = fr->fr_dun.fru_data; - old->fr_func = fr->fr_func; - old->fr_dsize = fr->fr_dsize; - old->fr_pps = fr->fr_pps; - old->fr_statemax = fr->fr_statemax; - old->fr_flineno = fr->fr_flineno; - old->fr_type = fr->fr_type; - old->fr_flags = fr_frflags5to4(fr->fr_flags); - old->fr_logtag = fr->fr_logtag; - old->fr_collect = fr->fr_collect; - old->fr_arg = fr->fr_arg; - old->fr_loglevel = fr->fr_loglevel; - old->fr_age[0] = fr->fr_age[0]; - old->fr_age[1] = fr->fr_age[1]; - if (old->fr_v == 4) - fr->fr_family = AF_INET; - if (old->fr_v == 6) - fr->fr_family = AF_INET6; - old->fr_icode = fr->fr_icode; - old->fr_cksum = fr->fr_cksum; - old->fr_tifs[0].ofd_ip6 = fr->fr_tifs[0].fd_ip6; - old->fr_tifs[1].ofd_ip6 = fr->fr_tifs[0].fd_ip6; - old->fr_dif.ofd_ip6 = fr->fr_dif.fd_ip6; - if (fr->fr_ifnames[0] >= 0) { - strncpy(old->fr_ifnames[0], fr->fr_names + fr->fr_ifnames[0], - LIFNAMSIZ); - old->fr_ifnames[0][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_ifnames[1] >= 0) { - strncpy(old->fr_ifnames[1], fr->fr_names + fr->fr_ifnames[1], - LIFNAMSIZ); - old->fr_ifnames[1][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_ifnames[2] >= 0) { - strncpy(old->fr_ifnames[2], fr->fr_names + fr->fr_ifnames[2], - LIFNAMSIZ); - old->fr_ifnames[2][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_ifnames[3] >= 0) { - strncpy(old->fr_ifnames[3], fr->fr_names + fr->fr_ifnames[3], - LIFNAMSIZ); - old->fr_ifnames[3][LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_tifs[0].fd_name >= 0) { - strncpy(old->fr_tifs[0].fd_ifname, - fr->fr_names + fr->fr_tifs[0].fd_name, LIFNAMSIZ); - old->fr_tifs[0].fd_ifname[LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_tifs[1].fd_name >= 0) { - strncpy(old->fr_tifs[1].fd_ifname, - fr->fr_names + fr->fr_tifs[1].fd_name, LIFNAMSIZ); - old->fr_tifs[1].fd_ifname[LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_dif.fd_name >= 0) { - strncpy(old->fr_dif.fd_ifname, - fr->fr_names + fr->fr_dif.fd_name, LIFNAMSIZ); - old->fr_dif.fd_ifname[LIFNAMSIZ - 1] = '\0'; - } - if (fr->fr_group >= 0) { - strncpy(old->fr_group, fr->fr_names + fr->fr_group, - FR_GROUPLEN); - old->fr_group[FR_GROUPLEN - 1] = '\0'; - } - if (fr->fr_grhead >= 0) { - strncpy(old->fr_grhead, fr->fr_names + fr->fr_grhead, - FR_GROUPLEN); - old->fr_grhead[FR_GROUPLEN - 1] = '\0'; - } -} - - -static void -fr_info_current_to_4_1_24(current, old) - void *current; - fr_info_4_1_24_t *old; -{ - fr_info_t *fin = (fr_info_t *)current; - - old->fin_ifp = fin->fin_ifp; - ipf_v5iptov4(&fin->fin_fi, &old->fin_fi); - bcopy(&fin->fin_dat, &old->fin_dat, sizeof(fin->fin_dat)); - old->fin_out = fin->fin_out; - old->fin_rev = fin->fin_rev; - old->fin_hlen = fin->fin_hlen; - old->ofin_tcpf = fin->fin_tcpf; - old->fin_icode = fin->fin_icode; - old->fin_rule = fin->fin_rule; - bcopy(fin->fin_group, old->fin_group, sizeof(fin->fin_group)); - old->fin_fr = fin->fin_fr; - old->fin_dp = fin->fin_dp; - old->fin_dlen = fin->fin_dlen; - old->fin_plen = fin->fin_plen; - old->fin_ipoff = fin->fin_ipoff; - old->fin_id = fin->fin_id; - old->fin_off = fin->fin_off; - old->fin_depth = fin->fin_depth; - old->fin_error = fin->fin_error; - old->fin_cksum = fin->fin_cksum; - old->fin_state = NULL; - old->fin_nat = NULL; - old->fin_nattag = fin->fin_nattag; - old->fin_exthdr = NULL; - old->ofin_ip = fin->fin_ip; - old->fin_mp = fin->fin_mp; - old->fin_m = fin->fin_m; -#ifdef MENTAT - old->fin_qfm = fin->fin_qfm; - old->fin_qpi = fin->fin_qpi; - old->fin_ifname[0] = '\0'; -#endif -#ifdef __sgi - old->fin_hbuf = fin->fin_hbuf; -#endif -} - - -static void -fr_info_current_to_4_1_23(current, old) - void *current; - fr_info_4_1_23_t *old; -{ - fr_info_t *fin = (fr_info_t *)current; - - old->fin_ifp = fin->fin_ifp; - ipf_v5iptov4(&fin->fin_fi, &old->fin_fi); - bcopy(&fin->fin_dat, &old->fin_dat, sizeof(fin->fin_dat)); - old->fin_out = fin->fin_out; - old->fin_rev = fin->fin_rev; - old->fin_hlen = fin->fin_hlen; - old->ofin_tcpf = fin->fin_tcpf; - old->fin_icode = fin->fin_icode; - old->fin_rule = fin->fin_rule; - bcopy(fin->fin_group, old->fin_group, sizeof(fin->fin_group)); - old->fin_fr = fin->fin_fr; - old->fin_dp = fin->fin_dp; - old->fin_dlen = fin->fin_dlen; - old->fin_plen = fin->fin_plen; - old->fin_ipoff = fin->fin_ipoff; - old->fin_id = fin->fin_id; - old->fin_off = fin->fin_off; - old->fin_depth = fin->fin_depth; - old->fin_error = fin->fin_error; - old->fin_state = NULL; - old->fin_nat = NULL; - old->fin_nattag = fin->fin_nattag; - old->ofin_ip = fin->fin_ip; - old->fin_mp = fin->fin_mp; - old->fin_m = fin->fin_m; -#ifdef MENTAT - old->fin_qfm = fin->fin_qfm; - old->fin_qpi = fin->fin_qpi; - old->fin_ifname[0] = '\0'; -#endif -#ifdef __sgi - old->fin_hbuf = fin->fin_hbuf; -#endif -} - - -static void -fr_info_current_to_4_1_11(current, old) - void *current; - fr_info_4_1_11_t *old; -{ - fr_info_t *fin = (fr_info_t *)current; - - old->fin_ifp = fin->fin_ifp; - ipf_v5iptov4(&fin->fin_fi, &old->fin_fi); - bcopy(&fin->fin_dat, &old->fin_dat, sizeof(fin->fin_dat)); - old->fin_out = fin->fin_out; - old->fin_rev = fin->fin_rev; - old->fin_hlen = fin->fin_hlen; - old->ofin_tcpf = fin->fin_tcpf; - old->fin_icode = fin->fin_icode; - old->fin_rule = fin->fin_rule; - bcopy(fin->fin_group, old->fin_group, sizeof(fin->fin_group)); - old->fin_fr = fin->fin_fr; - old->fin_dp = fin->fin_dp; - old->fin_dlen = fin->fin_dlen; - old->fin_plen = fin->fin_plen; - old->fin_ipoff = fin->fin_ipoff; - old->fin_id = fin->fin_id; - old->fin_off = fin->fin_off; - old->fin_depth = fin->fin_depth; - old->fin_error = fin->fin_error; - old->fin_state = NULL; - old->fin_nat = NULL; - old->fin_nattag = fin->fin_nattag; - old->ofin_ip = fin->fin_ip; - old->fin_mp = fin->fin_mp; - old->fin_m = fin->fin_m; -#ifdef MENTAT - old->fin_qfm = fin->fin_qfm; - old->fin_qpi = fin->fin_qpi; - old->fin_ifname[0] = '\0'; -#endif -#ifdef __sgi - old->fin_hbuf = fin->fin_hbuf; -#endif -} - - -static void -frauth_current_to_4_1_29(current, old) - void *current; - frauth_4_1_29_t *old; -{ - frauth_t *fra = (frauth_t *)current; - - old->fra_age = fra->fra_age; - old->fra_len = fra->fra_len; - old->fra_index = fra->fra_index; - old->fra_pass = fra->fra_pass; - fr_info_current_to_4_1_24(&fra->fra_info, &old->fra_info); - old->fra_buf = fra->fra_buf; - old->fra_flx = fra->fra_flx; -#ifdef MENTAT - old->fra_q = fra->fra_q; - old->fra_m = fra->fra_m; -#endif -} - - -static void -frauth_current_to_4_1_24(current, old) - void *current; - frauth_4_1_24_t *old; -{ - frauth_t *fra = (frauth_t *)current; - - old->fra_age = fra->fra_age; - old->fra_len = fra->fra_len; - old->fra_index = fra->fra_index; - old->fra_pass = fra->fra_pass; - fr_info_current_to_4_1_24(&fra->fra_info, &old->fra_info); - old->fra_buf = fra->fra_buf; -#ifdef MENTAT - old->fra_q = fra->fra_q; - old->fra_m = fra->fra_m; -#endif -} - - -static void -frauth_current_to_4_1_23(current, old) - void *current; - frauth_4_1_23_t *old; -{ - frauth_t *fra = (frauth_t *)current; - - old->fra_age = fra->fra_age; - old->fra_len = fra->fra_len; - old->fra_index = fra->fra_index; - old->fra_pass = fra->fra_pass; - fr_info_current_to_4_1_23(&fra->fra_info, &old->fra_info); - old->fra_buf = fra->fra_buf; -#ifdef MENTAT - old->fra_q = fra->fra_q; - old->fra_m = fra->fra_m; -#endif -} - - -static void -frauth_current_to_4_1_11(current, old) - void *current; - frauth_4_1_11_t *old; -{ - frauth_t *fra = (frauth_t *)current; - - old->fra_age = fra->fra_age; - old->fra_len = fra->fra_len; - old->fra_index = fra->fra_index; - old->fra_pass = fra->fra_pass; - fr_info_current_to_4_1_11(&fra->fra_info, &old->fra_info); - old->fra_buf = fra->fra_buf; -#ifdef MENTAT - old->fra_q = fra->fra_q; - old->fra_m = fra->fra_m; -#endif -} - - -static void -ipnat_current_to_4_1_14(current, old) - void *current; - ipnat_4_1_14_t *old; -{ - ipnat_t *np = (ipnat_t *)current; - - old->in_next = np->in_next; - old->in_rnext = np->in_rnext; - old->in_prnext = np->in_prnext; - old->in_mnext = np->in_mnext; - old->in_pmnext = np->in_pmnext; - old->in_tqehead[0] = np->in_tqehead[0]; - old->in_tqehead[1] = np->in_tqehead[1]; - old->in_ifps[0] = np->in_ifps[0]; - old->in_ifps[1] = np->in_ifps[1]; - old->in_apr = np->in_apr; - old->in_comment = np->in_comment; - old->in_space = np->in_space; - old->in_hits = np->in_hits; - old->in_use = np->in_use; - old->in_hv = np->in_hv[0]; - old->in_flineno = np->in_flineno; - if (old->in_redir == NAT_REDIRECT) - old->in_pnext = np->in_dpnext; - else - old->in_pnext = np->in_spnext; - old->in_v = np->in_v[0]; - old->in_flags = np->in_flags; - old->in_mssclamp = np->in_mssclamp; - old->in_age[0] = np->in_age[0]; - old->in_age[1] = np->in_age[1]; - old->in_redir = np->in_redir; - old->in_p = np->in_pr[0]; - if (np->in_redir == NAT_REDIRECT) { - old->in_next6 = np->in_ndst.na_nextaddr; - old->in_in[0] = np->in_ndst.na_addr[0]; - old->in_in[1] = np->in_ndst.na_addr[1]; - old->in_out[0] = np->in_odst.na_addr[0]; - old->in_out[1] = np->in_odst.na_addr[1]; - old->in_src[0] = np->in_osrc.na_addr[0]; - old->in_src[1] = np->in_osrc.na_addr[1]; - } else { - old->in_next6 = np->in_nsrc.na_nextaddr; - old->in_out[0] = np->in_nsrc.na_addr[0]; - old->in_out[1] = np->in_nsrc.na_addr[1]; - old->in_in[0] = np->in_osrc.na_addr[0]; - old->in_in[1] = np->in_osrc.na_addr[1]; - old->in_src[0] = np->in_odst.na_addr[0]; - old->in_src[1] = np->in_odst.na_addr[1]; - } - ipfv5tuctov4(&np->in_tuc, &old->in_tuc); - if (np->in_redir == NAT_REDIRECT) { - old->in_port[0] = np->in_dpmin; - old->in_port[1] = np->in_dpmax; - } else { - old->in_port[0] = np->in_spmin; - old->in_port[1] = np->in_spmax; - } - old->in_ppip = np->in_ppip; - old->in_ippip = np->in_ippip; - bcopy(&np->in_tag, &old->in_tag, sizeof(np->in_tag)); - - if (np->in_ifnames[0] >= 0) { - strncpy(old->in_ifnames[0], np->in_names + np->in_ifnames[0], - LIFNAMSIZ); - old->in_ifnames[0][LIFNAMSIZ - 1] = '\0'; - } - if (np->in_ifnames[1] >= 0) { - strncpy(old->in_ifnames[1], np->in_names + np->in_ifnames[1], - LIFNAMSIZ); - old->in_ifnames[1][LIFNAMSIZ - 1] = '\0'; - } - if (np->in_plabel >= 0) { - strncpy(old->in_plabel, np->in_names + np->in_plabel, - APR_LABELLEN); - old->in_plabel[APR_LABELLEN - 1] = '\0'; - } -} - - -static void -ipnat_current_to_4_1_0(current, old) - void *current; - ipnat_4_1_0_t *old; -{ - ipnat_t *np = (ipnat_t *)current; - - old->in_next = np->in_next; - old->in_rnext = np->in_rnext; - old->in_prnext = np->in_prnext; - old->in_mnext = np->in_mnext; - old->in_pmnext = np->in_pmnext; - old->in_tqehead[0] = np->in_tqehead[0]; - old->in_tqehead[1] = np->in_tqehead[1]; - old->in_ifps[0] = np->in_ifps[0]; - old->in_ifps[1] = np->in_ifps[1]; - old->in_apr = np->in_apr; - old->in_comment = np->in_comment; - old->in_space = np->in_space; - old->in_hits = np->in_hits; - old->in_use = np->in_use; - old->in_hv = np->in_hv[0]; - old->in_flineno = np->in_flineno; - if (old->in_redir == NAT_REDIRECT) - old->in_pnext = np->in_dpnext; - else - old->in_pnext = np->in_spnext; - old->in_v = np->in_v[0]; - old->in_flags = np->in_flags; - old->in_mssclamp = np->in_mssclamp; - old->in_age[0] = np->in_age[0]; - old->in_age[1] = np->in_age[1]; - old->in_redir = np->in_redir; - old->in_p = np->in_pr[0]; - if (np->in_redir == NAT_REDIRECT) { - old->in_next6 = np->in_ndst.na_nextaddr; - old->in_in[0] = np->in_ndst.na_addr[0]; - old->in_in[1] = np->in_ndst.na_addr[1]; - old->in_out[0] = np->in_odst.na_addr[0]; - old->in_out[1] = np->in_odst.na_addr[1]; - old->in_src[0] = np->in_osrc.na_addr[0]; - old->in_src[1] = np->in_osrc.na_addr[1]; - } else { - old->in_next6 = np->in_nsrc.na_nextaddr; - old->in_out[0] = np->in_nsrc.na_addr[0]; - old->in_out[1] = np->in_nsrc.na_addr[1]; - old->in_in[0] = np->in_osrc.na_addr[0]; - old->in_in[1] = np->in_osrc.na_addr[1]; - old->in_src[0] = np->in_odst.na_addr[0]; - old->in_src[1] = np->in_odst.na_addr[1]; - } - ipfv5tuctov4(&np->in_tuc, &old->in_tuc); - if (np->in_redir == NAT_REDIRECT) { - old->in_port[0] = np->in_dpmin; - old->in_port[1] = np->in_dpmax; - } else { - old->in_port[0] = np->in_spmin; - old->in_port[1] = np->in_spmax; - } - old->in_ppip = np->in_ppip; - old->in_ippip = np->in_ippip; - bcopy(&np->in_tag, &old->in_tag, sizeof(np->in_tag)); - - if (np->in_ifnames[0] >= 0) { - strncpy(old->in_ifnames[0], np->in_names + np->in_ifnames[0], - LIFNAMSIZ); - old->in_ifnames[0][LIFNAMSIZ - 1] = '\0'; - } - if (np->in_ifnames[1] >= 0) { - strncpy(old->in_ifnames[1], np->in_names + np->in_ifnames[1], - LIFNAMSIZ); - old->in_ifnames[1][LIFNAMSIZ - 1] = '\0'; - } - if (np->in_plabel >= 0) { - strncpy(old->in_plabel, np->in_names + np->in_plabel, - APR_LABELLEN); - old->in_plabel[APR_LABELLEN - 1] = '\0'; - } -} - - -static void -ipstate_current_to_4_1_16(current, old) - void *current; - ipstate_4_1_16_t *old; -{ - ipstate_t *is = (ipstate_t *)current; - - old->is_lock = is->is_lock; - old->is_next = is->is_next; - old->is_pnext = is->is_pnext; - old->is_hnext = is->is_hnext; - old->is_phnext = is->is_phnext; - old->is_me = is->is_me; - old->is_ifp[0] = is->is_ifp[0]; - old->is_ifp[1] = is->is_ifp[1]; - old->is_sync = is->is_sync; - old->is_rule = is->is_rule; - old->is_tqehead[0] = is->is_tqehead[0]; - old->is_tqehead[1] = is->is_tqehead[1]; - old->is_isc = is->is_isc; - old->is_pkts[0] = is->is_pkts[0]; - old->is_pkts[1] = is->is_pkts[1]; - old->is_pkts[2] = is->is_pkts[2]; - old->is_pkts[3] = is->is_pkts[3]; - old->is_bytes[0] = is->is_bytes[0]; - old->is_bytes[1] = is->is_bytes[1]; - old->is_bytes[2] = is->is_bytes[2]; - old->is_bytes[3] = is->is_bytes[3]; - old->is_icmppkts[0] = is->is_icmppkts[0]; - old->is_icmppkts[1] = is->is_icmppkts[1]; - old->is_icmppkts[2] = is->is_icmppkts[2]; - old->is_icmppkts[3] = is->is_icmppkts[3]; - old->is_sti = is->is_sti; - old->is_frage[0] = is->is_frage[0]; - old->is_frage[1] = is->is_frage[1]; - old->is_ref = is->is_ref; - old->is_isninc[0] = is->is_isninc[0]; - old->is_isninc[1] = is->is_isninc[1]; - old->is_sumd[0] = is->is_sumd[0]; - old->is_sumd[1] = is->is_sumd[1]; - old->is_src = is->is_src; - old->is_dst = is->is_dst; - old->is_pass = is->is_pass; - old->is_p = is->is_p; - old->is_v = is->is_v; - old->is_hv = is->is_hv; - old->is_tag = is->is_tag; - old->is_opt[0] = is->is_opt[0]; - old->is_opt[1] = is->is_opt[1]; - old->is_optmsk[0] = is->is_optmsk[0]; - old->is_optmsk[1] = is->is_optmsk[1]; - old->is_sec = is->is_sec; - old->is_secmsk = is->is_secmsk; - old->is_auth = is->is_auth; - old->is_authmsk = is->is_authmsk; - ipf_v5tcpinfoto4(&is->is_tcp, &old->is_tcp); - old->is_flags = is->is_flags; - old->is_flx[0][0] = is->is_flx[0][0]; - old->is_flx[0][1] = is->is_flx[0][1]; - old->is_flx[1][0] = is->is_flx[1][0]; - old->is_flx[1][1] = is->is_flx[1][1]; - old->is_rulen = is->is_rulen; - old->is_s0[0] = is->is_s0[0]; - old->is_s0[1] = is->is_s0[1]; - old->is_smsk[0] = is->is_smsk[0]; - old->is_smsk[1] = is->is_smsk[1]; - bcopy(is->is_group, old->is_group, sizeof(is->is_group)); - bcopy(is->is_sbuf, old->is_sbuf, sizeof(is->is_sbuf)); - bcopy(is->is_ifname, old->is_ifname, sizeof(is->is_ifname)); -} - - -static void -ipstate_current_to_4_1_0(current, old) - void *current; - ipstate_4_1_0_t *old; -{ - ipstate_t *is = (ipstate_t *)current; - - old->is_lock = is->is_lock; - old->is_next = is->is_next; - old->is_pnext = is->is_pnext; - old->is_hnext = is->is_hnext; - old->is_phnext = is->is_phnext; - old->is_me = is->is_me; - old->is_ifp[0] = is->is_ifp[0]; - old->is_ifp[1] = is->is_ifp[1]; - old->is_sync = is->is_sync; - bzero(&old->is_nat, sizeof(old->is_nat)); - old->is_rule = is->is_rule; - old->is_tqehead[0] = is->is_tqehead[0]; - old->is_tqehead[1] = is->is_tqehead[1]; - old->is_isc = is->is_isc; - old->is_pkts[0] = is->is_pkts[0]; - old->is_pkts[1] = is->is_pkts[1]; - old->is_pkts[2] = is->is_pkts[2]; - old->is_pkts[3] = is->is_pkts[3]; - old->is_bytes[0] = is->is_bytes[0]; - old->is_bytes[1] = is->is_bytes[1]; - old->is_bytes[2] = is->is_bytes[2]; - old->is_bytes[3] = is->is_bytes[3]; - old->is_icmppkts[0] = is->is_icmppkts[0]; - old->is_icmppkts[1] = is->is_icmppkts[1]; - old->is_icmppkts[2] = is->is_icmppkts[2]; - old->is_icmppkts[3] = is->is_icmppkts[3]; - old->is_sti = is->is_sti; - old->is_frage[0] = is->is_frage[0]; - old->is_frage[1] = is->is_frage[1]; - old->is_ref = is->is_ref; - old->is_isninc[0] = is->is_isninc[0]; - old->is_isninc[1] = is->is_isninc[1]; - old->is_sumd[0] = is->is_sumd[0]; - old->is_sumd[1] = is->is_sumd[1]; - old->is_src = is->is_src; - old->is_dst = is->is_dst; - old->is_pass = is->is_pass; - old->is_p = is->is_p; - old->is_v = is->is_v; - old->is_hv = is->is_hv; - old->is_tag = is->is_tag; - old->is_opt[0] = is->is_opt[0]; - old->is_opt[1] = is->is_opt[1]; - old->is_optmsk[0] = is->is_optmsk[0]; - old->is_optmsk[1] = is->is_optmsk[1]; - old->is_sec = is->is_sec; - old->is_secmsk = is->is_secmsk; - old->is_auth = is->is_auth; - old->is_authmsk = is->is_authmsk; - ipf_v5tcpinfoto4(&is->is_tcp, &old->is_tcp); - old->is_flags = is->is_flags; - old->is_flx[0][0] = is->is_flx[0][0]; - old->is_flx[0][1] = is->is_flx[0][1]; - old->is_flx[1][0] = is->is_flx[1][0]; - old->is_flx[1][1] = is->is_flx[1][1]; - old->is_rulen = is->is_rulen; - old->is_s0[0] = is->is_s0[0]; - old->is_s0[1] = is->is_s0[1]; - old->is_smsk[0] = is->is_smsk[0]; - old->is_smsk[1] = is->is_smsk[1]; - bcopy(is->is_group, old->is_group, sizeof(is->is_group)); - bcopy(is->is_sbuf, old->is_sbuf, sizeof(is->is_sbuf)); - bcopy(is->is_ifname, old->is_ifname, sizeof(is->is_ifname)); -} - - -static void -ips_stat_current_to_4_1_21(current, old) - void *current; - ips_stat_4_1_21_t *old; -{ - ips_stat_t *st = (ips_stat_t *)current; - - old->iss_hits = st->iss_hits; - old->iss_miss = st->iss_check_miss; - old->iss_max = st->iss_max; - old->iss_maxref = st->iss_max_ref; - old->iss_tcp = st->iss_proto[IPPROTO_TCP]; - old->iss_udp = st->iss_proto[IPPROTO_UDP]; - old->iss_icmp = st->iss_proto[IPPROTO_ICMP]; - old->iss_nomem = st->iss_nomem; - old->iss_expire = st->iss_expire; - old->iss_fin = st->iss_fin; - old->iss_active = st->iss_active; - old->iss_logged = st->iss_log_ok; - old->iss_logfail = st->iss_log_fail; - old->iss_inuse = st->iss_inuse; - old->iss_wild = st->iss_wild; - old->iss_ticks = st->iss_ticks; - old->iss_bucketfull = st->iss_bucket_full; - old->iss_statesize = st->iss_state_size; - old->iss_statemax = st->iss_state_max; - old->iss_table = st->iss_table; - old->iss_list = st->iss_list; - old->iss_bucketlen = (void *)st->iss_bucketlen; - old->iss_tcptab = st->iss_tcptab; -} - - -static void -ips_stat_current_to_4_1_0(current, old) - void *current; - ips_stat_4_1_0_t *old; -{ - ips_stat_t *st = (ips_stat_t *)current; - - old->iss_hits = st->iss_hits; - old->iss_miss = st->iss_check_miss; - old->iss_max = st->iss_max; - old->iss_maxref = st->iss_max_ref; - old->iss_tcp = st->iss_proto[IPPROTO_TCP]; - old->iss_udp = st->iss_proto[IPPROTO_UDP]; - old->iss_icmp = st->iss_proto[IPPROTO_ICMP]; - old->iss_nomem = st->iss_nomem; - old->iss_expire = st->iss_expire; - old->iss_fin = st->iss_fin; - old->iss_active = st->iss_active; - old->iss_logged = st->iss_log_ok; - old->iss_logfail = st->iss_log_fail; - old->iss_inuse = st->iss_inuse; - old->iss_wild = st->iss_wild; - old->iss_ticks = st->iss_ticks; - old->iss_bucketfull = st->iss_bucket_full; - old->iss_statesize = st->iss_state_size; - old->iss_statemax = st->iss_state_max; - old->iss_table = st->iss_table; - old->iss_list = st->iss_list; - old->iss_bucketlen = (void *)st->iss_bucketlen; -} - - -static void -nat_save_current_to_4_1_16(current, old) - void *current; - nat_save_4_1_16_t *old; -{ - nat_save_t *nats = (nat_save_t *)current; - - old->ipn_next = nats->ipn_next; - bcopy(&nats->ipn_nat, &old->ipn_nat, sizeof(old->ipn_nat)); - bcopy(&nats->ipn_ipnat, &old->ipn_ipnat, sizeof(old->ipn_ipnat)); - frentry_current_to_4_1_16(&nats->ipn_fr, &old->ipn_fr); - old->ipn_dsize = nats->ipn_dsize; - bcopy(nats->ipn_data, old->ipn_data, sizeof(nats->ipn_data)); -} - - -static void -nat_save_current_to_4_1_14(current, old) - void *current; - nat_save_4_1_14_t *old; -{ - nat_save_t *nats = (nat_save_t *)current; - - old->ipn_next = nats->ipn_next; - bcopy(&nats->ipn_nat, &old->ipn_nat, sizeof(old->ipn_nat)); - bcopy(&nats->ipn_ipnat, &old->ipn_ipnat, sizeof(old->ipn_ipnat)); - frentry_current_to_4_1_0(&nats->ipn_fr, &old->ipn_fr); - old->ipn_dsize = nats->ipn_dsize; - bcopy(nats->ipn_data, old->ipn_data, sizeof(nats->ipn_data)); -} - - -static void -nat_save_current_to_4_1_3(current, old) - void *current; - nat_save_4_1_3_t *old; -{ - nat_save_t *nats = (nat_save_t *)current; - - old->ipn_next = nats->ipn_next; - bcopy(&nats->ipn_nat, &old->ipn_nat, sizeof(old->ipn_nat)); - bcopy(&nats->ipn_ipnat, &old->ipn_ipnat, sizeof(old->ipn_ipnat)); - frentry_current_to_4_1_0(&nats->ipn_fr, &old->ipn_fr); - old->ipn_dsize = nats->ipn_dsize; - bcopy(nats->ipn_data, old->ipn_data, sizeof(nats->ipn_data)); -} - - -static void -nat_current_to_4_1_25(current, old) - void *current; - nat_4_1_25_t *old; -{ - nat_t *nat = (nat_t *)current; - - old->nat_lock = nat->nat_lock; - old->nat_next = (void *)nat->nat_next; - old->nat_pnext = (void *)nat->nat_pnext; - old->nat_hnext[0] = (void *)nat->nat_hnext[0]; - old->nat_hnext[1] = (void *)nat->nat_hnext[1]; - old->nat_phnext[0] = (void *)nat->nat_phnext[0]; - old->nat_phnext[1] = (void *)nat->nat_phnext[1]; - old->nat_hm = nat->nat_hm; - old->nat_data = nat->nat_data; - old->nat_me = (void *)nat->nat_me; - old->nat_state = nat->nat_state; - old->nat_aps = nat->nat_aps; - old->nat_fr = nat->nat_fr; - old->nat_ptr = (void *)nat->nat_ptr; - old->nat_ifps[0] = nat->nat_ifps[0]; - old->nat_ifps[1] = nat->nat_ifps[1]; - old->nat_sync = nat->nat_sync; - old->nat_tqe = nat->nat_tqe; - old->nat_flags = nat->nat_flags; - old->nat_sumd[0] = nat->nat_sumd[0]; - old->nat_sumd[1] = nat->nat_sumd[1]; - old->nat_ipsumd = nat->nat_ipsumd; - old->nat_mssclamp = nat->nat_mssclamp; - old->nat_pkts[0] = nat->nat_pkts[0]; - old->nat_pkts[1] = nat->nat_pkts[1]; - old->nat_bytes[0] = nat->nat_bytes[0]; - old->nat_bytes[1] = nat->nat_bytes[1]; - old->nat_ref = nat->nat_ref; - old->nat_dir = nat->nat_dir; - old->nat_p = nat->nat_pr[0]; - old->nat_use = nat->nat_use; - old->nat_hv[0] = nat->nat_hv[0]; - old->nat_hv[1] = nat->nat_hv[1]; - old->nat_rev = nat->nat_rev; - old->nat_redir = nat->nat_redir; - bcopy(nat->nat_ifnames[0], old->nat_ifnames[0], LIFNAMSIZ); - bcopy(nat->nat_ifnames[1], old->nat_ifnames[1], LIFNAMSIZ); - - if (nat->nat_redir == NAT_REDIRECT) { - old->nat_inip6 = nat->nat_ndst6; - old->nat_outip6 = nat->nat_odst6; - old->nat_oip6 = nat->nat_osrc6; - old->nat_un.nat_unt.ts_sport = nat->nat_ndport; - old->nat_un.nat_unt.ts_dport = nat->nat_odport; - } else { - old->nat_inip6 = nat->nat_osrc6; - old->nat_outip6 = nat->nat_nsrc6; - old->nat_oip6 = nat->nat_odst6; - old->nat_un.nat_unt.ts_sport = nat->nat_osport; - old->nat_un.nat_unt.ts_dport = nat->nat_nsport; - } -} - - -static void -nat_current_to_4_1_14(current, old) - void *current; - nat_4_1_14_t *old; -{ - nat_t *nat = (nat_t *)current; - - old->nat_lock = nat->nat_lock; - old->nat_next = nat->nat_next; - old->nat_pnext = NULL; - old->nat_hnext[0] = NULL; - old->nat_hnext[1] = NULL; - old->nat_phnext[0] = NULL; - old->nat_phnext[1] = NULL; - old->nat_hm = nat->nat_hm; - old->nat_data = nat->nat_data; - old->nat_me = (void *)nat->nat_me; - old->nat_state = nat->nat_state; - old->nat_aps = nat->nat_aps; - old->nat_fr = nat->nat_fr; - old->nat_ptr = nat->nat_ptr; - old->nat_ifps[0] = nat->nat_ifps[0]; - old->nat_ifps[1] = nat->nat_ifps[1]; - old->nat_sync = nat->nat_sync; - old->nat_tqe = nat->nat_tqe; - old->nat_flags = nat->nat_flags; - old->nat_sumd[0] = nat->nat_sumd[0]; - old->nat_sumd[1] = nat->nat_sumd[1]; - old->nat_ipsumd = nat->nat_ipsumd; - old->nat_mssclamp = nat->nat_mssclamp; - old->nat_pkts[0] = nat->nat_pkts[0]; - old->nat_pkts[1] = nat->nat_pkts[1]; - old->nat_bytes[0] = nat->nat_bytes[0]; - old->nat_bytes[1] = nat->nat_bytes[1]; - old->nat_ref = nat->nat_ref; - old->nat_dir = nat->nat_dir; - old->nat_p = nat->nat_pr[0]; - old->nat_use = nat->nat_use; - old->nat_hv[0] = nat->nat_hv[0]; - old->nat_hv[1] = nat->nat_hv[1]; - old->nat_rev = nat->nat_rev; - bcopy(nat->nat_ifnames[0], old->nat_ifnames[0], LIFNAMSIZ); - bcopy(nat->nat_ifnames[1], old->nat_ifnames[1], LIFNAMSIZ); - - if (nat->nat_redir == NAT_REDIRECT) { - old->nat_inip6 = nat->nat_ndst6; - old->nat_outip6 = nat->nat_odst6; - old->nat_oip6 = nat->nat_osrc6; - old->nat_un.nat_unt.ts_sport = nat->nat_ndport; - old->nat_un.nat_unt.ts_dport = nat->nat_odport; - } else { - old->nat_inip6 = nat->nat_osrc6; - old->nat_outip6 = nat->nat_nsrc6; - old->nat_oip6 = nat->nat_odst6; - old->nat_un.nat_unt.ts_sport = nat->nat_osport; - old->nat_un.nat_unt.ts_dport = nat->nat_nsport; - } -} - - -static void -nat_current_to_4_1_3(current, old) - void *current; - nat_4_1_3_t *old; -{ - nat_t *nat = (nat_t *)current; - - old->nat_lock = nat->nat_lock; - old->nat_next = nat->nat_next; - old->nat_pnext = NULL; - old->nat_hnext[0] = NULL; - old->nat_hnext[1] = NULL; - old->nat_phnext[0] = NULL; - old->nat_phnext[1] = NULL; - old->nat_hm = nat->nat_hm; - old->nat_data = nat->nat_data; - old->nat_me = (void *)nat->nat_me; - old->nat_state = nat->nat_state; - old->nat_aps = nat->nat_aps; - old->nat_fr = nat->nat_fr; - old->nat_ptr = nat->nat_ptr; - old->nat_ifps[0] = nat->nat_ifps[0]; - old->nat_ifps[1] = nat->nat_ifps[1]; - old->nat_sync = nat->nat_sync; - old->nat_tqe = nat->nat_tqe; - old->nat_flags = nat->nat_flags; - old->nat_sumd[0] = nat->nat_sumd[0]; - old->nat_sumd[1] = nat->nat_sumd[1]; - old->nat_ipsumd = nat->nat_ipsumd; - old->nat_mssclamp = nat->nat_mssclamp; - old->nat_pkts[0] = nat->nat_pkts[0]; - old->nat_pkts[1] = nat->nat_pkts[1]; - old->nat_bytes[0] = nat->nat_bytes[0]; - old->nat_bytes[1] = nat->nat_bytes[1]; - old->nat_ref = nat->nat_ref; - old->nat_dir = nat->nat_dir; - old->nat_p = nat->nat_pr[0]; - old->nat_use = nat->nat_use; - old->nat_hv[0] = nat->nat_hv[0]; - old->nat_hv[1] = nat->nat_hv[1]; - old->nat_rev = nat->nat_rev; - bcopy(nat->nat_ifnames[0], old->nat_ifnames[0], LIFNAMSIZ); - bcopy(nat->nat_ifnames[1], old->nat_ifnames[1], LIFNAMSIZ); - - if (nat->nat_redir == NAT_REDIRECT) { - old->nat_inip6 = nat->nat_ndst6; - old->nat_outip6 = nat->nat_odst6; - old->nat_oip6 = nat->nat_osrc6; - old->nat_un.nat_unt.ts_sport = nat->nat_ndport; - old->nat_un.nat_unt.ts_dport = nat->nat_odport; - } else { - old->nat_inip6 = nat->nat_osrc6; - old->nat_outip6 = nat->nat_nsrc6; - old->nat_oip6 = nat->nat_odst6; - old->nat_un.nat_unt.ts_sport = nat->nat_osport; - old->nat_un.nat_unt.ts_dport = nat->nat_nsport; - } -} - -#endif /* IPFILTER_COMPAT */ diff --git a/contrib/ipfilter/ip_msnrpc_pxy.c b/contrib/ipfilter/ip_msnrpc_pxy.c deleted file mode 100644 index 40bc084cbb5d..000000000000 --- a/contrib/ipfilter/ip_msnrpc_pxy.c +++ /dev/null @@ -1,328 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Copyright (C) 2000-2003 by Darren Reed - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * Simple DCE transparent proxy for MSN RPC. - * - * ******* NOTE: THIS PROXY DOES NOT DO ADDRESS TRANSLATION ******** - * - * Id: ip_msnrpc_pxy.c,v 2.17.2.1 2005/02/04 10:22:55 darrenr Exp - */ - -#define IPF_MSNRPC_PROXY - -#define IPF_MINMSNRPCLEN 24 -#define IPF_MSNRPCSKIP (2 + 19 + 2 + 2 + 2 + 19 + 2 + 2) - - -typedef struct msnrpchdr { - u_char mrh_major; /* major # == 5 */ - u_char mrh_minor; /* minor # == 0 */ - u_char mrh_type; - u_char mrh_flags; - u_32_t mrh_endian; - u_short mrh_dlen; /* data size */ - u_short mrh_alen; /* authentication length */ - u_32_t mrh_cid; /* call identifier */ - u_32_t mrh_hint; /* allocation hint */ - u_short mrh_ctxt; /* presentation context hint */ - u_char mrh_ccnt; /* cancel count */ - u_char mrh_ans; -} msnrpchdr_t; - -int ippr_msnrpc_init __P((void)); -void ippr_msnrpc_fini __P((void)); -int ippr_msnrpc_new __P((fr_info_t *, ap_session_t *, nat_t *)); -int ippr_msnrpc_out __P((fr_info_t *, ap_session_t *, nat_t *)); -int ippr_msnrpc_in __P((fr_info_t *, ap_session_t *, nat_t *)); -int ippr_msnrpc_check __P((ip_t *, msnrpchdr_t *)); - -static frentry_t msnfr; - -int msn_proxy_init = 0; - -/* - * Initialize local structures. - */ -int ippr_msnrpc_init() -{ - bzero((char *)&msnfr, sizeof(msnfr)); - msnfr.fr_ref = 1; - msnfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE; - MUTEX_INIT(&msnfr.fr_lock, "MSN RPC proxy rule lock"); - msn_proxy_init = 1; - - return 0; -} - - -void ippr_msnrpc_fini() -{ - if (msn_proxy_init == 1) { - MUTEX_DESTROY(&msnfr.fr_lock); - msn_proxy_init = 0; - } -} - - -int ippr_msnrpc_new(fin, aps, nat) -fr_info_t *fin; -ap_session_t *aps; -nat_t *nat; -{ - msnrpcinfo_t *mri; - - KMALLOC(mri, msnrpcinfo_t *); - if (mri == NULL) - return -1; - aps->aps_data = mri; - aps->aps_psiz = sizeof(msnrpcinfo_t); - - bzero((char *)mri, sizeof(*mri)); - mri->mri_cmd[0] = 0xff; - mri->mri_cmd[1] = 0xff; - return 0; -} - - -int ippr_msnrpc_check(ip, mrh) -ip_t *ip; -msnrpchdr_t *mrh; -{ - if (mrh->mrh_major != 5) - return -1; - if (mrh->mrh_minor != 0) - return -1; - if (mrh->mrh_alen != 0) - return -1; - if (mrh->mrh_endian == 0x10) { - /* Both gateway and packet match endian */ - if (mrh->mrh_dlen > ip->ip_len) - return -1; - if (mrh->mrh_type == 0 || mrh->mrh_type == 2) - if (mrh->mrh_hint > ip->ip_len) - return -1; - } else if (mrh->mrh_endian == 0x10000000) { - /* XXX - Endian mismatch - should be swapping! */ - return -1; - } else { - return -1; - } - return 0; -} - - -int ippr_msnrpc_out(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - msnrpcinfo_t *mri; - msnrpchdr_t *mrh; - tcphdr_t *tcp; - int dlen; - - mri = aps->aps_data; - if (mri == NULL) - return 0; - - tcp = (tcphdr_t *)fin->fin_dp; - dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2); - if (dlen < IPF_MINMSNRPCLEN) - return 0; - - mrh = (msnrpchdr_t *)((char *)tcp + (TCP_OFF(tcp) << 2)); - if (ippr_msnrpc_check(ip, mrh)) - return 0; - - mri->mri_valid++; - - switch (mrh->mrh_type) - { - case 0x0b : /* BIND */ - case 0x00 : /* REQUEST */ - break; - case 0x0c : /* BIND ACK */ - case 0x02 : /* RESPONSE */ - default: - return 0; - } - mri->mri_cmd[1] = mrh->mrh_type; - return 0; -} - - -int ippr_msnrpc_in(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - tcphdr_t *tcp, tcph, *tcp2 = &tcph; - int dlen, sz, sz2, i; - msnrpcinfo_t *mri; - msnrpchdr_t *mrh; - fr_info_t fi; - u_short len; - char *s; - - mri = aps->aps_data; - if (mri == NULL) - return 0; - tcp = (tcphdr_t *)fin->fin_dp; - dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2); - if (dlen < IPF_MINMSNRPCLEN) - return 0; - - mrh = (msnrpchdr_t *)((char *)tcp + (TCP_OFF(tcp) << 2)); - if (ippr_msnrpc_check(ip, mrh)) - return 0; - - mri->mri_valid++; - - switch (mrh->mrh_type) - { - case 0x0c : /* BIND ACK */ - if (mri->mri_cmd[1] != 0x0b) - return 0; - break; - case 0x02 : /* RESPONSE */ - if (mri->mri_cmd[1] != 0x00) - return 0; - break; - case 0x0b : /* BIND */ - case 0x00 : /* REQUEST */ - default: - return 0; - } - mri->mri_cmd[0] = mrh->mrh_type; - dlen -= sizeof(*mrh); - - /* - * Only processes RESPONSE's - */ - if (mrh->mrh_type != 0x02) - return 0; - - /* - * Skip over some bytes...what are these really ? - */ - if (dlen <= 44) - return 0; - s = (char *)(mrh + 1) + 20; - dlen -= 20; - bcopy(s, (char *)&len, sizeof(len)); - if (len == 1) { - s += 20; - dlen -= 20; - } else if (len == 2) { - s += 24; - dlen -= 24; - } else - return 0; - - if (dlen <= 10) - return 0; - dlen -= 10; - bcopy(s, (char *)&sz, sizeof(sz)); - s += sizeof(sz); - bcopy(s, (char *)&sz2, sizeof(sz2)); - s += sizeof(sz2); - if (sz2 != sz) - return 0; - if (sz > dlen) - return 0; - if (*s++ != 5) - return 0; - if (*s++ != 0) - return 0; - sz -= IPF_MSNRPCSKIP; - s += IPF_MSNRPCSKIP; - dlen -= IPF_MSNRPCSKIP; - - do { - if (sz < 7 || dlen < 7) - break; - bcopy(s, (char *)&len, sizeof(len)); - if (dlen < len) - break; - if (sz < len) - break; - - if (len != 1) - break; - sz -= 3; - i = *(s + 2); - s += 3; - dlen -= 3; - - bcopy(s, (char *)&len, sizeof(len)); - if (dlen < len) - break; - if (sz < len) - break; - s += sizeof(len); - - switch (i) - { - case 7 : - if (len == 2) { - bcopy(s, (char *)&mri->mri_rport, 2); - mri->mri_flags |= 1; - } - break; - case 9 : - if (len == 4) { - bcopy(s, (char *)&mri->mri_raddr, 4); - mri->mri_flags |= 2; - } - break; - default : - break; - } - sz -= len; - s += len; - dlen -= len; - } while (sz > 0); - - if (mri->mri_flags == 3) { - int slen; - - bcopy((char *)fin, (char *)&fi, sizeof(fi)); - bzero((char *)tcp2, sizeof(*tcp2)); - - slen = ip->ip_len; - ip->ip_len = fin->fin_hlen + sizeof(*tcp2); - bcopy((char *)fin, (char *)&fi, sizeof(fi)); - bzero((char *)tcp2, sizeof(*tcp2)); - tcp2->th_win = htons(8192); - TCP_OFF_A(tcp2, 5); - fi.fin_data[0] = htons(mri->mri_rport); - tcp2->th_sport = mri->mri_rport; - fi.fin_data[1] = 0; - tcp2->th_dport = 0; - fi.fin_state = NULL; - fi.fin_nat = NULL; - fi.fin_dlen = sizeof(*tcp2); - fi.fin_plen = fi.fin_hlen + sizeof(*tcp2); - fi.fin_dp = (char *)tcp2; - fi.fin_fi.fi_daddr = ip->ip_dst.s_addr; - fi.fin_fi.fi_saddr = mri->mri_raddr.s_addr; - if (!fi.fin_fr) - fi.fin_fr = &msnfr; - if (fr_stlookup(&fi, NULL, NULL)) { - RWLOCK_EXIT(&ipf_state); - } else { - (void) fr_addstate(&fi, NULL, SI_W_DPORT|SI_CLONE); - if (fi.fin_state != NULL) - fr_statederef(&fi, (ipstate_t **)&fi.fin_state); - } - ip->ip_len = slen; - } - mri->mri_flags = 0; - return 0; -} diff --git a/contrib/ipfilter/ipf.h b/contrib/ipfilter/ipf.h deleted file mode 100644 index dfae008bed6a..000000000000 --- a/contrib/ipfilter/ipf.h +++ /dev/null @@ -1,403 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Copyright (C) 2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * @(#)ipf.h 1.12 6/5/96 - * $Id$ - */ - -#ifndef __IPF_H__ -#define __IPF_H__ - -#if defined(__osf__) -# define radix_mask ipf_radix_mask -# define radix_node ipf_radix_node -# define radix_node_head ipf_radix_node_head -#endif - -#include -#include -#include -/* - * This is a workaround for troubles on FreeBSD, HPUX, OpenBSD. - * Needed here because on some systems gets included by things - * like - */ -#ifndef _KERNEL -# define ADD_KERNEL -# define _KERNEL -# define KERNEL -#endif -#ifdef __OpenBSD__ -struct file; -#endif -#include -#ifdef ADD_KERNEL -# undef _KERNEL -# undef KERNEL -#endif -#include -#include -#include - -#include -#include -#include -#include -#ifndef TCP_PAWS_IDLE /* IRIX */ -# include -#endif -#include - -#include - -#include -#include -#include -#include -#include -#include -#if !defined(__SVR4) && !defined(__svr4__) && defined(sun) -# include -#endif -#include -#include - -#include "netinet/ip_compat.h" -#include "netinet/ip_fil.h" -#include "netinet/ip_nat.h" -#include "netinet/ip_frag.h" -#include "netinet/ip_state.h" -#include "netinet/ip_proxy.h" -#include "netinet/ip_auth.h" -#include "netinet/ip_lookup.h" -#include "netinet/ip_pool.h" -#include "netinet/ip_scan.h" -#include "netinet/ip_htable.h" -#include "netinet/ip_sync.h" -#include "netinet/ip_dstlist.h" - -#include "opts.h" - -#ifndef __P -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif -#ifndef __STDC__ -# undef const -# define const -#endif - -#ifndef U_32_T -# define U_32_T 1 -# if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \ - defined(__sgi) -typedef u_int32_t u_32_t; -# else -# if defined(__alpha__) || defined(__alpha) || defined(_LP64) -typedef unsigned int u_32_t; -# else -# if SOLARIS2 >= 6 -typedef uint32_t u_32_t; -# else -typedef unsigned int u_32_t; -# endif -# endif -# endif /* __NetBSD__ || __OpenBSD__ || __FreeBSD__ || __sgi */ -#endif /* U_32_T */ - -#ifndef MAXHOSTNAMELEN -# define MAXHOSTNAMELEN 256 -#endif - -#define MAX_ICMPCODE 16 -#define MAX_ICMPTYPE 19 - -#define PRINTF (void)printf -#define FPRINTF (void)fprintf - - -struct ipopt_names { - int on_value; - int on_bit; - int on_siz; - char *on_name; -}; - - -typedef struct alist_s { - struct alist_s *al_next; - int al_not; - int al_family; - i6addr_t al_i6addr; - i6addr_t al_i6mask; -} alist_t; - -#define al_addr al_i6addr.in4_addr -#define al_mask al_i6mask.in4_addr -#define al_1 al_addr -#define al_2 al_mask - - -typedef struct plist_s { - struct plist_s *pl_next; - int pl_compare; - u_short pl_port1; - u_short pl_port2; -} plist_t; - - -typedef struct { - u_short fb_c; - u_char fb_t; - u_char fb_f; - u_32_t fb_k; -} fakebpf_t; - - -typedef struct { - char *it_name; - int it_v4; - int it_v6; -} icmptype_t; - - -typedef struct wordtab { - char *w_word; - int w_value; -} wordtab_t; - - -typedef struct namelist { - struct namelist *na_next; - char *na_name; - int na_value; -} namelist_t; - - -typedef struct proxyrule { - struct proxyrule *pr_next; - char *pr_proxy; - char *pr_conf; - namelist_t *pr_names; - int pr_proto; -} proxyrule_t; - - -#if defined(__NetBSD__) || defined(__OpenBSD__) || \ - (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \ - SOLARIS || defined(__sgi) || defined(__osf__) || defined(linux) -# include -typedef int (* ioctlfunc_t) __P((int, ioctlcmd_t, ...)); -#else -typedef int (* ioctlfunc_t) __P((dev_t, ioctlcmd_t, void *)); -#endif -typedef int (* addfunc_t) __P((int, ioctlfunc_t, void *)); -typedef int (* copyfunc_t) __P((void *, void *, size_t)); - - -/* - * SunOS4 - */ -#if defined(sun) && !defined(__SVR4) && !defined(__svr4__) -extern int ioctl __P((int, int, void *)); -#endif - -extern char thishost[]; -extern char flagset[]; -extern u_char flags[]; -extern struct ipopt_names ionames[]; -extern struct ipopt_names secclass[]; -extern char *icmpcodes[MAX_ICMPCODE + 1]; -extern char *icmptypes[MAX_ICMPTYPE + 1]; -extern int use_inet6; -extern int lineNum; -extern int debuglevel; -extern struct ipopt_names v6ionames[]; -extern icmptype_t icmptypelist[]; -extern wordtab_t statefields[]; -extern wordtab_t natfields[]; -extern wordtab_t poolfields[]; - - -extern int addicmp __P((char ***, struct frentry *, int)); -extern int addipopt __P((char *, struct ipopt_names *, int, char *)); -extern int addkeep __P((char ***, struct frentry *, int)); -extern alist_t *alist_new __P((int, char *)); -extern void alist_free __P((alist_t *)); -extern void assigndefined __P((char *)); -extern void binprint __P((void *, size_t)); -extern u_32_t buildopts __P((char *, char *, int)); -extern int checkrev __P((char *)); -extern int connecttcp __P((char *, int)); -extern int count6bits __P((u_32_t *)); -extern int count4bits __P((u_32_t)); -extern char *fac_toname __P((int)); -extern int fac_findname __P((char *)); -extern const char *familyname __P((const int)); -extern void fill6bits __P((int, u_int *)); -extern wordtab_t *findword __P((wordtab_t *, char *)); -extern int ftov __P((int)); -extern char *ipf_geterror __P((int, ioctlfunc_t *)); -extern int genmask __P((int, char *, i6addr_t *)); -extern int gethost __P((int, char *, i6addr_t *)); -extern int geticmptype __P((int, char *)); -extern int getport __P((struct frentry *, char *, u_short *, char *)); -extern int getportproto __P((char *, int)); -extern int getproto __P((char *)); -extern char *getnattype __P((struct nat *)); -extern char *getsumd __P((u_32_t)); -extern u_32_t getoptbyname __P((char *)); -extern u_32_t getoptbyvalue __P((int)); -extern u_32_t getv6optbyname __P((char *)); -extern u_32_t getv6optbyvalue __P((int)); -extern char *icmptypename __P((int, int)); -extern void initparse __P((void)); -extern void ipf_dotuning __P((int, char *, ioctlfunc_t)); -extern int ipf_addrule __P((int, ioctlfunc_t, void *)); -extern void ipf_mutex_clean __P((void)); -extern int ipf_parsefile __P((int, addfunc_t, ioctlfunc_t *, char *)); -extern int ipf_parsesome __P((int, addfunc_t, ioctlfunc_t *, FILE *)); -extern void ipf_perror __P((int, char *)); -extern int ipf_perror_fd __P(( int, ioctlfunc_t, char *)); -extern void ipf_rwlock_clean __P((void)); -extern char *ipf_strerror __P((int)); -extern void ipferror __P((int, char *)); -extern int ipmon_parsefile __P((char *)); -extern int ipmon_parsesome __P((FILE *)); -extern int ipnat_addrule __P((int, ioctlfunc_t, void *)); -extern int ipnat_parsefile __P((int, addfunc_t, ioctlfunc_t, char *)); -extern int ipnat_parsesome __P((int, addfunc_t, ioctlfunc_t, FILE *)); -extern int ippool_parsefile __P((int, char *, ioctlfunc_t)); -extern int ippool_parsesome __P((int, FILE *, ioctlfunc_t)); -extern int kmemcpywrap __P((void *, void *, size_t)); -extern char *kvatoname __P((ipfunc_t, ioctlfunc_t)); -extern int load_dstlist __P((struct ippool_dst *, ioctlfunc_t, - ipf_dstnode_t *)); -extern int load_dstlistnode __P((int, char *, struct ipf_dstnode *, - ioctlfunc_t)); -extern alist_t *load_file __P((char *)); -extern int load_hash __P((struct iphtable_s *, struct iphtent_s *, - ioctlfunc_t)); -extern int load_hashnode __P((int, char *, struct iphtent_s *, int, - ioctlfunc_t)); -extern alist_t *load_http __P((char *)); -extern int load_pool __P((struct ip_pool_s *list, ioctlfunc_t)); -extern int load_poolnode __P((int, char *, ip_pool_node_t *, int, ioctlfunc_t)); -extern alist_t *load_url __P((char *)); -extern alist_t *make_range __P((int, struct in_addr, struct in_addr)); -extern void mb_hexdump __P((mb_t *, FILE *)); -extern ipfunc_t nametokva __P((char *, ioctlfunc_t)); -extern void nat_setgroupmap __P((struct ipnat *)); -extern int ntomask __P((int, int, u_32_t *)); -extern u_32_t optname __P((char ***, u_short *, int)); -extern wordtab_t *parsefields __P((wordtab_t *, char *)); -extern int *parseipfexpr __P((char *, char **)); -extern int parsewhoisline __P((char *, addrfamily_t *, addrfamily_t *)); -extern void pool_close __P((void)); -extern int pool_fd __P((void)); -extern int pool_ioctl __P((ioctlfunc_t, ioctlcmd_t, void *)); -extern int pool_open __P((void)); -extern char *portname __P((int, int)); -extern int pri_findname __P((char *)); -extern char *pri_toname __P((int)); -extern void print_toif __P((int, char *, char *, struct frdest *)); -extern void printaps __P((ap_session_t *, int, int)); -extern void printaddr __P((int, int, char *, int, u_32_t *, u_32_t *)); -extern void printbuf __P((char *, int, int)); -extern void printfieldhdr __P((wordtab_t *, wordtab_t *)); -extern void printfr __P((struct frentry *, ioctlfunc_t)); -extern struct iphtable_s *printhash __P((struct iphtable_s *, copyfunc_t, - char *, int, wordtab_t *)); -extern struct iphtable_s *printhash_live __P((iphtable_t *, int, char *, - int, wordtab_t *)); -extern ippool_dst_t *printdstl_live __P((ippool_dst_t *, int, char *, - int, wordtab_t *)); -extern void printhashdata __P((iphtable_t *, int)); -extern struct iphtent_s *printhashnode __P((struct iphtable_s *, - struct iphtent_s *, - copyfunc_t, int, wordtab_t *)); -extern void printhost __P((int, u_32_t *)); -extern void printhostmask __P((int, u_32_t *, u_32_t *)); -extern void printip __P((int, u_32_t *)); -extern void printlog __P((struct frentry *)); -extern void printlookup __P((char *, i6addr_t *addr, i6addr_t *mask)); -extern void printmask __P((int, u_32_t *)); -extern void printnataddr __P((int, char *, nat_addr_t *, int)); -extern void printnatfield __P((nat_t *, int)); -extern void printnatside __P((char *, nat_stat_side_t *)); -extern void printpacket __P((int, mb_t *)); -extern void printpacket6 __P((int, mb_t *)); -extern struct ippool_dst *printdstlist __P((struct ippool_dst *, copyfunc_t, - char *, int, ipf_dstnode_t *, - wordtab_t *)); -extern void printdstlistdata __P((ippool_dst_t *, int)); -extern ipf_dstnode_t *printdstlistnode __P((ipf_dstnode_t *, copyfunc_t, - int, wordtab_t *)); -extern void printdstlistpolicy __P((ippool_policy_t)); -extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t, - char *, int, wordtab_t *)); -extern struct ip_pool_s *printpool_live __P((struct ip_pool_s *, int, - char *, int, wordtab_t *)); -extern void printpooldata __P((ip_pool_t *, int)); -extern void printpoolfield __P((void *, int, int)); -extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, - int, wordtab_t *)); -extern void printproto __P((struct protoent *, int, struct ipnat *)); -extern void printportcmp __P((int, struct frpcmp *)); -extern void printstatefield __P((ipstate_t *, int)); -extern void printtqtable __P((ipftq_t *)); -extern void printtunable __P((ipftune_t *)); -extern void printunit __P((int)); -extern void optprint __P((u_short *, u_long, u_long)); -#ifdef USE_INET6 -extern void optprintv6 __P((u_short *, u_long, u_long)); -#endif -extern int remove_hash __P((struct iphtable_s *, ioctlfunc_t)); -extern int remove_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t)); -extern int remove_pool __P((ip_pool_t *, ioctlfunc_t)); -extern int remove_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t)); -extern u_char tcpflags __P((char *)); -extern void printc __P((struct frentry *)); -extern void printC __P((int)); -extern void emit __P((int, int, void *, struct frentry *)); -extern u_char secbit __P((int)); -extern u_char seclevel __P((char *)); -extern void printfraginfo __P((char *, struct ipfr *)); -extern void printifname __P((char *, char *, void *)); -extern char *hostname __P((int, void *)); -extern struct ipstate *printstate __P((struct ipstate *, int, u_long)); -extern void printsbuf __P((char *)); -extern void printnat __P((struct ipnat *, int)); -extern void printactiveaddress __P((int, char *, i6addr_t *, char *)); -extern void printactivenat __P((struct nat *, int, u_long)); -extern void printhostmap __P((struct hostmap *, u_int)); -extern void printtcpflags __P((u_32_t, u_32_t)); -extern void printipfexpr __P((int *)); -extern void printstatefield __P((ipstate_t *, int)); -extern void printstatefieldhdr __P((int)); -extern int sendtrap_v1_0 __P((int, char *, char *, int, time_t)); -extern int sendtrap_v2_0 __P((int, char *, char *, int)); -extern int vtof __P((int)); - -extern void set_variable __P((char *, char *)); -extern char *get_variable __P((char *, char **, int)); -extern void resetlexer __P((void)); - -extern void debug __P((int, char *, ...)); -extern void verbose __P((int, char *, ...)); -extern void ipfkdebug __P((char *, ...)); -extern void ipfkverbose __P((char *, ...)); - -#if SOLARIS -extern int gethostname __P((char *, int )); -extern void sync __P((void)); -#endif - -#endif /* __IPF_H__ */ diff --git a/contrib/ipfilter/ipf_rb.h b/contrib/ipfilter/ipf_rb.h deleted file mode 100644 index 3d7a59d99d36..000000000000 --- a/contrib/ipfilter/ipf_rb.h +++ /dev/null @@ -1,364 +0,0 @@ -/* - * Copyright (C) 2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - */ -typedef enum rbcolour_e { - C_BLACK = 0, - C_RED = 1 -} rbcolour_t; - -#define RBI_LINK(_n, _t) \ - struct _n##_rb_link { \ - struct _t *left; \ - struct _t *right; \ - struct _t *parent; \ - rbcolour_t colour; \ - } - -#define RBI_HEAD(_n, _t) \ -struct _n##_rb_head { \ - struct _t top; \ - int count; \ - int (* compare)(struct _t *, struct _t *); \ -} - -#define RBI_CODE(_n, _t, _f, _cmp) \ - \ -typedef void (*_n##_rb_walker_t)(_t *, void *); \ - \ -_t * _n##_rb_delete(struct _n##_rb_head *, _t *); \ -void _n##_rb_init(struct _n##_rb_head *); \ -void _n##_rb_insert(struct _n##_rb_head *, _t *); \ -_t * _n##_rb_search(struct _n##_rb_head *, void *); \ -void _n##_rb_walktree(struct _n##_rb_head *, _n##_rb_walker_t, void *);\ - \ -static void \ -rotate_left(struct _n##_rb_head *head, _t *node) \ -{ \ - _t *parent, *tmp1, *tmp2; \ - \ - parent = node->_f.parent; \ - tmp1 = node->_f.right; \ - tmp2 = tmp1->_f.left; \ - node->_f.right = tmp2; \ - if (tmp2 != & _n##_rb_zero) \ - tmp2->_f.parent = node; \ - if (parent == & _n##_rb_zero) \ - head->top._f.right = tmp1; \ - else if (parent->_f.right == node) \ - parent->_f.right = tmp1; \ - else \ - parent->_f.left = tmp1; \ - tmp1->_f.left = node; \ - tmp1->_f.parent = parent; \ - node->_f.parent = tmp1; \ -} \ - \ -static void \ -rotate_right(struct _n##_rb_head *head, _t *node) \ -{ \ - _t *parent, *tmp1, *tmp2; \ - \ - parent = node->_f.parent; \ - tmp1 = node->_f.left; \ - tmp2 = tmp1->_f.right; \ - node->_f.left = tmp2; \ - if (tmp2 != &_n##_rb_zero) \ - tmp2->_f.parent = node; \ - if (parent == &_n##_rb_zero) \ - head->top._f.right = tmp1; \ - else if (parent->_f.right == node) \ - parent->_f.right = tmp1; \ - else \ - parent->_f.left = tmp1; \ - tmp1->_f.right = node; \ - tmp1->_f.parent = parent; \ - node->_f.parent = tmp1; \ -} \ - \ -void \ -_n##_rb_insert(struct _n##_rb_head *head, _t *node) \ -{ \ - _t *n, *parent, **p, *tmp1, *gparent; \ - \ - parent = &head->top; \ - node->_f.left = &_n##_rb_zero; \ - node->_f.right = &_n##_rb_zero; \ - p = &head->top._f.right; \ - while ((n = *p) != &_n##_rb_zero) { \ - if (_cmp(node, n) < 0) \ - p = &n->_f.left; \ - else \ - p = &n->_f.right; \ - parent = n; \ - } \ - *p = node; \ - node->_f.colour = C_RED; \ - node->_f.parent = parent; \ - \ - while ((node != &_n##_rb_zero) && (parent->_f.colour == C_RED)){\ - gparent = parent->_f.parent; \ - if (parent == gparent->_f.left) { \ - tmp1 = gparent->_f.right; \ - if (tmp1->_f.colour == C_RED) { \ - parent->_f.colour = C_BLACK; \ - tmp1->_f.colour = C_BLACK; \ - gparent->_f.colour = C_RED; \ - node = gparent; \ - } else { \ - if (node == parent->_f.right) { \ - node = parent; \ - rotate_left(head, node); \ - parent = node->_f.parent; \ - } \ - parent->_f.colour = C_BLACK; \ - gparent->_f.colour = C_RED; \ - rotate_right(head, gparent); \ - } \ - } else { \ - tmp1 = gparent->_f.left; \ - if (tmp1->_f.colour == C_RED) { \ - parent->_f.colour = C_BLACK; \ - tmp1->_f.colour = C_BLACK; \ - gparent->_f.colour = C_RED; \ - node = gparent; \ - } else { \ - if (node == parent->_f.left) { \ - node = parent; \ - rotate_right(head, node); \ - parent = node->_f.parent; \ - } \ - parent->_f.colour = C_BLACK; \ - gparent->_f.colour = C_RED; \ - rotate_left(head, parent->_f.parent); \ - } \ - } \ - parent = node->_f.parent; \ - } \ - head->top._f.right->_f.colour = C_BLACK; \ - head->count++; \ -} \ - \ -static void \ -deleteblack(struct _n##_rb_head *head, _t *parent, _t *node) \ -{ \ - _t *tmp; \ - \ - while ((node == &_n##_rb_zero || node->_f.colour == C_BLACK) && \ - node != &head->top) { \ - if (parent->_f.left == node) { \ - tmp = parent->_f.right; \ - if (tmp->_f.colour == C_RED) { \ - tmp->_f.colour = C_BLACK; \ - parent->_f.colour = C_RED; \ - rotate_left(head, parent); \ - tmp = parent->_f.right; \ - } \ - if ((tmp->_f.left == &_n##_rb_zero || \ - tmp->_f.left->_f.colour == C_BLACK) && \ - (tmp->_f.right == &_n##_rb_zero || \ - tmp->_f.right->_f.colour == C_BLACK)) { \ - tmp->_f.colour = C_RED; \ - node = parent; \ - parent = node->_f.parent; \ - } else { \ - if (tmp->_f.right == &_n##_rb_zero || \ - tmp->_f.right->_f.colour == C_BLACK) {\ - _t *tmp2 = tmp->_f.left; \ - \ - if (tmp2 != &_n##_rb_zero) \ - tmp2->_f.colour = C_BLACK;\ - tmp->_f.colour = C_RED; \ - rotate_right(head, tmp); \ - tmp = parent->_f.right; \ - } \ - tmp->_f.colour = parent->_f.colour; \ - parent->_f.colour = C_BLACK; \ - if (tmp->_f.right != &_n##_rb_zero) \ - tmp->_f.right->_f.colour = C_BLACK;\ - rotate_left(head, parent); \ - node = head->top._f.right; \ - } \ - } else { \ - tmp = parent->_f.left; \ - if (tmp->_f.colour == C_RED) { \ - tmp->_f.colour = C_BLACK; \ - parent->_f.colour = C_RED; \ - rotate_right(head, parent); \ - tmp = parent->_f.left; \ - } \ - if ((tmp->_f.left == &_n##_rb_zero || \ - tmp->_f.left->_f.colour == C_BLACK) && \ - (tmp->_f.right == &_n##_rb_zero || \ - tmp->_f.right->_f.colour == C_BLACK)) { \ - tmp->_f.colour = C_RED; \ - node = parent; \ - parent = node->_f.parent; \ - } else { \ - if (tmp->_f.left == &_n##_rb_zero || \ - tmp->_f.left->_f.colour == C_BLACK) {\ - _t *tmp2 = tmp->_f.right; \ - \ - if (tmp2 != &_n##_rb_zero) \ - tmp2->_f.colour = C_BLACK;\ - tmp->_f.colour = C_RED; \ - rotate_left(head, tmp); \ - tmp = parent->_f.left; \ - } \ - tmp->_f.colour = parent->_f.colour; \ - parent->_f.colour = C_BLACK; \ - if (tmp->_f.left != &_n##_rb_zero) \ - tmp->_f.left->_f.colour = C_BLACK;\ - rotate_right(head, parent); \ - node = head->top._f.right; \ - break; \ - } \ - } \ - } \ - if (node != &_n##_rb_zero) \ - node->_f.colour = C_BLACK; \ -} \ - \ -_t * \ -_n##_rb_delete(struct _n##_rb_head *head, _t *node) \ -{ \ - _t *child, *parent, *old = node, *left; \ - rbcolour_t color; \ - \ - if (node->_f.left == &_n##_rb_zero) { \ - child = node->_f.right; \ - } else if (node->_f.right == &_n##_rb_zero) { \ - child = node->_f.left; \ - } else { \ - node = node->_f.right; \ - while ((left = node->_f.left) != &_n##_rb_zero) \ - node = left; \ - child = node->_f.right; \ - parent = node->_f.parent; \ - color = node->_f.colour; \ - if (child != &_n##_rb_zero) \ - child->_f.parent = parent; \ - if (parent != &_n##_rb_zero) { \ - if (parent->_f.left == node) \ - parent->_f.left = child; \ - else \ - parent->_f.right = child; \ - } else { \ - head->top._f.right = child; \ - } \ - if (node->_f.parent == old) \ - parent = node; \ - *node = *old; \ - if (old->_f.parent != &_n##_rb_zero) { \ - if (old->_f.parent->_f.left == old) \ - old->_f.parent->_f.left = node; \ - else \ - old->_f.parent->_f.right = node; \ - } else { \ - head->top._f.right = child; \ - } \ - old->_f.left->_f.parent = node; \ - if (old->_f.right != &_n##_rb_zero) \ - old->_f.right->_f.parent = node; \ - if (parent != &_n##_rb_zero) { \ - left = parent; \ - } \ - goto colour; \ - } \ - parent = node->_f.parent; \ - color= node->_f.colour; \ - if (child != &_n##_rb_zero) \ - child->_f.parent = parent; \ - if (parent != &_n##_rb_zero) { \ - if (parent->_f.left == node) \ - parent->_f.left = child; \ - else \ - parent->_f.right = child; \ - } else { \ - head->top._f.right = child; \ - } \ -colour: \ - if (color == C_BLACK) \ - deleteblack(head, parent, node); \ - head->count--; \ - return old; \ -} \ - \ -void \ -_n##_rb_init(struct _n##_rb_head *head) \ -{ \ - memset(head, 0, sizeof(*head)); \ - memset(&_n##_rb_zero, 0, sizeof(_n##_rb_zero)); \ - head->top._f.left = &_n##_rb_zero; \ - head->top._f.right = &_n##_rb_zero; \ - head->top._f.parent = &head->top; \ - _n##_rb_zero._f.left = &_n##_rb_zero; \ - _n##_rb_zero._f.right = &_n##_rb_zero; \ - _n##_rb_zero._f.parent = &_n##_rb_zero; \ -} \ - \ -void \ -_n##_rb_walktree(struct _n##_rb_head *head, _n##_rb_walker_t func, void *arg)\ -{ \ - _t *prev; \ - _t *next; \ - _t *node = head->top._f.right; \ - _t *base; \ - \ - while (node != &_n##_rb_zero) \ - node = node->_f.left; \ - \ - for (;;) { \ - base = node; \ - prev = node; \ - while ((node->_f.parent->_f.right == node) && \ - (node != &_n##_rb_zero)) { \ - prev = node; \ - node = node->_f.parent; \ - } \ - \ - node = prev; \ - for (node = node->_f.parent->_f.right; node != &_n##_rb_zero;\ - node = node->_f.left) \ - prev = node; \ - next = prev; \ - \ - if (node != &_n##_rb_zero) \ - func(node, arg); \ - \ - node = next; \ - if (node == &_n##_rb_zero) \ - break; \ - } \ -} \ - \ -_t * \ -_n##_rb_search(struct _n##_rb_head *head, void *key) \ -{ \ - int match; \ - _t *node; \ - node = head->top._f.right; \ - while (node != &_n##_rb_zero) { \ - match = _cmp(key, node); \ - if (match == 0) \ - break; \ - if (match< 0) \ - node = node->_f.left; \ - else \ - node = node->_f.right; \ - } \ - if (node == &_n##_rb_zero || match != 0) \ - return (NULL); \ - return (node); \ -} - -#define RBI_DELETE(_n, _h, _v) _n##_rb_delete(_h, _v) -#define RBI_FIELD(_n) struct _n##_rb_link -#define RBI_INIT(_n, _h) _n##_rb_init(_h) -#define RBI_INSERT(_n, _h, _v) _n##_rb_insert(_h, _v) -#define RBI_ISEMPTY(_h) ((_h)->count == 0) -#define RBI_SEARCH(_n, _h, _k) _n##_rb_search(_h, _k) -#define RBI_WALK(_n, _h, _w, _a) _n##_rb_walktree(_h, _w, _a) -#define RBI_ZERO(_n) _n##_rb_zero diff --git a/contrib/ipfilter/iplang/BNF b/contrib/ipfilter/iplang/BNF deleted file mode 100644 index b5fb8d09ae2d..000000000000 --- a/contrib/ipfilter/iplang/BNF +++ /dev/null @@ -1,69 +0,0 @@ -line ::= iface | arp | send | defrouter | ipv4line . - -iface ::= ifhdr "{" ifaceopts "}" ";" . -ifhdr ::= "interface" | "iface" . -ifaceopts ::= "ifname" name | "mtu" mtu | "v4addr" ipaddr | - "eaddr" eaddr . - -send ::= "send" ";" | "send" "{" sendbodyopts "}" ";" . -sendbodyopts ::= sendbody [ sendbodyopts ] . -sendbody ::= "ifname" name | "via" ipaddr . - -defrouter ::= "router" ipaddr . - -arp ::= "arp" "{" arpbodyopts "}" ";" . -arpbodyopts ::= arpbody [ arpbodyopts ] . -arpbody ::= "v4addr" ipaddr | "eaddr" eaddr . - -bodyline ::= ipv4line | tcpline | udpline | icmpline | dataline . - -ipv4line ::= "ipv4" "{" ipv4bodyopts "}" ";" . -ipv4bodyopts ::= ipv4body [ ipv4bodyopts ] | bodyline . -ipv4body ::= "proto" protocol | "src" ipaddr | "dst" ipaddr | - "off" number | "v" number | "hl" number| "id" number | - "ttl" number | "tos" number | "sum" number | "len" number | - "opt" "{" ipv4optlist "}" ";" . -ipv4optlist ::= ipv4option [ ipv4optlist ] . -ipv4optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | - "tr" | "sec" | "lsrr" | "e-sec" | "cipso" | "satid" | - "ssrr" | "addext" | "visa" | "imitd" | "eip" | "finn" | - "secclass" ipv4secclass. -ipv4secclass := "unclass" | "confid" | "reserv-1" | "reserv-2" | - "reserv-3" | "reserv-4" | "secret" | "topsecret" . - -tcpline ::= "tcp" "{" tcpbodyopts "}" ";" . -tcpbodyopts ::= tcpbody [ tcpbodyopts ] | bodyline . -tcpbody ::= "sport" port | "dport" port | "seq" number | "ack" number | - "off" number | "urp" number | "win" number | "sum" number | - "flags" tcpflags | data . - -udpline ::= "udp" "{" udpbodyopts "}" ";" . -udpbodyopts ::= udpbody [ udpbodyopts ] | bodyline . -udpbody ::= "sport" port | "dport" port | "len" number | "sum" number | - data . - -icmpline ::= "icmp" "{" icmpbodyopts "}" ";" . -icmpbodyopts ::= icmpbody [ icmpbodyopts ] | bodyline . -icmpbody ::= "type" icmptype [ "code" icmpcode ] . -icmptype ::= "echorep" | "echorep" "{" echoopts "}" ";" | "unreach" | - "unreach" "{" unreachtype "}" ";" | "squench" | "redir" | - "redir" "{" redirtype "}" ";" | "echo" "{" echoopts "}" ";" | - "echo" | "routerad" | "routersol" | "timex" | - "timex" "{" timextype "}" ";" | "paramprob" | - "paramprob" "{" parapptype "}" ";" | "timest" | "timestrep" | - "inforeq" | "inforep" | "maskreq" | "maskrep" . - -echoopts ::= echoopts [ icmpechoopts ] . -unreachtype ::= "net-unr" | "host-unr" | "proto-unr" | "port-unr" | - "needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" | - "net-prohib" | "host-prohib" | "net-tos" | "host-tos" | - "filter-prohib" | "host-preced" | "cutoff-preced" . -redirtype ::= "net-redir" | "host-redir" | "tos-net-redir" | - "tos-host-redir" . -timextype ::= "intrans" | "reass" . -paramptype ::= "optabsent" . - -data ::= "data" "{" databodyopts "}" ";" . -databodyopts ::= "len" number | "value" string | "file" filename . - -icmpechoopts ::= "icmpseq" number | "icmpid" number . diff --git a/contrib/ipfilter/iplang/Makefile b/contrib/ipfilter/iplang/Makefile deleted file mode 100644 index 5b53e9a43609..000000000000 --- a/contrib/ipfilter/iplang/Makefile +++ /dev/null @@ -1,31 +0,0 @@ -# -# See the IPFILTER.LICENCE file for details on licencing. -# -#CC=gcc -Wuninitialized -Wstrict-prototypes -Werror -O -CFLAGS=-I.. - -all: $(DESTDIR)/iplang_y.o $(DESTDIR)/iplang_l.o - -$(DESTDIR)/iplang_y.o: $(DESTDIR)/iplang_y.c - $(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/iplang_y.c -o $@ - -$(DESTDIR)/iplang_l.o: $(DESTDIR)/iplang_l.c - $(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/iplang_l.c -o $@ - -iplang_y.o: iplang_y.c - $(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c $< -o $@ - -iplang_l.o: iplang_l.c - $(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c $< -o $@ - -$(DESTDIR)/iplang_l.c: iplang_l.l $(DESTDIR)/iplang_y.h - lex iplang_l.l - mv lex.yy.c $(DESTDIR)/iplang_l.c - -$(DESTDIR)/iplang_y.c $(DESTDIR)/iplang_y.h: iplang_y.y - yacc -d iplang_y.y - mv y.tab.c $(DESTDIR)/iplang_y.c - mv y.tab.h $(DESTDIR)/iplang_y.h - -clean: - /bin/rm -f *.o lex.yy.c y.tab.c y.tab.h diff --git a/contrib/ipfilter/iplang/iplang.h b/contrib/ipfilter/iplang/iplang.h deleted file mode 100644 index 63cc078322a3..000000000000 --- a/contrib/ipfilter/iplang/iplang.h +++ /dev/null @@ -1,54 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Copyright (C) 2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -typedef struct iface { - int if_MTU; - char *if_name; - struct in_addr if_addr; - struct ether_addr if_eaddr; - struct iface *if_next; - int if_fd; -} iface_t; - - -typedef struct send { - struct iface *snd_if; - struct in_addr snd_gw; -} send_t; - - -typedef struct arp { - struct in_addr arp_addr; - struct ether_addr arp_eaddr; - struct arp *arp_next; -} arp_t; - - -typedef struct aniphdr { - union { - ip_t *ahu_ip; - char *ahu_data; - tcphdr_t *ahu_tcp; - udphdr_t *ahu_udp; - icmphdr_t *ahu_icmp; - } ah_un; - int ah_optlen; - int ah_lastopt; - int ah_p; - size_t ah_len; - struct aniphdr *ah_next; - struct aniphdr *ah_prev; -} aniphdr_t; - -#define ah_ip ah_un.ahu_ip -#define ah_data ah_un.ahu_data -#define ah_tcp ah_un.ahu_tcp -#define ah_udp ah_un.ahu_udp -#define ah_icmp ah_un.ahu_icmp - -extern int get_arpipv4 __P((char *, char *)); - diff --git a/contrib/ipfilter/iplang/iplang.tst b/contrib/ipfilter/iplang/iplang.tst deleted file mode 100644 index 841c3aed1316..000000000000 --- a/contrib/ipfilter/iplang/iplang.tst +++ /dev/null @@ -1,11 +0,0 @@ -# -interface { ifname le0; mtu 1500; } ; - -ipv4 { - src 1.1.1.1; dst 2.2.2.2; - tcp { - seq 12345; ack 0; sport 9999; dport 23; flags S; - data { value "abcdef"; } ; - } ; -} ; -send { via 10.1.1.1; } ; diff --git a/contrib/ipfilter/iplang/iplang_l.l b/contrib/ipfilter/iplang/iplang_l.l deleted file mode 100644 index 029a4175bbec..000000000000 --- a/contrib/ipfilter/iplang/iplang_l.l +++ /dev/null @@ -1,322 +0,0 @@ -/* $FreeBSD$ */ - -%{ -/* - * Copyright (C) 2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id$ - */ -#include -#include -#include -#if defined(__SVR4) || defined(__sysv__) -#include -#endif -#include -#include -#include -#include "iplang_y.h" -#include "ipf.h" - -#ifndef __P -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif - -extern int opts; - -int lineNum = 0, ipproto = 0, oldipproto = 0, next = -1, laststate = 0; -int *prstack = NULL, numpr = 0, state = 0, token = 0; - -void yyerror __P((char *)); -void push_proto __P((void)); -void pop_proto __P((void)); -int next_state __P((int, int)); -int next_item __P((int)); -int save_token __P((void)); -void swallow __P((void)); -int yylex __P((void)); - -struct lwordtab { - char *word; - int state; - int next; -}; - -struct lwordtab words[] = { - { "interface", IL_INTERFACE, -1 }, - { "iface", IL_INTERFACE, -1 }, - { "name", IL_IFNAME, IL_TOKEN }, - { "ifname", IL_IFNAME, IL_TOKEN }, - { "router", IL_DEFROUTER, IL_TOKEN }, - { "mtu", IL_MTU, IL_NUMBER }, - { "eaddr", IL_EADDR, IL_TOKEN }, - { "v4addr", IL_V4ADDR, IL_TOKEN }, - { "ipv4", IL_IPV4, -1 }, - { "v", IL_V4V, IL_TOKEN }, - { "proto", IL_V4PROTO, IL_TOKEN }, - { "hl", IL_V4HL, IL_TOKEN }, - { "id", IL_V4ID, IL_TOKEN }, - { "ttl", IL_V4TTL, IL_TOKEN }, - { "tos", IL_V4TOS, IL_TOKEN }, - { "src", IL_V4SRC, IL_TOKEN }, - { "dst", IL_V4DST, IL_TOKEN }, - { "opt", IL_OPT, -1 }, - { "len", IL_LEN, IL_TOKEN }, - { "off", IL_OFF, IL_TOKEN }, - { "sum", IL_SUM, IL_TOKEN }, - { "tcp", IL_TCP, -1 }, - { "sport", IL_SPORT, IL_TOKEN }, - { "dport", IL_DPORT, IL_TOKEN }, - { "seq", IL_TCPSEQ, IL_TOKEN }, - { "ack", IL_TCPACK, IL_TOKEN }, - { "flags", IL_TCPFL, IL_TOKEN }, - { "urp", IL_TCPURP, IL_TOKEN }, - { "win", IL_TCPWIN, IL_TOKEN }, - { "udp", IL_UDP, -1 }, - { "send", IL_SEND, -1 }, - { "via", IL_VIA, IL_TOKEN }, - { "arp", IL_ARP, -1 }, - { "data", IL_DATA, -1 }, - { "value", IL_DVALUE, IL_TOKEN }, - { "file", IL_DFILE, IL_TOKEN }, - { "nop", IL_IPO_NOP, -1 }, - { "eol", IL_IPO_EOL, -1 }, - { "rr", IL_IPO_RR, -1 }, - { "zsu", IL_IPO_ZSU, -1 }, - { "mtup", IL_IPO_MTUP, -1 }, - { "mtur", IL_IPO_MTUR, -1 }, - { "encode", IL_IPO_ENCODE, -1 }, - { "ts", IL_IPO_TS, -1 }, - { "tr", IL_IPO_TR, -1 }, - { "sec", IL_IPO_SEC, -1 }, - { "secclass", IL_IPO_SECCLASS, IL_TOKEN }, - { "lsrr", IL_IPO_LSRR, -1 }, - { "esec", IL_IPO_ESEC, -1 }, - { "cipso", IL_IPO_CIPSO, -1 }, - { "satid", IL_IPO_SATID, -1 }, - { "ssrr", IL_IPO_SSRR, -1 }, - { "addext", IL_IPO_ADDEXT, -1 }, - { "visa", IL_IPO_VISA, -1 }, - { "imitd", IL_IPO_IMITD, -1 }, - { "eip", IL_IPO_EIP, -1 }, - { "finn", IL_IPO_FINN, -1 }, - { "mss", IL_TCPO_MSS, IL_TOKEN }, - { "wscale", IL_TCPO_WSCALE, IL_TOKEN }, - { "reserv-4", IL_IPS_RESERV4, -1 }, - { "topsecret", IL_IPS_TOPSECRET, -1 }, - { "secret", IL_IPS_SECRET, -1 }, - { "reserv-3", IL_IPS_RESERV3, -1 }, - { "confid", IL_IPS_CONFID, -1 }, - { "unclass", IL_IPS_UNCLASS, -1 }, - { "reserv-2", IL_IPS_RESERV2, -1 }, - { "reserv-1", IL_IPS_RESERV1, -1 }, - { "icmp", IL_ICMP, -1 }, - { "type", IL_ICMPTYPE, -1 }, - { "code", IL_ICMPCODE, -1 }, - { "echorep", IL_ICMP_ECHOREPLY, -1 }, - { "unreach", IL_ICMP_UNREACH, -1 }, - { "squench", IL_ICMP_SOURCEQUENCH, -1 }, - { "redir", IL_ICMP_REDIRECT, -1 }, - { "echo", IL_ICMP_ECHO, -1 }, - { "routerad", IL_ICMP_ROUTERADVERT, -1 }, - { "routersol", IL_ICMP_ROUTERSOLICIT, -1 }, - { "timex", IL_ICMP_TIMXCEED, -1 }, - { "paramprob", IL_ICMP_PARAMPROB, -1 }, - { "timest", IL_ICMP_TSTAMP, -1 }, - { "timestrep", IL_ICMP_TSTAMPREPLY, -1 }, - { "inforeq", IL_ICMP_IREQ, -1 }, - { "inforep", IL_ICMP_IREQREPLY, -1 }, - { "maskreq", IL_ICMP_MASKREQ, -1 }, - { "maskrep", IL_ICMP_MASKREPLY, -1 }, - { "net-unr", IL_ICMP_UNREACH_NET, -1 }, - { "host-unr", IL_ICMP_UNREACH_HOST, -1 }, - { "proto-unr", IL_ICMP_UNREACH_PROTOCOL, -1 }, - { "port-unr", IL_ICMP_UNREACH_PORT, -1 }, - { "needfrag", IL_ICMP_UNREACH_NEEDFRAG, -1 }, - { "srcfail", IL_ICMP_UNREACH_SRCFAIL, -1 }, - { "net-unk", IL_ICMP_UNREACH_NET_UNKNOWN, -1 }, - { "host-unk", IL_ICMP_UNREACH_HOST_UNKNOWN, -1 }, - { "isolate", IL_ICMP_UNREACH_ISOLATED, -1 }, - { "net-prohib", IL_ICMP_UNREACH_NET_PROHIB, -1 }, - { "host-prohib", IL_ICMP_UNREACH_HOST_PROHIB, -1 }, - { "net-tos", IL_ICMP_UNREACH_TOSNET, -1 }, - { "host-tos", IL_ICMP_UNREACH_TOSHOST, -1 }, - { "filter-prohib", IL_ICMP_UNREACH_FILTER_PROHIB, -1 }, - { "host-preced", IL_ICMP_UNREACH_HOST_PRECEDENCE, -1 }, - { "cutoff-preced", IL_ICMP_UNREACH_PRECEDENCE_CUTOFF, -1 }, - { "net-redir", IL_ICMP_REDIRECT_NET, -1 }, - { "host-redir", IL_ICMP_REDIRECT_HOST, -1 }, - { "tos-net-redir", IL_ICMP_REDIRECT_TOSNET, -1 }, - { "tos-host-redir", IL_ICMP_REDIRECT_TOSHOST, -1 }, - { "intrans", IL_ICMP_TIMXCEED_INTRANS, -1 }, - { "reass", IL_ICMP_TIMXCEED_REASS, -1 }, - { "optabsent", IL_ICMP_PARAMPROB_OPTABSENT, -1 }, - { "otime", IL_ICMP_OTIME, -1 }, - { "rtime", IL_ICMP_RTIME, -1 }, - { "ttime", IL_ICMP_TTIME, -1 }, - { "icmpseq", IL_ICMP_SEQ, -1 }, - { "icmpid", IL_ICMP_SEQ, -1 }, - { ".", IL_DOT, -1 }, - { NULL, 0, 0 } -}; -%} -white [ \t\r]+ -%% -{white} ; -\n { lineNum++; swallow(); } -\{ { push_proto(); return next_item('{'); } -\} { pop_proto(); return next_item('}'); } -; { return next_item(';'); } -[0-9]+ { return next_item(IL_NUMBER); } -[0-9a-fA-F] { return next_item(IL_HEXDIGIT); } -: { return next_item(IL_COLON); } -#[^\n]* { return next_item(IL_COMMENT); } -[^ \{\}\n\t;:{}]* { return next_item(IL_TOKEN); } -\"[^\"]*\" { return next_item(IL_TOKEN); } -%% -void yyerror(msg) -char *msg; -{ - fprintf(stderr, "%s error at \"%s\", line %d\n", msg, yytext, - lineNum + 1); - exit(1); -} - - -void push_proto() -{ - numpr++; - if (!prstack) - prstack = (int *)malloc(sizeof(int)); - else - prstack = (int *)realloc((char *)prstack, numpr * sizeof(int)); - prstack[numpr - 1] = oldipproto; -} - - -void pop_proto() -{ - numpr--; - ipproto = prstack[numpr]; - if (!numpr) { - free(prstack); - prstack = NULL; - return; - } - prstack = (int *)realloc((char *)prstack, numpr * sizeof(int)); -} - - -int save_token() -{ - - yylval.str = strdup((char *)yytext); - return IL_TOKEN; -} - - -int next_item(nstate) -int nstate; -{ - struct lwordtab *wt; - - if (opts & OPT_DEBUG) - printf("text=[%s] id=%d next=%d\n", yytext, nstate, next); - if (next == IL_TOKEN) { - next = -1; - return save_token(); - } - token++; - - for (wt = words; wt->word; wt++) - if (!strcasecmp(wt->word, (char *)yytext)) - return next_state(wt->state, wt->next); - if (opts & OPT_DEBUG) - printf("unknown keyword=[%s]\n", yytext); - next = -1; - if (nstate == IL_NUMBER) - yylval.num = atoi((char *)yytext); - token++; - return nstate; -} - - -int next_state(nstate, fornext) -int nstate, fornext; -{ - next = fornext; - - switch (nstate) - { - case IL_IPV4 : - case IL_TCP : - case IL_UDP : - case IL_ICMP : - case IL_DATA : - case IL_INTERFACE : - case IL_ARP : - oldipproto = ipproto; - ipproto = nstate; - break; - case IL_SUM : - if (ipproto == IL_IPV4) - nstate = IL_V4SUM; - else if (ipproto == IL_TCP) - nstate = IL_TCPSUM; - else if (ipproto == IL_UDP) - nstate = IL_UDPSUM; - break; - case IL_OPT : - if (ipproto == IL_IPV4) - nstate = IL_V4OPT; - else if (ipproto == IL_TCP) - nstate = IL_TCPOPT; - break; - case IL_IPO_NOP : - if (ipproto == IL_TCP) - nstate = IL_TCPO_NOP; - break; - case IL_IPO_EOL : - if (ipproto == IL_TCP) - nstate = IL_TCPO_EOL; - break; - case IL_IPO_TS : - if (ipproto == IL_TCP) - nstate = IL_TCPO_TS; - break; - case IL_OFF : - if (ipproto == IL_IPV4) - nstate = IL_V4OFF; - else if (ipproto == IL_TCP) - nstate = IL_TCPOFF; - break; - case IL_LEN : - if (ipproto == IL_IPV4) - nstate = IL_V4LEN; - else if (ipproto == IL_UDP) - nstate = IL_UDPLEN; - break; - } - return nstate; -} - - -void swallow() -{ - int c; - - c = input(); - - if (c == '#') { - while ((c != '\n') && (c != EOF)) - c = input(); - } - if (c != EOF) - unput(c); -} diff --git a/contrib/ipfilter/iplang/iplang_y.y b/contrib/ipfilter/iplang/iplang_y.y deleted file mode 100644 index 98c8f1a983ea..000000000000 --- a/contrib/ipfilter/iplang/iplang_y.y +++ /dev/null @@ -1,1858 +0,0 @@ -/* $FreeBSD$ */ - -%{ -/* - * Copyright (C) 2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * Id: iplang_y.y,v 2.9.2.4 2006/03/17 12:11:29 darrenr Exp $ - * $FreeBSD$ - */ - -#include -#include -#include -#if !defined(__SVR4) && !defined(__svr4__) -# include -#else -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -# include -# include -# include -#endif -#include -#include -#include -#include -#include -#include "ipsend.h" -#include "ip_compat.h" -#include "ipf.h" -#include "iplang.h" - -#if !defined(__NetBSD__) && (!defined(__FreeBSD_version) && \ - __FreeBSD_version < 400020) && (!SOLARIS || SOLARIS2 < 10) -extern struct ether_addr *ether_aton __P((char *)); -#endif - -extern int opts; -extern struct ipopt_names ionames[]; -extern int state, state, lineNum, token; -extern int yylineno; -extern char yytext[]; -extern FILE *yyin; -int yylex __P((void)); -#define YYDEBUG 1 -#if !defined(ultrix) && !defined(hpux) -int yydebug = 1; -#else -extern int yydebug; -#endif - -iface_t *iflist = NULL, **iftail = &iflist; -iface_t *cifp = NULL; -arp_t *arplist = NULL, **arptail = &arplist, *carp = NULL; -struct in_addr defrouter; -send_t sending; -char *sclass = NULL; -u_short c_chksum __P((u_short *, u_int, u_long)); -u_long p_chksum __P((u_short *, u_int)); - -u_long ipbuffer[67584/sizeof(u_long)]; /* 66K */ -aniphdr_t *aniphead = NULL, *canip = NULL, **aniptail = &aniphead; -ip_t *ip = NULL; -udphdr_t *udp = NULL; -tcphdr_t *tcp = NULL; -icmphdr_t *icmp = NULL; - -struct statetoopt { - int sto_st; - int sto_op; -}; - -struct in_addr getipv4addr __P((char *arg)); -u_short getportnum __P((char *, char *)); -struct ether_addr *geteaddr __P((char *, struct ether_addr *)); -void *new_header __P((int)); -void free_aniplist __P((void)); -void inc_anipheaders __P((int)); -void new_data __P((void)); -void set_datalen __P((char **)); -void set_datafile __P((char **)); -void set_data __P((char **)); -void new_packet __P((void)); -void set_ipv4proto __P((char **)); -void set_ipv4src __P((char **)); -void set_ipv4dst __P((char **)); -void set_ipv4off __P((char **)); -void set_ipv4v __P((char **)); -void set_ipv4hl __P((char **)); -void set_ipv4ttl __P((char **)); -void set_ipv4tos __P((char **)); -void set_ipv4id __P((char **)); -void set_ipv4sum __P((char **)); -void set_ipv4len __P((char **)); -void new_tcpheader __P((void)); -void set_tcpsport __P((char **)); -void set_tcpdport __P((char **)); -void set_tcpseq __P((char **)); -void set_tcpack __P((char **)); -void set_tcpoff __P((char **)); -void set_tcpurp __P((char **)); -void set_tcpwin __P((char **)); -void set_tcpsum __P((char **)); -void set_tcpflags __P((char **)); -void set_tcpopt __P((int, char **)); -void end_tcpopt __P((void)); -void new_udpheader __P((void)); -void set_udplen __P((char **)); -void set_udpsum __P((char **)); -void prep_packet __P((void)); -void packet_done __P((void)); -void new_interface __P((void)); -void check_interface __P((void)); -void set_ifname __P((char **)); -void set_ifmtu __P((int)); -void set_ifv4addr __P((char **)); -void set_ifeaddr __P((char **)); -void new_arp __P((void)); -void set_arpeaddr __P((char **)); -void set_arpv4addr __P((char **)); -void reset_send __P((void)); -void set_sendif __P((char **)); -void set_sendvia __P((char **)); -void set_defaultrouter __P((char **)); -void new_icmpheader __P((void)); -void set_icmpcode __P((int)); -void set_icmptype __P((int)); -void set_icmpcodetok __P((char **)); -void set_icmptypetok __P((char **)); -void set_icmpid __P((int)); -void set_icmpseq __P((int)); -void set_icmpotime __P((int)); -void set_icmprtime __P((int)); -void set_icmpttime __P((int)); -void set_icmpmtu __P((int)); -void set_redir __P((int, char **)); -void new_ipv4opt __P((void)); -void set_icmppprob __P((int)); -void add_ipopt __P((int, void *)); -void end_ipopt __P((void)); -void set_secclass __P((char **)); -void free_anipheader __P((void)); -void end_ipv4 __P((void)); -void end_icmp __P((void)); -void end_udp __P((void)); -void end_tcp __P((void)); -void end_data __P((void)); -void yyerror __P((char *)); -void iplang __P((FILE *)); -int arp_getipv4 __P((char *, char *)); -int yyparse __P((void)); -%} -%union { - char *str; - int num; -} -%token IL_NUMBER -%type number digits optnumber -%token IL_TOKEN -%type token optoken -%token IL_HEXDIGIT IL_COLON IL_DOT IL_EOF IL_COMMENT -%token IL_INTERFACE IL_IFNAME IL_MTU IL_EADDR -%token IL_IPV4 IL_V4PROTO IL_V4SRC IL_V4DST IL_V4OFF IL_V4V IL_V4HL IL_V4TTL -%token IL_V4TOS IL_V4SUM IL_V4LEN IL_V4OPT IL_V4ID -%token IL_TCP IL_SPORT IL_DPORT IL_TCPFL IL_TCPSEQ IL_TCPACK IL_TCPOFF -%token IL_TCPWIN IL_TCPSUM IL_TCPURP IL_TCPOPT IL_TCPO_NOP IL_TCPO_EOL -%token IL_TCPO_MSS IL_TCPO_WSCALE IL_TCPO_TS -%token IL_UDP IL_UDPLEN IL_UDPSUM -%token IL_ICMP IL_ICMPTYPE IL_ICMPCODE -%token IL_SEND IL_VIA -%token IL_ARP -%token IL_DEFROUTER -%token IL_SUM IL_OFF IL_LEN IL_V4ADDR IL_OPT -%token IL_DATA IL_DLEN IL_DVALUE IL_DFILE -%token IL_IPO_NOP IL_IPO_RR IL_IPO_ZSU IL_IPO_MTUP IL_IPO_MTUR IL_IPO_EOL -%token IL_IPO_TS IL_IPO_TR IL_IPO_SEC IL_IPO_LSRR IL_IPO_ESEC -%token IL_IPO_SATID IL_IPO_SSRR IL_IPO_ADDEXT IL_IPO_VISA IL_IPO_IMITD -%token IL_IPO_EIP IL_IPO_FINN IL_IPO_SECCLASS IL_IPO_CIPSO IL_IPO_ENCODE -%token IL_IPS_RESERV4 IL_IPS_TOPSECRET IL_IPS_SECRET IL_IPS_RESERV3 -%token IL_IPS_CONFID IL_IPS_UNCLASS IL_IPS_RESERV2 IL_IPS_RESERV1 -%token IL_ICMP_ECHOREPLY IL_ICMP_UNREACH IL_ICMP_UNREACH_NET -%token IL_ICMP_UNREACH_HOST IL_ICMP_UNREACH_PROTOCOL IL_ICMP_UNREACH_PORT -%token IL_ICMP_UNREACH_NEEDFRAG IL_ICMP_UNREACH_SRCFAIL -%token IL_ICMP_UNREACH_NET_UNKNOWN IL_ICMP_UNREACH_HOST_UNKNOWN -%token IL_ICMP_UNREACH_ISOLATED IL_ICMP_UNREACH_NET_PROHIB -%token IL_ICMP_UNREACH_HOST_PROHIB IL_ICMP_UNREACH_TOSNET -%token IL_ICMP_UNREACH_TOSHOST IL_ICMP_UNREACH_FILTER_PROHIB -%token IL_ICMP_UNREACH_HOST_PRECEDENCE IL_ICMP_UNREACH_PRECEDENCE_CUTOFF -%token IL_ICMP_SOURCEQUENCH IL_ICMP_REDIRECT IL_ICMP_REDIRECT_NET -%token IL_ICMP_REDIRECT_HOST IL_ICMP_REDIRECT_TOSNET -%token IL_ICMP_REDIRECT_TOSHOST IL_ICMP_ECHO IL_ICMP_ROUTERADVERT -%token IL_ICMP_ROUTERSOLICIT IL_ICMP_TIMXCEED IL_ICMP_TIMXCEED_INTRANS -%token IL_ICMP_TIMXCEED_REASS IL_ICMP_PARAMPROB IL_ICMP_PARAMPROB_OPTABSENT -%token IL_ICMP_TSTAMP IL_ICMP_TSTAMPREPLY IL_ICMP_IREQ IL_ICMP_IREQREPLY -%token IL_ICMP_MASKREQ IL_ICMP_MASKREPLY IL_ICMP_SEQ IL_ICMP_ID -%token IL_ICMP_OTIME IL_ICMP_RTIME IL_ICMP_TTIME - -%% -file: line - | line file - | IL_COMMENT - | IL_COMMENT file - ; - -line: iface - | arp - | send - | defrouter - | ipline - ; - -iface: ifhdr '{' ifaceopts '}' ';' { check_interface(); } - ; - -ifhdr: IL_INTERFACE { new_interface(); } - ; - -ifaceopts: - ifaceopt - | ifaceopt ifaceopts - ; - -ifaceopt: - IL_IFNAME token { set_ifname(&$2); } - | IL_MTU number { set_ifmtu($2); } - | IL_V4ADDR token { set_ifv4addr(&$2); } - | IL_EADDR token { set_ifeaddr(&$2); } - ; - -send: sendhdr '{' sendbody '}' ';' { packet_done(); } - | sendhdr ';' { packet_done(); } - ; - -sendhdr: - IL_SEND { reset_send(); } - ; - -sendbody: - sendopt - | sendbody sendopt - ; - -sendopt: - IL_IFNAME token { set_sendif(&$2); } - | IL_VIA token { set_sendvia(&$2); } - ; - -arp: arphdr '{' arpbody '}' ';' - ; - -arphdr: IL_ARP { new_arp(); } - ; - -arpbody: - arpopt - | arpbody arpopt - ; - -arpopt: IL_V4ADDR token { set_arpv4addr(&$2); } - | IL_EADDR token { set_arpeaddr(&$2); } - ; - -defrouter: - IL_DEFROUTER token { set_defaultrouter(&$2); } - ; - -bodyline: - ipline - | tcp tcpline - | udp udpline - | icmp icmpline - | data dataline - ; - -ipline: ipv4 '{' ipv4body '}' ';' { end_ipv4(); } - ; - -ipv4: IL_IPV4 { new_packet(); } - -ipv4body: - ipv4type - | ipv4type ipv4body - | bodyline - ; - -ipv4type: - IL_V4PROTO token { set_ipv4proto(&$2); } - | IL_V4SRC token { set_ipv4src(&$2); } - | IL_V4DST token { set_ipv4dst(&$2); } - | IL_V4OFF token { set_ipv4off(&$2); } - | IL_V4V token { set_ipv4v(&$2); } - | IL_V4HL token { set_ipv4hl(&$2); } - | IL_V4ID token { set_ipv4id(&$2); } - | IL_V4TTL token { set_ipv4ttl(&$2); } - | IL_V4TOS token { set_ipv4tos(&$2); } - | IL_V4SUM token { set_ipv4sum(&$2); } - | IL_V4LEN token { set_ipv4len(&$2); } - | ipv4opt '{' ipv4optlist '}' ';' { end_ipopt(); } - ; - -tcp: IL_TCP { new_tcpheader(); } - ; - -tcpline: - '{' tcpheader '}' ';' { end_tcp(); } - ; - -tcpheader: - tcpbody - | tcpbody tcpheader - | bodyline - ; - -tcpbody: - IL_SPORT token { set_tcpsport(&$2); } - | IL_DPORT token { set_tcpdport(&$2); } - | IL_TCPSEQ token { set_tcpseq(&$2); } - | IL_TCPACK token { set_tcpack(&$2); } - | IL_TCPOFF token { set_tcpoff(&$2); } - | IL_TCPURP token { set_tcpurp(&$2); } - | IL_TCPWIN token { set_tcpwin(&$2); } - | IL_TCPSUM token { set_tcpsum(&$2); } - | IL_TCPFL token { set_tcpflags(&$2); } - | IL_TCPOPT '{' tcpopts '}' ';' { end_tcpopt(); } - ; - -tcpopts: - | tcpopt tcpopts - ; - -tcpopt: IL_TCPO_NOP ';' { set_tcpopt(IL_TCPO_NOP, NULL); } - | IL_TCPO_EOL ';' { set_tcpopt(IL_TCPO_EOL, NULL); } - | IL_TCPO_MSS optoken { set_tcpopt(IL_TCPO_MSS,&$2);} - | IL_TCPO_WSCALE optoken { set_tcpopt(IL_TCPO_WSCALE,&$2);} - | IL_TCPO_TS optoken { set_tcpopt(IL_TCPO_TS, &$2);} - ; - -udp: IL_UDP { new_udpheader(); } - ; - -udpline: - '{' udpheader '}' ';' { end_udp(); } - ; - - -udpheader: - udpbody - | udpbody udpheader - | bodyline - ; - -udpbody: - IL_SPORT token { set_tcpsport(&$2); } - | IL_DPORT token { set_tcpdport(&$2); } - | IL_UDPLEN token { set_udplen(&$2); } - | IL_UDPSUM token { set_udpsum(&$2); } - ; - -icmp: IL_ICMP { new_icmpheader(); } - ; - -icmpline: - '{' icmpbody '}' ';' { end_icmp(); } - ; - -icmpbody: - icmpheader - | icmpheader bodyline - ; - -icmpheader: - IL_ICMPTYPE icmptype - | IL_ICMPTYPE icmptype icmpcode - ; - -icmpcode: - IL_ICMPCODE token { set_icmpcodetok(&$2); } - ; - -icmptype: - IL_ICMP_ECHOREPLY ';' { set_icmptype(ICMP_ECHOREPLY); } - | IL_ICMP_ECHOREPLY '{' icmpechoopts '}' ';' - | unreach - | IL_ICMP_SOURCEQUENCH ';' { set_icmptype(ICMP_SOURCEQUENCH); } - | redirect - | IL_ICMP_ROUTERADVERT ';' { set_icmptype(ICMP_ROUTERADVERT); } - | IL_ICMP_ROUTERSOLICIT ';' { set_icmptype(ICMP_ROUTERSOLICIT); } - | IL_ICMP_ECHO ';' { set_icmptype(ICMP_ECHO); } - | IL_ICMP_ECHO '{' icmpechoopts '}' ';' - | IL_ICMP_TIMXCEED ';' { set_icmptype(ICMP_TIMXCEED); } - | IL_ICMP_TIMXCEED '{' exceed '}' ';' - | IL_ICMP_TSTAMP ';' { set_icmptype(ICMP_TSTAMP); } - | IL_ICMP_TSTAMPREPLY ';' { set_icmptype(ICMP_TSTAMPREPLY); } - | IL_ICMP_TSTAMPREPLY '{' icmptsopts '}' ';' - | IL_ICMP_IREQ ';' { set_icmptype(ICMP_IREQ); } - | IL_ICMP_IREQREPLY ';' { set_icmptype(ICMP_IREQREPLY); } - | IL_ICMP_IREQREPLY '{' data dataline '}' ';' - | IL_ICMP_MASKREQ ';' { set_icmptype(ICMP_MASKREQ); } - | IL_ICMP_MASKREPLY ';' { set_icmptype(ICMP_MASKREPLY); } - | IL_ICMP_MASKREPLY '{' token '}' ';' - | IL_ICMP_PARAMPROB ';' { set_icmptype(ICMP_PARAMPROB); } - | IL_ICMP_PARAMPROB '{' paramprob '}' ';' - | IL_TOKEN ';' { set_icmptypetok(&$1); } - ; - -icmpechoopts: - | icmpechoopts icmpecho - ; - -icmpecho: - IL_ICMP_SEQ number { set_icmpseq($2); } - | IL_ICMP_ID number { set_icmpid($2); } - ; - -icmptsopts: - | icmptsopts icmpts ';' - ; - -icmpts: IL_ICMP_OTIME number { set_icmpotime($2); } - | IL_ICMP_RTIME number { set_icmprtime($2); } - | IL_ICMP_TTIME number { set_icmpttime($2); } - ; - -unreach: - IL_ICMP_UNREACH - | IL_ICMP_UNREACH '{' unreachopts '}' ';' - ; - -unreachopts: - IL_ICMP_UNREACH_NET line - | IL_ICMP_UNREACH_HOST line - | IL_ICMP_UNREACH_PROTOCOL line - | IL_ICMP_UNREACH_PORT line - | IL_ICMP_UNREACH_NEEDFRAG number ';' { set_icmpmtu($2); } - | IL_ICMP_UNREACH_SRCFAIL line - | IL_ICMP_UNREACH_NET_UNKNOWN line - | IL_ICMP_UNREACH_HOST_UNKNOWN line - | IL_ICMP_UNREACH_ISOLATED line - | IL_ICMP_UNREACH_NET_PROHIB line - | IL_ICMP_UNREACH_HOST_PROHIB line - | IL_ICMP_UNREACH_TOSNET line - | IL_ICMP_UNREACH_TOSHOST line - | IL_ICMP_UNREACH_FILTER_PROHIB line - | IL_ICMP_UNREACH_HOST_PRECEDENCE line - | IL_ICMP_UNREACH_PRECEDENCE_CUTOFF line - ; - -redirect: - IL_ICMP_REDIRECT - | IL_ICMP_REDIRECT '{' redirectopts '}' ';' - ; - -redirectopts: - | IL_ICMP_REDIRECT_NET token { set_redir(0, &$2); } - | IL_ICMP_REDIRECT_HOST token { set_redir(1, &$2); } - | IL_ICMP_REDIRECT_TOSNET token { set_redir(2, &$2); } - | IL_ICMP_REDIRECT_TOSHOST token { set_redir(3, &$2); } - ; - -exceed: - IL_ICMP_TIMXCEED_INTRANS line - | IL_ICMP_TIMXCEED_REASS line - ; - -paramprob: - IL_ICMP_PARAMPROB_OPTABSENT - | IL_ICMP_PARAMPROB_OPTABSENT paraprobarg - -paraprobarg: - '{' number '}' ';' { set_icmppprob($2); } - ; - -ipv4opt: IL_V4OPT { new_ipv4opt(); } - ; - -ipv4optlist: - | ipv4opts ipv4optlist - ; - -ipv4opts: - IL_IPO_NOP ';' { add_ipopt(IL_IPO_NOP, NULL); } - | IL_IPO_RR optnumber { add_ipopt(IL_IPO_RR, &$2); } - | IL_IPO_ZSU ';' { add_ipopt(IL_IPO_ZSU, NULL); } - | IL_IPO_MTUP ';' { add_ipopt(IL_IPO_MTUP, NULL); } - | IL_IPO_MTUR ';' { add_ipopt(IL_IPO_MTUR, NULL); } - | IL_IPO_ENCODE ';' { add_ipopt(IL_IPO_ENCODE, NULL); } - | IL_IPO_TS ';' { add_ipopt(IL_IPO_TS, NULL); } - | IL_IPO_TR ';' { add_ipopt(IL_IPO_TR, NULL); } - | IL_IPO_SEC ';' { add_ipopt(IL_IPO_SEC, NULL); } - | IL_IPO_SECCLASS secclass { add_ipopt(IL_IPO_SECCLASS, sclass); } - | IL_IPO_LSRR token { add_ipopt(IL_IPO_LSRR,&$2); } - | IL_IPO_ESEC ';' { add_ipopt(IL_IPO_ESEC, NULL); } - | IL_IPO_CIPSO ';' { add_ipopt(IL_IPO_CIPSO, NULL); } - | IL_IPO_SATID optnumber { add_ipopt(IL_IPO_SATID,&$2);} - | IL_IPO_SSRR token { add_ipopt(IL_IPO_SSRR,&$2); } - | IL_IPO_ADDEXT ';' { add_ipopt(IL_IPO_ADDEXT, NULL); } - | IL_IPO_VISA ';' { add_ipopt(IL_IPO_VISA, NULL); } - | IL_IPO_IMITD ';' { add_ipopt(IL_IPO_IMITD, NULL); } - | IL_IPO_EIP ';' { add_ipopt(IL_IPO_EIP, NULL); } - | IL_IPO_FINN ';' { add_ipopt(IL_IPO_FINN, NULL); } - ; - -secclass: - IL_IPS_RESERV4 ';' { set_secclass(&$1); } - | IL_IPS_TOPSECRET ';' { set_secclass(&$1); } - | IL_IPS_SECRET ';' { set_secclass(&$1); } - | IL_IPS_RESERV3 ';' { set_secclass(&$1); } - | IL_IPS_CONFID ';' { set_secclass(&$1); } - | IL_IPS_UNCLASS ';' { set_secclass(&$1); } - | IL_IPS_RESERV2 ';' { set_secclass(&$1); } - | IL_IPS_RESERV1 ';' { set_secclass(&$1); } - ; - -data: IL_DATA { new_data(); } - ; - -dataline: - '{' databody '}' ';' { end_data(); } - ; - -databody: dataopts - | dataopts databody - ; - -dataopts: - IL_DLEN token { set_datalen(&$2); } - | IL_DVALUE token { set_data(&$2); } - | IL_DFILE token { set_datafile(&$2); } - ; - -token: IL_TOKEN ';' - ; - -optoken: ';' { $$ = ""; } - | token - ; - -number: digits ';' - ; - -optnumber: ';' { $$ = 0; } - | number - ; - -digits: IL_NUMBER - | digits IL_NUMBER - ; -%% - -struct statetoopt toipopts[] = { - { IL_IPO_NOP, IPOPT_NOP }, - { IL_IPO_RR, IPOPT_RR }, - { IL_IPO_ZSU, IPOPT_ZSU }, - { IL_IPO_MTUP, IPOPT_MTUP }, - { IL_IPO_MTUR, IPOPT_MTUR }, - { IL_IPO_ENCODE, IPOPT_ENCODE }, - { IL_IPO_TS, IPOPT_TS }, - { IL_IPO_TR, IPOPT_TR }, - { IL_IPO_SEC, IPOPT_SECURITY }, - { IL_IPO_SECCLASS, IPOPT_SECURITY }, - { IL_IPO_LSRR, IPOPT_LSRR }, - { IL_IPO_ESEC, IPOPT_E_SEC }, - { IL_IPO_CIPSO, IPOPT_CIPSO }, - { IL_IPO_SATID, IPOPT_SATID }, - { IL_IPO_SSRR, IPOPT_SSRR }, - { IL_IPO_ADDEXT, IPOPT_ADDEXT }, - { IL_IPO_VISA, IPOPT_VISA }, - { IL_IPO_IMITD, IPOPT_IMITD }, - { IL_IPO_EIP, IPOPT_EIP }, - { IL_IPO_FINN, IPOPT_FINN }, - { 0, 0 } -}; - -struct statetoopt tosecopts[] = { - { IL_IPS_RESERV4, IPSO_CLASS_RES4 }, - { IL_IPS_TOPSECRET, IPSO_CLASS_TOPS }, - { IL_IPS_SECRET, IPSO_CLASS_SECR }, - { IL_IPS_RESERV3, IPSO_CLASS_RES3 }, - { IL_IPS_CONFID, IPSO_CLASS_CONF }, - { IL_IPS_UNCLASS, IPSO_CLASS_UNCL }, - { IL_IPS_RESERV2, IPSO_CLASS_RES2 }, - { IL_IPS_RESERV1, IPSO_CLASS_RES1 }, - { 0, 0 } -}; - -#ifdef bsdi -struct ether_addr * -ether_aton(s) - char *s; -{ - static struct ether_addr n; - u_int i[6]; - - if (sscanf(s, " %x:%x:%x:%x:%x:%x ", &i[0], &i[1], - &i[2], &i[3], &i[4], &i[5]) == 6) { - n.ether_addr_octet[0] = (u_char)i[0]; - n.ether_addr_octet[1] = (u_char)i[1]; - n.ether_addr_octet[2] = (u_char)i[2]; - n.ether_addr_octet[3] = (u_char)i[3]; - n.ether_addr_octet[4] = (u_char)i[4]; - n.ether_addr_octet[5] = (u_char)i[5]; - return &n; - } - return NULL; -} -#endif - - -struct in_addr getipv4addr(arg) -char *arg; -{ - struct hostent *hp; - struct in_addr in; - - in.s_addr = 0xffffffff; - - if ((hp = gethostbyname(arg))) - bcopy(hp->h_addr, &in.s_addr, sizeof(struct in_addr)); - else - in.s_addr = inet_addr(arg); - return in; -} - - -u_short getportnum(pr, name) -char *pr, *name; -{ - struct servent *sp; - - if (!(sp = getservbyname(name, pr))) - return htons(atoi(name)); - return sp->s_port; -} - - -struct ether_addr *geteaddr(arg, buf) -char *arg; -struct ether_addr *buf; -{ - struct ether_addr *e; - -#if !defined(hpux) && !defined(linux) - e = ether_aton(arg); - if (!e) - fprintf(stderr, "Invalid ethernet address: %s\n", arg); - else -# ifdef __FreeBSD__ - bcopy(e->octet, buf->octet, sizeof(e->octet)); -# else - bcopy(e->ether_addr_octet, buf->ether_addr_octet, - sizeof(e->ether_addr_octet)); -# endif - return e; -#else - return NULL; -#endif -} - - -void *new_header(type) -int type; -{ - aniphdr_t *aip, *oip = canip; - int sz = 0; - - aip = (aniphdr_t *)calloc(1, sizeof(*aip)); - *aniptail = aip; - aniptail = &aip->ah_next; - aip->ah_p = type; - aip->ah_prev = oip; - canip = aip; - - if (type == IPPROTO_UDP) - sz = sizeof(udphdr_t); - else if (type == IPPROTO_TCP) - sz = sizeof(tcphdr_t); - else if (type == IPPROTO_ICMP) - sz = sizeof(icmphdr_t); - else if (type == IPPROTO_IP) - sz = sizeof(ip_t); - - if (oip) - canip->ah_data = oip->ah_data + oip->ah_len; - else - canip->ah_data = (char *)ipbuffer; - - /* - * Increase the size fields in all wrapping headers. - */ - for (aip = aniphead; aip; aip = aip->ah_next) { - aip->ah_len += sz; - if (aip->ah_p == IPPROTO_IP) - aip->ah_ip->ip_len += sz; - else if (aip->ah_p == IPPROTO_UDP) - aip->ah_udp->uh_ulen += sz; - } - return (void *)canip->ah_data; -} - - -void free_aniplist() -{ - aniphdr_t *aip, **aipp = &aniphead; - - while ((aip = *aipp)) { - *aipp = aip->ah_next; - free(aip); - } - aniptail = &aniphead; -} - - -void inc_anipheaders(inc) -int inc; -{ - aniphdr_t *aip; - - for (aip = aniphead; aip; aip = aip->ah_next) { - aip->ah_len += inc; - if (aip->ah_p == IPPROTO_IP) - aip->ah_ip->ip_len += inc; - else if (aip->ah_p == IPPROTO_UDP) - aip->ah_udp->uh_ulen += inc; - } -} - - -void new_data() -{ - (void) new_header(-1); - canip->ah_len = 0; -} - - -void set_datalen(arg) -char **arg; -{ - int len; - - len = strtol(*arg, NULL, 0); - inc_anipheaders(len); - free(*arg); - *arg = NULL; -} - - -void set_data(arg) -char **arg; -{ - u_char *s = (u_char *)*arg, *t = (u_char *)canip->ah_data, c; - int len = 0, todo = 0, quote = 0, val = 0; - - while ((c = *s++)) { - if (todo) { - if (ISDIGIT(c)) { - todo--; - if (c > '7') { - fprintf(stderr, "octal with %c!\n", c); - break; - } - val <<= 3; - val |= (c - '0'); - } - if (!ISDIGIT(c) || !todo) { - *t++ = (u_char)(val & 0xff); - todo = 0; - } - if (todo) - continue; - } - if (quote) { - if (ISDIGIT(c)) { - todo = 2; - if (c > '7') { - fprintf(stderr, "octal with %c!\n", c); - break; - } - val = (c - '0'); - } else { - switch (c) - { - case '\"' : - *t++ = '\"'; - break; - case '\\' : - *t++ = '\\'; - break; - case 'n' : - *t++ = '\n'; - break; - case 'r' : - *t++ = '\r'; - break; - case 't' : - *t++ = '\t'; - break; - } - } - quote = 0; - continue; - } - - if (c == '\\') - quote = 1; - else - *t++ = c; - } - if (todo) - *t++ = (u_char)(val & 0xff); - if (quote) - *t++ = '\\'; - len = t - (u_char *)canip->ah_data; - inc_anipheaders(len - canip->ah_len); - canip->ah_len = len; -} - - -void set_datafile(arg) -char **arg; -{ - struct stat sb; - char *file = *arg; - int fd, len; - - if ((fd = open(file, O_RDONLY)) == -1) { - perror("open"); - exit(-1); - } - - if (fstat(fd, &sb) == -1) { - perror("fstat"); - exit(-1); - } - - if ((sb.st_size + aniphead->ah_len ) > 65535) { - fprintf(stderr, "data file %s too big to include.\n", file); - close(fd); - return; - } - if ((len = read(fd, canip->ah_data, sb.st_size)) == -1) { - perror("read"); - close(fd); - return; - } - inc_anipheaders(len); - canip->ah_len += len; - close(fd); -} - - -void new_packet() -{ - static u_short id = 0; - - if (!aniphead) - bzero((char *)ipbuffer, sizeof(ipbuffer)); - - ip = (ip_t *)new_header(IPPROTO_IP); - ip->ip_v = IPVERSION; - ip->ip_hl = sizeof(ip_t) >> 2; - ip->ip_len = sizeof(ip_t); - ip->ip_ttl = 63; - ip->ip_id = htons(id++); -} - - -void set_ipv4proto(arg) -char **arg; -{ - struct protoent *pr; - - if ((pr = getprotobyname(*arg))) - ip->ip_p = pr->p_proto; - else - if (!(ip->ip_p = atoi(*arg))) - fprintf(stderr, "unknown protocol %s\n", *arg); - free(*arg); - *arg = NULL; -} - - -void set_ipv4src(arg) -char **arg; -{ - ip->ip_src = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_ipv4dst(arg) -char **arg; -{ - ip->ip_dst = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_ipv4off(arg) -char **arg; -{ - ip->ip_off = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_ipv4v(arg) -char **arg; -{ - ip->ip_v = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4hl(arg) -char **arg; -{ - int newhl, inc; - - newhl = strtol(*arg, NULL, 0); - inc = (newhl - ip->ip_hl) << 2; - ip->ip_len += inc; - ip->ip_hl = newhl; - canip->ah_len += inc; - free(*arg); - *arg = NULL; -} - - -void set_ipv4ttl(arg) -char **arg; -{ - ip->ip_ttl = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4tos(arg) -char **arg; -{ - ip->ip_tos = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4id(arg) -char **arg; -{ - ip->ip_id = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_ipv4sum(arg) -char **arg; -{ - ip->ip_sum = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4len(arg) -char **arg; -{ - int len; - - len = strtol(*arg, NULL, 0); - inc_anipheaders(len - ip->ip_len); - ip->ip_len = len; - free(*arg); - *arg = NULL; -} - - -void new_tcpheader() -{ - - if ((ip->ip_p) && (ip->ip_p != IPPROTO_TCP)) { - fprintf(stderr, "protocol %d specified with TCP!\n", ip->ip_p); - return; - } - ip->ip_p = IPPROTO_TCP; - - tcp = (tcphdr_t *)new_header(IPPROTO_TCP); - tcp->th_win = htons(4096); - tcp->th_off = sizeof(*tcp) >> 2; -} - - -void set_tcpsport(arg) -char **arg; -{ - u_short *port; - char *pr; - - if (ip->ip_p == IPPROTO_UDP) { - port = &udp->uh_sport; - pr = "udp"; - } else { - port = &tcp->th_sport; - pr = "udp"; - } - - *port = getportnum(pr, *arg); - free(*arg); - *arg = NULL; -} - - -void set_tcpdport(arg) -char **arg; -{ - u_short *port; - char *pr; - - if (ip->ip_p == IPPROTO_UDP) { - port = &udp->uh_dport; - pr = "udp"; - } else { - port = &tcp->th_dport; - pr = "udp"; - } - - *port = getportnum(pr, *arg); - free(*arg); - *arg = NULL; -} - - -void set_tcpseq(arg) -char **arg; -{ - tcp->th_seq = htonl(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpack(arg) -char **arg; -{ - tcp->th_ack = htonl(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpoff(arg) -char **arg; -{ - int off; - - off = strtol(*arg, NULL, 0); - inc_anipheaders((off - tcp->th_off) << 2); - tcp->th_off = off; - free(*arg); - *arg = NULL; -} - - -void set_tcpurp(arg) -char **arg; -{ - tcp->th_urp = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpwin(arg) -char **arg; -{ - tcp->th_win = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpsum(arg) -char **arg; -{ - tcp->th_sum = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_tcpflags(arg) -char **arg; -{ - static char flags[] = "ASURPF"; - static int flagv[] = { TH_ACK, TH_SYN, TH_URG, TH_RST, TH_PUSH, - TH_FIN } ; - char *s, *t; - - for (s = *arg; *s; s++) - if (!(t = strchr(flags, *s))) { - if (s - *arg) { - fprintf(stderr, "unknown TCP flag %c\n", *s); - break; - } - tcp->th_flags = strtol(*arg, NULL, 0); - break; - } else - tcp->th_flags |= flagv[t - flags]; - free(*arg); - *arg = NULL; -} - - -void set_tcpopt(state, arg) -int state; -char **arg; -{ - u_char *s; - int val, len, val2, pad, optval; - - if (arg && *arg) - val = atoi(*arg); - else - val = 0; - - s = (u_char *)tcp + sizeof(*tcp) + canip->ah_optlen; - switch (state) - { - case IL_TCPO_EOL : - optval = 0; - len = 1; - break; - case IL_TCPO_NOP : - optval = 1; - len = 1; - break; - case IL_TCPO_MSS : - optval = 2; - len = 4; - break; - case IL_TCPO_WSCALE : - optval = 3; - len = 3; - break; - case IL_TCPO_TS : - optval = 8; - len = 10; - break; - default : - optval = 0; - len = 0; - break; - } - - if (len > 1) { - /* - * prepend padding - if required. - */ - if (len & 3) - for (pad = 4 - (len & 3); pad; pad--) { - *s++ = 1; - canip->ah_optlen++; - } - /* - * build tcp option - */ - *s++ = (u_char)optval; - *s++ = (u_char)len; - if (len > 2) { - if (len == 3) { /* 1 byte - char */ - *s++ = (u_char)val; - } else if (len == 4) { /* 2 bytes - short */ - *s++ = (u_char)((val >> 8) & 0xff); - *s++ = (u_char)(val & 0xff); - } else if (len >= 6) { /* 4 bytes - long */ - val2 = htonl(val); - bcopy((char *)&val2, s, 4); - } - s += (len - 2); - } - } else - *s++ = (u_char)optval; - - canip->ah_lastopt = optval; - canip->ah_optlen += len; - - if (arg && *arg) { - free(*arg); - *arg = NULL; - } -} - - -void end_tcpopt() -{ - int pad; - char *s = (char *)tcp; - - s += sizeof(*tcp) + canip->ah_optlen; - /* - * pad out so that we have a multiple of 4 bytes in size fo the - * options. make sure last byte is EOL. - */ - if (canip->ah_optlen & 3) { - if (canip->ah_lastopt != 1) { - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = 1; - canip->ah_optlen++; - } - canip->ah_optlen++; - } else { - s -= 1; - - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = 1; - canip->ah_optlen++; - } - } - *s++ = 0; - } - tcp->th_off = (sizeof(*tcp) + canip->ah_optlen) >> 2; - inc_anipheaders(canip->ah_optlen); -} - - -void new_udpheader() -{ - if ((ip->ip_p) && (ip->ip_p != IPPROTO_UDP)) { - fprintf(stderr, "protocol %d specified with UDP!\n", ip->ip_p); - return; - } - ip->ip_p = IPPROTO_UDP; - - udp = (udphdr_t *)new_header(IPPROTO_UDP); - udp->uh_ulen = sizeof(*udp); -} - - -void set_udplen(arg) -char **arg; -{ - int len; - - len = strtol(*arg, NULL, 0); - inc_anipheaders(len - udp->uh_ulen); - udp->uh_ulen = len; - free(*arg); - *arg = NULL; -} - - -void set_udpsum(arg) -char **arg; -{ - udp->uh_sum = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void prep_packet() -{ - iface_t *ifp; - struct in_addr gwip; - - ifp = sending.snd_if; - if (!ifp) { - fprintf(stderr, "no interface defined for sending!\n"); - return; - } - if (ifp->if_fd == -1) - ifp->if_fd = initdevice(ifp->if_name, 5); - gwip = sending.snd_gw; - if (!gwip.s_addr) { - if (aniphead == NULL) { - fprintf(stderr, - "no destination address defined for sending\n"); - return; - } - gwip = aniphead->ah_ip->ip_dst; - } - (void) send_ip(ifp->if_fd, ifp->if_MTU, (ip_t *)ipbuffer, gwip, 2); -} - - -void packet_done() -{ - char outline[80]; - int i, j, k; - u_char *s = (u_char *)ipbuffer, *t = (u_char *)outline; - - if (opts & OPT_VERBOSE) { - ip->ip_len = htons(ip->ip_len); - for (i = ntohs(ip->ip_len), j = 0; i; i--, j++, s++) { - if (j && !(j & 0xf)) { - *t++ = '\n'; - *t = '\0'; - fputs(outline, stdout); - fflush(stdout); - t = (u_char *)outline; - *t = '\0'; - } - sprintf((char *)t, "%02x", *s & 0xff); - t += 2; - if (!((j + 1) & 0xf)) { - s -= 15; - sprintf((char *)t, " "); - t += 8; - for (k = 16; k; k--, s++) - *t++ = (isprint(*s) ? *s : '.'); - s--; - } - - if ((j + 1) & 0xf) - *t++ = ' ';; - } - - if (j & 0xf) { - for (k = 16 - (j & 0xf); k; k--) { - *t++ = ' '; - *t++ = ' '; - *t++ = ' '; - } - sprintf((char *)t, " "); - t += 7; - s -= j & 0xf; - for (k = j & 0xf; k; k--, s++) - *t++ = (isprint(*s) ? *s : '.'); - *t++ = '\n'; - *t = '\0'; - } - fputs(outline, stdout); - fflush(stdout); - ip->ip_len = ntohs(ip->ip_len); - } - - prep_packet(); - free_aniplist(); -} - - -void new_interface() -{ - cifp = (iface_t *)calloc(1, sizeof(iface_t)); - *iftail = cifp; - iftail = &cifp->if_next; - cifp->if_fd = -1; -} - - -void check_interface() -{ - if (!cifp->if_name || !*cifp->if_name) - fprintf(stderr, "No interface name given!\n"); - if (!cifp->if_MTU || !*cifp->if_name) - fprintf(stderr, "Interface %s has an MTU of 0!\n", - cifp->if_name); -} - - -void set_ifname(arg) -char **arg; -{ - cifp->if_name = *arg; - *arg = NULL; -} - - -void set_ifmtu(arg) -int arg; -{ - cifp->if_MTU = arg; -} - - -void set_ifv4addr(arg) -char **arg; -{ - cifp->if_addr = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_ifeaddr(arg) -char **arg; -{ - (void) geteaddr(*arg, &cifp->if_eaddr); - free(*arg); - *arg = NULL; -} - - -void new_arp() -{ - carp = (arp_t *)calloc(1, sizeof(arp_t)); - *arptail = carp; - arptail = &carp->arp_next; -} - - -void set_arpeaddr(arg) -char **arg; -{ - (void) geteaddr(*arg, &carp->arp_eaddr); - free(*arg); - *arg = NULL; -} - - -void set_arpv4addr(arg) -char **arg; -{ - carp->arp_addr = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -int arp_getipv4(ip, addr) -char *ip; -char *addr; -{ - arp_t *a; - - for (a = arplist; a; a = a->arp_next) - if (!bcmp(ip, (char *)&a->arp_addr, 4)) { - bcopy((char *)&a->arp_eaddr, addr, 6); - return 0; - } - return -1; -} - - -void reset_send() -{ - sending.snd_if = iflist; - sending.snd_gw = defrouter; -} - - -void set_sendif(arg) -char **arg; -{ - iface_t *ifp; - - for (ifp = iflist; ifp; ifp = ifp->if_next) - if (ifp->if_name && !strcmp(ifp->if_name, *arg)) - break; - sending.snd_if = ifp; - if (!ifp) - fprintf(stderr, "couldn't find interface %s\n", *arg); - free(*arg); - *arg = NULL; -} - - -void set_sendvia(arg) -char **arg; -{ - sending.snd_gw = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_defaultrouter(arg) -char **arg; -{ - defrouter = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void new_icmpheader() -{ - if ((ip->ip_p) && (ip->ip_p != IPPROTO_ICMP)) { - fprintf(stderr, "protocol %d specified with ICMP!\n", - ip->ip_p); - return; - } - ip->ip_p = IPPROTO_ICMP; - icmp = (icmphdr_t *)new_header(IPPROTO_ICMP); -} - - -void set_icmpcode(code) -int code; -{ - icmp->icmp_code = code; -} - - -void set_icmptype(type) -int type; -{ - icmp->icmp_type = type; -} - - -void set_icmpcodetok(code) -char **code; -{ - char *s; - int i; - - for (i = 0; (s = icmpcodes[i]); i++) - if (!strcmp(s, *code)) { - icmp->icmp_code = i; - break; - } - if (!s) - fprintf(stderr, "unknown ICMP code %s\n", *code); - free(*code); - *code = NULL; -} - - -void set_icmptypetok(type) -char **type; -{ - char *s; - int i, done = 0; - - for (i = 0; !(s = icmptypes[i]) || strcmp(s, "END"); i++) - if (s && !strcmp(s, *type)) { - icmp->icmp_type = i; - done = 1; - break; - } - if (!done) - fprintf(stderr, "unknown ICMP type %s\n", *type); - free(*type); - *type = NULL; -} - - -void set_icmpid(arg) -int arg; -{ - icmp->icmp_id = htons(arg); -} - - -void set_icmpseq(arg) -int arg; -{ - icmp->icmp_seq = htons(arg); -} - - -void set_icmpotime(arg) -int arg; -{ - icmp->icmp_otime = htonl(arg); -} - - -void set_icmprtime(arg) -int arg; -{ - icmp->icmp_rtime = htonl(arg); -} - - -void set_icmpttime(arg) -int arg; -{ - icmp->icmp_ttime = htonl(arg); -} - - -void set_icmpmtu(arg) -int arg; -{ -#if BSD >= 199306 - icmp->icmp_nextmtu = htons(arg); -#endif -} - - -void set_redir(redir, arg) -int redir; -char **arg; -{ - icmp->icmp_code = redir; - icmp->icmp_gwaddr = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_icmppprob(num) -int num; -{ - icmp->icmp_pptr = num; -} - - -void new_ipv4opt() -{ - new_header(-2); -} - - -void add_ipopt(state, ptr) -int state; -void *ptr; -{ - struct ipopt_names *io; - struct statetoopt *sto; - char numbuf[16], *arg, **param = ptr; - int inc, hlen; - - if (state == IL_IPO_RR || state == IL_IPO_SATID) { - if (param) - sprintf(numbuf, "%d", *(int *)param); - else - strcpy(numbuf, "0"); - arg = numbuf; - } else - arg = param ? *param : NULL; - - if (canip->ah_next) { - fprintf(stderr, "cannot specify options after data body\n"); - return; - } - for (sto = toipopts; sto->sto_st; sto++) - if (sto->sto_st == state) - break; - if (!sto->sto_st) { - fprintf(stderr, "No mapping for state %d to IP option\n", - state); - return; - } - - hlen = sizeof(ip_t) + canip->ah_optlen; - for (io = ionames; io->on_name; io++) - if (io->on_value == sto->sto_op) - break; - canip->ah_lastopt = io->on_value; - - if (io->on_name) { - inc = addipopt((char *)ip + hlen, io, hlen - sizeof(ip_t),arg); - if (inc > 0) { - while (inc & 3) { - ((char *)ip)[sizeof(*ip) + inc] = IPOPT_NOP; - canip->ah_lastopt = IPOPT_NOP; - inc++; - } - hlen += inc; - } - } - - canip->ah_optlen = hlen - sizeof(ip_t); - - if (state != IL_IPO_RR && state != IL_IPO_SATID) - if (param && *param) { - free(*param); - *param = NULL; - } - sclass = NULL; -} - - -void end_ipopt() -{ - int pad; - char *s, *buf = (char *)ip; - - /* - * pad out so that we have a multiple of 4 bytes in size fo the - * options. make sure last byte is EOL. - */ - if (canip->ah_lastopt == IPOPT_NOP) { - buf[sizeof(*ip) + canip->ah_optlen - 1] = IPOPT_EOL; - } else if (canip->ah_lastopt != IPOPT_EOL) { - s = buf + sizeof(*ip) + canip->ah_optlen; - - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = IPOPT_NOP; - *s = IPOPT_EOL; - canip->ah_optlen++; - } - canip->ah_optlen++; - } else { - s = buf + sizeof(*ip) + canip->ah_optlen - 1; - - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = IPOPT_NOP; - *s = IPOPT_EOL; - canip->ah_optlen++; - } - } - ip->ip_hl = (sizeof(*ip) + canip->ah_optlen) >> 2; - inc_anipheaders(canip->ah_optlen); - free_anipheader(); -} - - -void set_secclass(arg) -char **arg; -{ - sclass = *arg; - *arg = NULL; -} - - -void free_anipheader() -{ - aniphdr_t *aip; - - aip = canip; - if ((canip = aip->ah_prev)) { - canip->ah_next = NULL; - aniptail = &canip->ah_next; - } - - if (canip) - free(aip); -} - - -void end_ipv4() -{ - aniphdr_t *aip; - - ip->ip_sum = 0; - ip->ip_len = htons(ip->ip_len); - ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2); - ip->ip_len = ntohs(ip->ip_len); - free_anipheader(); - for (aip = aniphead, ip = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_IP) - ip = aip->ah_ip; -} - - -void end_icmp() -{ - aniphdr_t *aip; - - icmp->icmp_cksum = 0; - icmp->icmp_cksum = chksum((u_short *)icmp, canip->ah_len); - free_anipheader(); - for (aip = aniphead, icmp = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_ICMP) - icmp = aip->ah_icmp; -} - - -void end_udp() -{ - u_long sum; - aniphdr_t *aip; - ip_t iptmp; - - bzero((char *)&iptmp, sizeof(iptmp)); - iptmp.ip_p = ip->ip_p; - iptmp.ip_src = ip->ip_src; - iptmp.ip_dst = ip->ip_dst; - iptmp.ip_len = htons(ip->ip_len - (ip->ip_hl << 2)); - sum = p_chksum((u_short *)&iptmp, (u_int)sizeof(iptmp)); - udp->uh_ulen = htons(udp->uh_ulen); - udp->uh_sum = c_chksum((u_short *)udp, (u_int)ntohs(iptmp.ip_len), sum); - free_anipheader(); - for (aip = aniphead, udp = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_UDP) - udp = aip->ah_udp; -} - - -void end_tcp() -{ - u_long sum; - aniphdr_t *aip; - ip_t iptmp; - - bzero((char *)&iptmp, sizeof(iptmp)); - iptmp.ip_p = ip->ip_p; - iptmp.ip_src = ip->ip_src; - iptmp.ip_dst = ip->ip_dst; - iptmp.ip_len = htons(ip->ip_len - (ip->ip_hl << 2)); - sum = p_chksum((u_short *)&iptmp, (u_int)sizeof(iptmp)); - tcp->th_sum = 0; - tcp->th_sum = c_chksum((u_short *)tcp, (u_int)ntohs(iptmp.ip_len), sum); - free_anipheader(); - for (aip = aniphead, tcp = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_TCP) - tcp = aip->ah_tcp; -} - - -void end_data() -{ - free_anipheader(); -} - - -void iplang(fp) -FILE *fp; -{ - yyin = fp; - - yydebug = (opts & OPT_DEBUG) ? 1 : 0; - - while (!feof(fp)) - yyparse(); -} - - -u_short c_chksum(buf, len, init) -u_short *buf; -u_int len; -u_long init; -{ - u_long sum = init; - int nwords = len >> 1; - - for(; nwords > 0; nwords--) - sum += *buf++; - sum = (sum>>16) + (sum & 0xffff); - sum += (sum >>16); - return (~sum); -} - - -u_long p_chksum(buf,len) -u_short *buf; -u_int len; -{ - u_long sum = 0; - int nwords = len >> 1; - - for(; nwords > 0; nwords--) - sum += *buf++; - return sum; -} diff --git a/contrib/ipfilter/ipmon.h b/contrib/ipfilter/ipmon.h deleted file mode 100644 index b469cc80d6b5..000000000000 --- a/contrib/ipfilter/ipmon.h +++ /dev/null @@ -1,142 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Copyright (C) 2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * @(#)ip_fil.h 1.35 6/5/96 - * $Id$ - */ - -typedef struct ipmon_msg_s { - int imm_msglen; - char *imm_msg; - int imm_dsize; - void *imm_data; - time_t imm_when; - int imm_loglevel; -} ipmon_msg_t; - -typedef void (*ims_destroy_func_t)(void *); -typedef void *(*ims_dup_func_t)(void *); -typedef int (*ims_match_func_t)(void *, void *); -typedef void *(*ims_parse_func_t)(char **); -typedef void (*ims_print_func_t)(void *); -typedef int (*ims_store_func_t)(void *, ipmon_msg_t *); - -typedef struct ipmon_saver_s { - char *ims_name; - ims_destroy_func_t ims_destroy; - ims_dup_func_t ims_dup; - ims_match_func_t ims_match; - ims_parse_func_t ims_parse; - ims_print_func_t ims_print; - ims_store_func_t ims_store; -} ipmon_saver_t; - -typedef struct ipmon_saver_int_s { - struct ipmon_saver_int_s *imsi_next; - ipmon_saver_t *imsi_stor; - void *imsi_handle; -} ipmon_saver_int_t; - -typedef struct ipmon_doing_s { - struct ipmon_doing_s *ipmd_next; - void *ipmd_token; - ipmon_saver_t *ipmd_saver; - /* - * ipmd_store is "cached" in this structure to avoid a double - * deref when doing saves.... - */ - int (*ipmd_store)(void *, ipmon_msg_t *); -} ipmon_doing_t; - - -typedef struct ipmon_action { - struct ipmon_action *ac_next; - int ac_mflag; /* collection of things to compare */ - int ac_dflag; /* flags to compliment the doing fields */ - int ac_logpri; - int ac_direction; - char ac_group[FR_GROUPLEN]; - char ac_nattag[16]; - u_32_t ac_logtag; - int ac_type; /* nat/state/ipf */ - int ac_proto; - int ac_rule; - int ac_packet; - int ac_second; - int ac_result; - u_32_t ac_sip; - u_32_t ac_smsk; - u_32_t ac_dip; - u_32_t ac_dmsk; - u_short ac_sport; - u_short ac_dport; - char *ac_iface; - /* - * used with ac_packet/ac_second - */ - struct timeval ac_last; - int ac_pktcnt; - /* - * What to do with matches - */ - ipmon_doing_t *ac_doing; -} ipmon_action_t; - -#define ac_lastsec ac_last.tv_sec -#define ac_lastusec ac_last.tv_usec - -/* - * Flags indicating what fields to do matching upon (ac_mflag). - */ -#define IPMAC_DIRECTION 0x0001 -#define IPMAC_DSTIP 0x0002 -#define IPMAC_DSTPORT 0x0004 -#define IPMAC_EVERY 0x0008 -#define IPMAC_GROUP 0x0010 -#define IPMAC_INTERFACE 0x0020 -#define IPMAC_LOGTAG 0x0040 -#define IPMAC_NATTAG 0x0080 -#define IPMAC_PROTOCOL 0x0100 -#define IPMAC_RESULT 0x0200 -#define IPMAC_RULE 0x0400 -#define IPMAC_SRCIP 0x0800 -#define IPMAC_SRCPORT 0x1000 -#define IPMAC_TYPE 0x2000 -#define IPMAC_WITH 0x4000 - -#define IPMR_BLOCK 1 -#define IPMR_PASS 2 -#define IPMR_NOMATCH 3 -#define IPMR_LOG 4 - -#define IPMON_SYSLOG 0x001 -#define IPMON_RESOLVE 0x002 -#define IPMON_HEXBODY 0x004 -#define IPMON_HEXHDR 0x010 -#define IPMON_TAIL 0x020 -#define IPMON_VERBOSE 0x040 -#define IPMON_NAT 0x080 -#define IPMON_STATE 0x100 -#define IPMON_FILTER 0x200 -#define IPMON_PORTNUM 0x400 -#define IPMON_LOGALL (IPMON_NAT|IPMON_STATE|IPMON_FILTER) -#define IPMON_LOGBODY 0x800 - -#define HOSTNAME_V4(a,b) hostname((a), 4, (u_32_t *)&(b)) - -#ifndef LOGFAC -#define LOGFAC LOG_LOCAL0 -#endif - -extern void dump_config __P((void)); -extern int load_config __P((char *)); -extern void unload_config __P((void)); -extern void dumphex __P((FILE *, int, char *, int)); -extern int check_action __P((char *, char *, int, int)); -extern char *getword __P((int)); -extern void *add_doing __P((ipmon_saver_t *)); - diff --git a/contrib/ipfilter/ipsd/Celler/ip_compat.h b/contrib/ipfilter/ipsd/Celler/ip_compat.h deleted file mode 100644 index 57937763a5a9..000000000000 --- a/contrib/ipfilter/ipsd/Celler/ip_compat.h +++ /dev/null @@ -1,203 +0,0 @@ -/* $FreeBSD$ */ - -/* - * (C)opyright 1995 by Darren Reed. - * - * This code may be freely distributed as long as it retains this notice - * and is not changed in any way. The author accepts no responsibility - * for the use of this software. I hate legaleese, don't you ? - * - * @(#)ip_compat.h 1.1 9/14/95 - */ - -/* - * These #ifdef's are here mainly for linux, but who knows, they may - * not be in other places or maybe one day linux will grow up and some - * of these will turn up there too. - */ -#ifndef ICMP_UNREACH -# define ICMP_UNREACH ICMP_DEST_UNREACH -#endif -#ifndef ICMP_SOURCEQUENCH -# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH -#endif -#ifndef ICMP_TIMXCEED -# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED -#endif -#ifndef ICMP_PARAMPROB -# define ICMP_PARAMPROB ICMP_PARAMETERPROB -#endif -#ifndef IPVERSION -# define IPVERSION 4 -#endif -#ifndef IPOPT_MINOFF -# define IPOPT_MINOFF 4 -#endif -#ifndef IPOPT_COPIED -# define IPOPT_COPIED(x) ((x)&0x80) -#endif -#ifndef IPOPT_EOL -# define IPOPT_EOL 0 -#endif -#ifndef IPOPT_NOP -# define IPOPT_NOP 1 -#endif -#ifndef IP_MF -# define IP_MF ((u_short)0x2000) -#endif -#ifndef ETHERTYPE_IP -# define ETHERTYPE_IP ((u_short)0x0800) -#endif -#ifndef TH_FIN -# define TH_FIN 0x01 -#endif -#ifndef TH_SYN -# define TH_SYN 0x02 -#endif -#ifndef TH_RST -# define TH_RST 0x04 -#endif -#ifndef TH_PUSH -# define TH_PUSH 0x08 -#endif -#ifndef TH_ACK -# define TH_ACK 0x10 -#endif -#ifndef TH_URG -# define TH_URG 0x20 -#endif -#ifndef IPOPT_EOL -# define IPOPT_EOL 0 -#endif -#ifndef IPOPT_NOP -# define IPOPT_NOP 1 -#endif -#ifndef IPOPT_RR -# define IPOPT_RR 7 -#endif -#ifndef IPOPT_TS -# define IPOPT_TS 68 -#endif -#ifndef IPOPT_SECURITY -# define IPOPT_SECURITY 130 -#endif -#ifndef IPOPT_LSRR -# define IPOPT_LSRR 131 -#endif -#ifndef IPOPT_SATID -# define IPOPT_SATID 136 -#endif -#ifndef IPOPT_SSRR -# define IPOPT_SSRR 137 -#endif -#ifndef IPOPT_SECUR_UNCLASS -# define IPOPT_SECUR_UNCLASS ((u_short)0x0000) -#endif -#ifndef IPOPT_SECUR_CONFID -# define IPOPT_SECUR_CONFID ((u_short)0xf135) -#endif -#ifndef IPOPT_SECUR_EFTO -# define IPOPT_SECUR_EFTO ((u_short)0x789a) -#endif -#ifndef IPOPT_SECUR_MMMM -# define IPOPT_SECUR_MMMM ((u_short)0xbc4d) -#endif -#ifndef IPOPT_SECUR_RESTR -# define IPOPT_SECUR_RESTR ((u_short)0xaf13) -#endif -#ifndef IPOPT_SECUR_SECRET -# define IPOPT_SECUR_SECRET ((u_short)0xd788) -#endif -#ifndef IPOPT_SECUR_TOPSECRET -# define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5) -#endif - -#ifdef linux -# define icmp icmphdr -# define icmp_type type -# define icmp_code code - -/* - * From /usr/include/netinet/ip_var.h - * !%@#!$@# linux... - */ -struct ipovly { - caddr_t ih_next, ih_prev; /* for protocol sequence q's */ - u_char ih_x1; /* (unused) */ - u_char ih_pr; /* protocol */ - short ih_len; /* protocol length */ - struct in_addr ih_src; /* source internet address */ - struct in_addr ih_dst; /* destination internet address */ -}; - -typedef struct { - __u16 th_sport; - __u16 th_dport; - __u32 th_seq; - __u32 th_ack; -# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ - defined(vax) - __u8 th_res:4; - __u8 th_off:4; -#else - __u8 th_off:4; - __u8 th_res:4; -#endif - __u8 th_flags; - __u16 th_win; - __u16 th_sum; - __u16 th_urp; -} tcphdr_t; - -typedef struct { - __u16 uh_sport; - __u16 uh_dport; - __s16 uh_ulen; - __u16 uh_sum; -} udphdr_t; - -typedef struct { -# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ - defined(vax) - __u8 ip_hl:4; - __u8 ip_v:4; -# else - __u8 ip_hl:4; - __u8 ip_v:4; -# endif - __u8 ip_tos; - __u16 ip_len; - __u16 ip_id; - __u16 ip_off; - __u8 ip_ttl; - __u8 ip_p; - __u16 ip_sum; - struct in_addr ip_src; - struct in_addr ip_dst; -} ip_t; - -typedef struct { - __u8 ether_dhost[6]; - __u8 ether_shost[6]; - __u16 ether_type; -} ether_header_t; - -# define bcopy(a,b,c) memmove(b,a,c) -# define bcmp(a,b,c) memcmp(a,b,c) - -# define ifnet device - -#else - -typedef struct udphdr udphdr_t; -typedef struct tcphdr tcphdr_t; -typedef struct ip ip_t; -typedef struct ether_header ether_header_t; - -#endif - -#ifdef solaris -# define bcopy(a,b,c) memmove(b,a,c) -# define bcmp(a,b,c) memcmp(a,b,c) -# define bzero(a,b) memset(a,0,b) -#endif diff --git a/contrib/ipfilter/ipsd/Makefile b/contrib/ipfilter/ipsd/Makefile deleted file mode 100644 index d5dde8e7eec5..000000000000 --- a/contrib/ipfilter/ipsd/Makefile +++ /dev/null @@ -1,61 +0,0 @@ -# -# Copyright (C) 2012 by Darren Reed. -# -# See the IPFILTER.LICENCE file for details on licencing. -# -OBJS=ipsd.o -BINDEST=/usr/local/bin -SBINDEST=/sbin -MANDIR=/usr/share/man -BPF=sbpf.o -NIT=snit.o -SUNOS4= -BSD= -LINUX=slinux.o -SUNOS5=dlcommon.o sdlpi.o - -CC=gcc -CFLAGS=-g -I.. -I../ipsend - -all: - @echo "Use one of these targets:" - @echo " sunos4-nit (standard SunOS 4.1.x)" - @echo " sunos4-bpf (SunOS4.1.x with BPF in the kernel)" - @echo " bsd-bpf (4.4BSD variant with BPF in the kernel)" - @echo " linux (Linux kernels)" - @echo " sunos5 (Solaris 2.x)" - -.c.o: - $(CC) $(CFLAGS) -c $< -o $@ - -ipsdr: ipsdr.o - $(CC) ipsdr.o -o $@ $(LIBS) - -bpf sunos4-bpf : - make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS)" - -nit sunos4 sunos4-nit : - make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS)" - -sunos5 : - make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -Dsolaris" "LIBS=-lsocket -lnsl" - -bsd-bpf : - make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS)" - -linux : - make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -I /usr/src/linux" - -ipsd: $(OBJS) $(UNIXOBJS) - $(CC) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) - -../ipft_sn.o ../ipft_pc.o: - (cd ..; make $(@:../%=%)) - -clean: - rm -rf *.o core a.out ipsd ipsdr diff --git a/contrib/ipfilter/ipsd/README b/contrib/ipfilter/ipsd/README deleted file mode 100644 index eb6b7986cd77..000000000000 --- a/contrib/ipfilter/ipsd/README +++ /dev/null @@ -1,32 +0,0 @@ - -IP Scan Detetor. ----------------- - -This program is designed to be a passive listener for TCP packets sent to -the host. It does not exercise the promiscous mode of interfaces. For -routing Unix boxes (and firewalls which route/proxy) this is sufficient to -detect all packets going to/through them. - -Upon compiling, a predefined set of "sensitive" ports are configured into -the program. Any TCP packets which are seen sent to these ports are counted -and the IP# of the sending host recorded, along with the time of the first -packet to that port for that IP#. - -After a given number of "hits", it will write the current table of packets -out to disk. This number defaults to 10,000. - -To analyze the information written to disk, a sample program called "ipsdr" -is used (should but doesn't implement a tree algorithm for storing data) -which reads all log files it recognises and totals up the number of ports -each host hit. By default, all ports have the same weighting (1). Another -group of passes is then made over this table using a netmask of 0xfffffffe, -grouping all results which fall under the same resulting IP#. This netmask -is then shrunk back to 0, with a output for each level given. This is aimed -at detecting port scans done from different hosts on the same subnet (although -I've not seen this done, if one was trying to do it obscurely...) - -Lastly, being passive means that no action is taken to stop port scans being -done or discourage them. - -Darren -darrenr@pobox.com diff --git a/contrib/ipfilter/ipsd/ipsd.c b/contrib/ipfilter/ipsd/ipsd.c deleted file mode 100644 index ce51c1b796d0..000000000000 --- a/contrib/ipfilter/ipsd/ipsd.c +++ /dev/null @@ -1,296 +0,0 @@ -/* $FreeBSD$ */ - -/* - * (C)opyright 1995-1998 Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#include -#endif -#include "ip_compat.h" -#ifdef linux -#include -#include "tcpip.h" -#endif -#include "ipsd.h" - -#ifndef lint -static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id$"; -#endif - -extern char *optarg; -extern int optind; - -#ifdef linux -char default_device[] = "eth0"; -#else -# ifdef sun -char default_device[] = "le0"; -# else -# ifdef ultrix -char default_device[] = "ln0"; -# else -char default_device[] = "lan0"; -# endif -# endif -#endif - -#define NPORTS 21 - -u_short defports[NPORTS] = { - 7, 9, 20, 21, 23, 25, 53, 69, 79, 111, - 123, 161, 162, 512, 513, 514, 515, 520, 540, 6000, 0 - }; - -ipsd_t *iphits[NPORTS]; -int writes = 0; - - -int ipcmp(sh1, sh2) - sdhit_t *sh1, *sh2; -{ - return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr; -} - - -/* - * Check to see if we've already received a packet from this host for this - * port. - */ -int findhit(ihp, src, dport) - ipsd_t *ihp; - struct in_addr src; - u_short dport; -{ - int i, j, k; - sdhit_t *sh; - - sh = NULL; - - if (ihp->sd_sz == 4) { - for (i = 0, sh = ihp->sd_hit; i < ihp->sd_cnt; i++, sh++) - if (src.s_addr == sh->sh_ip.s_addr) - return 1; - } else { - for (i = ihp->sd_cnt / 2, j = (i / 2) - 1; j >= 0; j--) { - k = ihp->sd_hit[i].sh_ip.s_addr - src.s_addr; - if (!k) - return 1; - else if (k < 0) - i -= j; - else - i += j; - } - } - return 0; -} - - -/* - * Search for port number amongst the sorted array of targets we're - * interested in. - */ -int detect(ip, tcp) - ip_t *ip; - tcphdr_t *tcp; -{ - ipsd_t *ihp; - sdhit_t *sh; - int i, j, k; - - for (i = 10, j = 4; j >= 0; j--) { - k = tcp->th_dport - defports[i]; - if (!k) { - ihp = iphits[i]; - if (findhit(ihp, ip->ip_src, tcp->th_dport)) - return 0; - sh = ihp->sd_hit + ihp->sd_cnt; - sh->sh_date = time(NULL); - sh->sh_ip.s_addr = ip->ip_src.s_addr; - if (++ihp->sd_cnt == ihp->sd_sz) - { - ihp->sd_sz += 8; - sh = realloc(sh, ihp->sd_sz * sizeof(*sh)); - ihp->sd_hit = sh; - } - qsort(sh, ihp->sd_cnt, sizeof(*sh), ipcmp); - return 0; - } - if (k < 0) - i -= j; - else - i += j; - } - return -1; -} - - -/* - * Allocate initial storage for hosts - */ -setuphits() -{ - int i; - - for (i = 0; i < NPORTS; i++) { - if (iphits[i]) { - if (iphits[i]->sd_hit) - free(iphits[i]->sd_hit); - free(iphits[i]); - } - iphits[i] = (ipsd_t *)malloc(sizeof(ipsd_t)); - iphits[i]->sd_port = defports[i]; - iphits[i]->sd_cnt = 0; - iphits[i]->sd_sz = 4; - iphits[i]->sd_hit = (sdhit_t *)malloc(sizeof(sdhit_t) * 4); - } -} - - -/* - * cleanup exits - */ -waiter() -{ - wait(0); -} - - -/* - * Write statistics out to a file - */ -writestats(nwrites) - int nwrites; -{ - ipsd_t **ipsd, *ips; - char fname[32]; - int i, fd; - - (void) sprintf(fname, "/var/log/ipsd/ipsd-hits.%d", nwrites); - fd = open(fname, O_RDWR|O_CREAT|O_TRUNC|O_EXCL, 0644); - for (i = 0, ipsd = iphits; i < NPORTS; i++, ipsd++) { - ips = *ipsd; - if (ips->sd_cnt) { - write(fd, ips, sizeof(ipsd_t)); - write(fd, ips->sd_hit, sizeof(sdhit_t) * ips->sd_sz); - } - } - (void) close(fd); - exit(0); -} - - -void writenow() -{ - signal(SIGCHLD, waiter); - switch (fork()) - { - case 0 : - writestats(writes); - exit(0); - case -1 : - perror("vfork"); - break; - default : - writes++; - setuphits(); - break; - } -} - - -void usage(prog) - char *prog; -{ - fprintf(stderr, "Usage: %s [-d device]\n", prog); - exit(1); -} - - -void detecthits(fd, writecount) - int fd, writecount; -{ - struct in_addr ip; - int hits = 0; - - while (1) { - hits += readloop(fd, ip); - if (hits > writecount) { - writenow(); - hits = 0; - } - } -} - - -main(argc, argv) - int argc; - char *argv[]; -{ - char *name = argv[0], *dev = NULL; - int fd, writeafter = 10000, angelic = 0, c; - - while ((c = getopt(argc, argv, "ad:n:")) != -1) - switch (c) - { - case 'a' : - angelic = 1; - break; - case 'd' : - dev = optarg; - break; - case 'n' : - writeafter = atoi(optarg); - break; - default : - fprintf(stderr, "Unknown option \"%c\"\n", c); - usage(name); - } - - bzero(iphits, sizeof(iphits)); - setuphits(); - - if (!dev) - dev = default_device; - printf("Device: %s\n", dev); - fd = initdevice(dev, 60); - - if (!angelic) { - switch (fork()) - { - case 0 : - (void) close(0); - (void) close(1); - (void) close(2); - (void) setpgrp(0, getpgrp()); - (void) setsid(); - break; - case -1: - perror("fork"); - exit(-1); - default: - exit(0); - } - } - signal(SIGUSR1, writenow); - detecthits(fd, writeafter); -} diff --git a/contrib/ipfilter/ipsd/ipsd.h b/contrib/ipfilter/ipsd/ipsd.h deleted file mode 100644 index f898c9995c35..000000000000 --- a/contrib/ipfilter/ipsd/ipsd.h +++ /dev/null @@ -1,28 +0,0 @@ -/* $FreeBSD$ */ - -/* - * (C)opyright 1995-1998 Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * @(#)ipsd.h 1.3 12/3/95 - */ - -typedef struct { - time_t sh_date; - struct in_addr sh_ip; -} sdhit_t; - -typedef struct { - u_int sd_sz; - u_int sd_cnt; - u_short sd_port; - sdhit_t *sd_hit; -} ipsd_t; - -typedef struct { - struct in_addr ss_ip; - int ss_hits; - u_long ss_ports; -} ipss_t; - diff --git a/contrib/ipfilter/ipsd/ipsdr.c b/contrib/ipfilter/ipsd/ipsdr.c deleted file mode 100644 index e1c0c0aebc95..000000000000 --- a/contrib/ipfilter/ipsd/ipsdr.c +++ /dev/null @@ -1,314 +0,0 @@ -/* $FreeBSD$ */ - -/* - * (C)opyright 1995-1998 Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#include -#endif -#include "ip_compat.h" -#ifdef linux -#include -#include "tcpip.h" -#endif -#include "ipsd.h" - -#ifndef lint -static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id$"; -#endif - -extern char *optarg; -extern int optind; - -#define NPORTS 21 - -u_short defports[NPORTS] = { - 7, 9, 20, 21, 23, 25, 53, 69, 79, 111, - 123, 161, 162, 512, 513, 513, 515, 520, 540, 6000, 0 - }; -u_short pweights[NPORTS] = { - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 - }; - -ipsd_t *iphits[NPORTS]; -int pkts; - - -int ipcmp(sh1, sh2) - sdhit_t *sh1, *sh2; -{ - return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr; -} - - -int ssipcmp(sh1, sh2) - ipss_t *sh1, *sh2; -{ - return sh1->ss_ip.s_addr - sh2->ss_ip.s_addr; -} - - -int countpbits(num) - u_long num; -{ - int i, j; - - for (i = 1, j = 0; i; i <<= 1) - if (num & i) - j++; - return j; -} - - -/* - * Check to see if we've already received a packet from this host for this - * port. - */ -int findhit(ihp, src, dport) - ipsd_t *ihp; - struct in_addr src; - u_short dport; -{ - int i, j, k; - sdhit_t *sh; - - sh = NULL; - - if (ihp->sd_sz == 4) { - for (i = 0, sh = ihp->sd_hit; i < ihp->sd_cnt; i++, sh++) - if (src.s_addr == sh->sh_ip.s_addr) - return 1; - } else { - for (i = ihp->sd_cnt / 2, j = (i / 2) - 1; j >= 0; j--) { - k = ihp->sd_hit[i].sh_ip.s_addr - src.s_addr; - if (!k) - return 1; - else if (k < 0) - i -= j; - else - i += j; - } - } - return 0; -} - - -/* - * Search for port number amongst the sorted array of targets we're - * interested in. - */ -int detect(srcip, dport, date) - struct in_addr srcip; - u_short dport; - time_t date; -{ - ipsd_t *ihp; - sdhit_t *sh; - int i, j, k; - - for (i = 10, j = 4; j >= 0; j--) { - k = dport - defports[i]; - if (!k) { - ihp = iphits[i]; - if (findhit(ihp, srcip, dport)) - return 0; - sh = ihp->sd_hit + ihp->sd_cnt; - sh->sh_date = date; - sh->sh_ip = srcip; - if (++ihp->sd_cnt == ihp->sd_sz) - { - ihp->sd_sz += 8; - sh = realloc(sh, ihp->sd_sz * sizeof(*sh)); - ihp->sd_hit = sh; - } - qsort(sh, ihp->sd_cnt, sizeof(*sh), ipcmp); - return 0; - } - if (k < 0) - i -= j; - else - i += j; - } - return -1; -} - - -/* - * Allocate initial storage for hosts - */ -setuphits() -{ - int i; - - for (i = 0; i < NPORTS; i++) { - if (iphits[i]) { - if (iphits[i]->sd_hit) - free(iphits[i]->sd_hit); - free(iphits[i]); - } - iphits[i] = (ipsd_t *)malloc(sizeof(ipsd_t)); - iphits[i]->sd_port = defports[i]; - iphits[i]->sd_cnt = 0; - iphits[i]->sd_sz = 4; - iphits[i]->sd_hit = (sdhit_t *)malloc(sizeof(sdhit_t) * 4); - } -} - - -/* - * Write statistics out to a file - */ -addfile(file) - char *file; -{ - ipsd_t ipsd, *ips = &ipsd; - sdhit_t hit, *hp; - char fname[32]; - int i, fd, sz; - - if ((fd = open(file, O_RDONLY)) == -1) { - perror("open"); - return; - } - - printf("opened %s\n", file); - do { - if (read(fd, ips, sizeof(*ips)) != sizeof(*ips)) - break; - sz = ips->sd_sz * sizeof(*hp); - hp = (sdhit_t *)malloc(sz); - if (read(fd, hp, sz) != sz) - break; - for (i = 0; i < ips->sd_cnt; i++) - detect(hp[i].sh_ip, ips->sd_port, hp[i].sh_date); - } while (1); - (void) close(fd); -} - - -readfiles(dir) - char *dir; -{ - struct direct **d; - int i, j; - - d = NULL; - i = scandir(dir, &d, NULL, NULL); - - for (j = 0; j < i; j++) { - if (strncmp(d[j]->d_name, "ipsd-hits.", 10)) - continue; - addfile(d[j]->d_name); - } -} - - -void printreport(ss, num) - ipss_t *ss; - int num; -{ - struct in_addr ip; - ipss_t *sp; - int i, j, mask; - u_long ports; - - printf("Hosts detected: %d\n", num); - if (!num) - return; - for (i = 0; i < num; i++) - printf("%s %d %d\n", inet_ntoa(ss[i].ss_ip), ss[i].ss_hits, - countpbits(ss[i].ss_ports)); - - printf("--------------------------\n"); - for (mask = 0xfffffffe, j = 32; j; j--, mask <<= 1) { - ip.s_addr = ss[0].ss_ip.s_addr & mask; - ports = ss[0].ss_ports; - for (i = 1; i < num; i++) { - sp = ss + i; - if (ip.s_addr != (sp->ss_ip.s_addr & mask)) { - printf("Netmask: 0x%08x\n", mask); - printf("%s %d\n", inet_ntoa(ip), - countpbits(ports)); - ip.s_addr = sp->ss_ip.s_addr & mask; - ports = 0; - } - ports |= sp->ss_ports; - } - if (ports) { - printf("Netmask: 0x%08x\n", mask); - printf("%s %d\n", inet_ntoa(ip), countpbits(ports)); - } - } -} - - -collectips() -{ - ipsd_t *ips; - ipss_t *ss; - int i, num, nip, in, j, k; - - for (i = 0; i < NPORTS; i++) - nip += iphits[i]->sd_cnt; - - ss = (ipss_t *)malloc(sizeof(ipss_t) * nip); - - for (in = 0, i = 0, num = 0; i < NPORTS; i++) { - ips = iphits[i]; - for (j = 0; j < ips->sd_cnt; j++) { - for (k = 0; k < num; k++) - if (!bcmp(&ss[k].ss_ip, &ips->sd_hit[j].sh_ip, - sizeof(struct in_addr))) { - ss[k].ss_hits += pweights[i]; - ss[k].ss_ports |= (1 << i); - break; - } - if (k == num) { - ss[num].ss_ip = ips->sd_hit[j].sh_ip; - ss[num].ss_hits = pweights[i]; - ss[k].ss_ports |= (1 << i); - num++; - } - } - } - - qsort(ss, num, sizeof(*ss), ssipcmp); - - printreport(ss, num); -} - - -main(argc, argv) - int argc; - char *argv[]; -{ - char c, *name = argv[0], *dir = NULL; - int fd; - - setuphits(); - dir = dir ? dir : "."; - readfiles(dir); - collectips(); -} diff --git a/contrib/ipfilter/ipsd/linux.h b/contrib/ipfilter/ipsd/linux.h deleted file mode 100644 index f00ea53605df..000000000000 --- a/contrib/ipfilter/ipsd/linux.h +++ /dev/null @@ -1,17 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Copyright (C) 2012 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * @(#)linux.h 1.1 8/19/95 - */ - -#include -#ifdef MODULE -#include -#include -#endif /* MODULE */ - -#include "ip_compat.h" diff --git a/contrib/ipfilter/ipsd/sbpf.c b/contrib/ipfilter/ipsd/sbpf.c deleted file mode 100644 index 74ba1971b85a..000000000000 --- a/contrib/ipfilter/ipsd/sbpf.c +++ /dev/null @@ -1,210 +0,0 @@ -/* $FreeBSD$ */ - -/* - * (C)opyright 1995-1998 Darren Reed. (from tcplog) - * - * See the IPFILTER.LICENCE file for details on licencing. - * - */ -#include -#include -#include -#include -#include -#ifdef __NetBSD__ -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#if BSD < 199103 -#include -#endif -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ip_compat.h" - -#ifndef lint -static char sbpf[] = "@(#)sbpf.c 1.2 12/3/95 (C)1995 Darren Reed"; -#endif - -/* -(000) ldh [12] -(001) jeq #0x800 jt 2 jf 5 -(002) ldb [23] -(003) jeq #0x6 jt 4 jf 5 -(004) ret #68 -(005) ret #0 -*/ -struct bpf_insn filter[] = { -/* 0. */ { BPF_LD|BPF_H|BPF_ABS, 0, 0, 12 }, -/* 1. */ { BPF_JMP|BPF_JEQ, 0, 3, 0x0800 }, -/* 2. */ { BPF_LD|BPF_B|BPF_ABS, 0, 0, 23 }, -/* 3. */ { BPF_JMP|BPF_JEQ, 0, 1, 0x06 }, -/* 4. */ { BPF_RET, 0, 0, 68 }, -/* 5. */ { BPF_RET, 0, 0, 0 } -}; -/* - * the code herein is dervied from libpcap. - */ -static u_char *buf = NULL; -static u_int bufsize = 32768, timeout = 1; - - -int ack_recv(ep) - char *ep; -{ - struct tcpiphdr tip; - tcphdr_t *tcp; - ip_t *ip; - - ip = (ip_t *)&tip; - tcp = (tcphdr_t *)(ip + 1); - bcopy(ep + 14, (char *)ip, sizeof(*ip)); - bcopy(ep + 14 + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp)); - if (ip->ip_p != IPPROTO_TCP && ip->ip_p != IPPROTO_UDP) - return -1; - if (ip->ip_p & 0x1fff != 0) - return 0; - if (0 == detect(ip, tcp)) - return 1; - return 0; -} - - -int readloop(fd, port, dst) - int fd, port; - struct in_addr dst; -{ - register u_char *bp, *cp, *bufend; - register struct bpf_hdr *bh; - register int cc; - time_t in = time(NULL); - int done = 0; - - while ((cc = read(fd, buf, bufsize)) >= 0) { - if (!cc && (time(NULL) - in) > timeout) - return done; - bp = buf; - bufend = buf + cc; - /* - * loop through each snapshot in the chunk - */ - while (bp < bufend) { - bh = (struct bpf_hdr *)bp; - cp = bp + bh->bh_hdrlen; - done += ack_recv(cp); - bp += BPF_WORDALIGN(bh->bh_caplen + bh->bh_hdrlen); - } - return done; - } - perror("read"); - exit(-1); -} - -int initdevice(device, tout) - char *device; - int tout; -{ - struct bpf_program prog; - struct bpf_version bv; - struct timeval to; - struct ifreq ifr; -#ifdef _PATH_BPF - char *bpfname = _PATH_BPF; - int fd; - - if ((fd = open(bpfname, O_RDWR)) < 0) - { - fprintf(stderr, "no bpf devices available as /dev/bpfxx\n"); - return -1; - } -#else - char bpfname[16]; - int fd = -1, i; - - for (i = 0; i < 16; i++) - { - (void) sprintf(bpfname, "/dev/bpf%d", i); - if ((fd = open(bpfname, O_RDWR)) >= 0) - break; - } - if (i == 16) - { - fprintf(stderr, "no bpf devices available as /dev/bpfxx\n"); - return -1; - } -#endif - - if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) - { - perror("BIOCVERSION"); - return -1; - } - if (bv.bv_major != BPF_MAJOR_VERSION || - bv.bv_minor < BPF_MINOR_VERSION) - { - fprintf(stderr, "kernel bpf (v%d.%d) filter out of date:\n", - bv.bv_major, bv.bv_minor); - fprintf(stderr, "current version: %d.%d\n", - BPF_MAJOR_VERSION, BPF_MINOR_VERSION); - return -1; - } - - (void) strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); - if (ioctl(fd, BIOCSETIF, &ifr) == -1) - { - fprintf(stderr, "%s(%d):", ifr.ifr_name, fd); - perror("BIOCSETIF"); - exit(1); - } - /* - * set the timeout - */ - timeout = tout; - to.tv_sec = 1; - to.tv_usec = 0; - if (ioctl(fd, BIOCSRTIMEOUT, (caddr_t)&to) == -1) - { - perror("BIOCSRTIMEOUT"); - exit(-1); - } - /* - * get kernel buffer size - */ - if (ioctl(fd, BIOCSBLEN, &bufsize) == -1) - perror("BIOCSBLEN"); - if (ioctl(fd, BIOCGBLEN, &bufsize) == -1) - { - perror("BIOCGBLEN"); - exit(-1); - } - printf("BPF buffer size: %d\n", bufsize); - buf = (u_char*)malloc(bufsize); - - prog.bf_len = sizeof(filter) / sizeof(struct bpf_insn); - prog.bf_insns = filter; - if (ioctl(fd, BIOCSETF, (caddr_t)&prog) == -1) - { - perror("BIOCSETF"); - exit(-1); - } - (void) ioctl(fd, BIOCFLUSH, 0); - return fd; -} diff --git a/contrib/ipfilter/ipsd/sdlpi.c b/contrib/ipfilter/ipsd/sdlpi.c deleted file mode 100644 index 00c197bdfb77..000000000000 --- a/contrib/ipfilter/ipsd/sdlpi.c +++ /dev/null @@ -1,261 +0,0 @@ -/* $FreeBSD$ */ - -/* - * (C)opyright 1992-1998 Darren Reed. (from tcplog) - * - * See the IPFILTER.LICENCE file for details on licencing. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "ip_compat.h" - -#ifndef lint -static char snitid[] = "%W% %G% (C)1995 Darren Reed"; -#endif - -#define BUFSPACE 32768 - -static int solfd; - -/* - * Be careful to only include those defined in the flags option for the - * interface are included in the header size. - */ -static int timeout; - - -void nullbell() -{ - return 0; -} - - -int ack_recv(ep) - char *ep; -{ - struct tcpiphdr tip; - tcphdr_t *tcp; - ip_t *ip; - - ip = (ip_t *)&tip; - tcp = (tcphdr_t *)(ip + 1); - bcopy(ep, (char *)ip, sizeof(*ip)); - bcopy(ep + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp)); - - if (ip->ip_off & 0x1fff != 0) - return 0; - if (0 == detect(ip, tcp)) - return 1; - return 0; -} - - -int readloop(fd, port, dst) - int fd, port; - struct in_addr dst; -{ - static u_char buf[BUFSPACE]; - register u_char *bp, *cp, *bufend; - register struct sb_hdr *hp; - register int cc; - struct strbuf dbuf; - ether_header_t eh; - time_t now = time(NULL); - int flags = 0, i, done = 0; - - fd = solfd; - dbuf.len = 0; - dbuf.buf = buf; - dbuf.maxlen = sizeof(buf); - /* - * no control data buffer... - */ - while (1) { - (void) signal(SIGALRM, nullbell); - alarm(1); - i = getmsg(fd, NULL, &dbuf, &flags); - alarm(0); - (void) signal(SIGALRM, nullbell); - - cc = dbuf.len; - if ((time(NULL) - now) > timeout) - return done; - if (i == -1) - if (errno == EINTR) - continue; - else - break; - bp = buf; - bufend = buf + cc; - /* - * loop through each snapshot in the chunk - */ - while (bp < bufend) { - /* - * get past bufmod header - */ - hp = (struct sb_hdr *)bp; - cp = (u_char *)((char *)bp + sizeof(*hp)); - bcopy(cp, (char *)&eh, sizeof(eh)); - /* - * next snapshot - */ - bp += hp->sbh_totlen; - cc -= hp->sbh_totlen; - - if (eh.ether_type != ETHERTYPE_IP) - continue; - - cp += sizeof(eh); - done += ack_recv(cp); - } - alarm(1); - } - perror("getmsg"); - exit(-1); -} - -int initdevice(device, tout) - char *device; - int tout; -{ - struct strioctl si; - struct timeval to; - struct ifreq ifr; - struct packetfilt pfil; - u_long if_flags; - u_short *fwp = pfil.Pf_Filter; - char devname[16], *s, buf[256]; - int i, offset, fd, snaplen= 58, chunksize = BUFSPACE; - - (void) sprintf(devname, "/dev/%s", device); - - s = devname + 5; - while (*s && !ISDIGIT(*s)) - s++; - if (!*s) - { - fprintf(stderr, "bad device name %s\n", devname); - exit(-1); - } - i = atoi(s); - *s = '\0'; - /* - * For reading - */ - if ((fd = open(devname, O_RDWR)) < 0) - { - fprintf(stderr, "O_RDWR(0) "); - perror(devname); - exit(-1); - } - if (dlattachreq(fd, i) == -1 || dlokack(fd, buf) == -1) - { - fprintf(stderr, "DLPI error\n"); - exit(-1); - } - dlbindreq(fd, ETHERTYPE_IP, 0, DL_CLDLS, 0, 0); - dlbindack(fd, buf); - /* - * read full headers - */ - if (strioctl(fd, DLIOCRAW, -1, 0, NULL) == -1) - { - fprintf(stderr, "DLIOCRAW error\n"); - exit(-1); - } - /* - * Create some filter rules for our TCP watcher. We only want ethernet - * pacets which are IP protocol and only the TCP packets from IP. - */ - offset = 6; - *fwp++ = ENF_PUSHWORD + offset; - *fwp++ = ENF_PUSHLIT | ENF_CAND; - *fwp++ = htons(ETHERTYPE_IP); - *fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4; - *fwp++ = ENF_PUSHLIT | ENF_AND; - *fwp++ = htons(0x00ff); - *fwp++ = ENF_PUSHLIT | ENF_COR; - *fwp++ = htons(IPPROTO_TCP); - *fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4; - *fwp++ = ENF_PUSHLIT | ENF_AND; - *fwp++ = htons(0x00ff); - *fwp++ = ENF_PUSHLIT | ENF_CAND; - *fwp++ = htons(IPPROTO_UDP); - pfil.Pf_FilterLen = (fwp - &pfil.Pf_Filter[0]); - /* - * put filter in place. - */ - - if (ioctl(fd, I_PUSH, "pfmod") == -1) - { - perror("ioctl: I_PUSH pf"); - exit(1); - } - if (strioctl(fd, PFIOCSETF, -1, sizeof(pfil), (char *)&pfil) == -1) - { - perror("ioctl: PFIOCSETF"); - exit(1); - } - - /* - * arrange to get messages from the NIT STREAM and use NIT_BUF option - */ - if (ioctl(fd, I_PUSH, "bufmod") == -1) - { - perror("ioctl: I_PUSH bufmod"); - exit(1); - } - i = 128; - strioctl(fd, SBIOCSSNAP, -1, sizeof(i), (char *)&i); - /* - * set the timeout - */ - to.tv_sec = 1; - to.tv_usec = 0; - if (strioctl(fd, SBIOCSTIME, -1, sizeof(to), (char *)&to) == -1) - { - perror("strioctl(SBIOCSTIME)"); - exit(-1); - } - /* - * flush read queue - */ - if (ioctl(fd, I_FLUSH, FLUSHR) == -1) - { - perror("I_FLUSHR"); - exit(-1); - } - timeout = tout; - solfd = fd; - return fd; -} diff --git a/contrib/ipfilter/ipsd/slinux.c b/contrib/ipfilter/ipsd/slinux.c deleted file mode 100644 index 95ad8e537b3e..000000000000 --- a/contrib/ipfilter/ipsd/slinux.c +++ /dev/null @@ -1,118 +0,0 @@ -/* $FreeBSD$ */ - -/* - * (C)opyright 1992-1998 Darren Reed. (from tcplog) - * - * See the IPFILTER.LICENCE file for details on licencing. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ip_compat.h" -#include "tcpip.h" - -#ifndef lint -static const char sccsid[] = "@(#)slinux.c 1.1 12/3/95 (C) 1995 Darren Reed"; -#endif - -#define BUFSPACE 32768 - -/* - * Be careful to only include those defined in the flags option for the - * interface are included in the header size. - */ - -static int timeout; -static char *eth_dev = NULL; - - -int ack_recv(bp) - char *bp; -{ - struct tcpip tip; - tcphdr_t *tcp; - ip_t *ip; - - ip = (struct ip *)&tip; - tcp = (tcphdr_t *)(ip + 1); - - bcopy(bp, (char *)&tip, sizeof(tip)); - bcopy(bp + (ip.ip_hl << 2), (char *)tcp, sizeof(*tcp)); - if (0 == detect(ip, tcp)) - return 1; - return 0; -} - - -void readloop(fd, port, dst) - int fd, port; - struct in_addr dst; -{ - static u_char buf[BUFSPACE]; - struct sockaddr dest; - register u_char *bp = buf; - register int cc; - int dlen, done = 0; - time_t now = time(NULL); - - do { - fflush(stdout); - dlen = sizeof(dest); - bzero((char *)&dest, dlen); - cc = recvfrom(fd, buf, BUFSPACE, 0, &dest, &dlen); - if (!cc) - if ((time(NULL) - now) > timeout) - return done; - else - continue; - - if (bp[12] != 0x8 || bp[13] != 0) - continue; /* not ip */ - - /* - * get rid of non-tcp or fragmented packets here. - */ - if (cc >= sizeof(struct tcpiphdr)) - { - if (((bp[14+9] != IPPROTO_TCP) && - (bp[14+9] != IPPROTO_UDP)) || - (bp[14+6] & 0x1f) || (bp[14+6] & 0xff)) - continue; - done += ack_recv(bp + 14); - } - } while (cc >= 0); - perror("read"); - exit(-1); -} - -int initdevice(dev, tout) - char *dev; - int tout; -{ - int fd; - - eth_dev = strdup(dev); - if ((fd = socket(AF_INET, SOCK_PACKET, htons(ETHERTYPE_IP))) == -1) - { - perror("socket(SOCK_PACKET)"); - exit(-1); - } - - return fd; -} diff --git a/contrib/ipfilter/ipsd/snit.c b/contrib/ipfilter/ipsd/snit.c deleted file mode 100644 index 855afd53bee8..000000000000 --- a/contrib/ipfilter/ipsd/snit.c +++ /dev/null @@ -1,228 +0,0 @@ -/* $FreeBSD$ */ - -/* - * (C)opyright 1992-1998 Darren Reed. (from tcplog) - * - * See the IPFILTER.LICENCE file for details on licencing. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef lint -static char snitid[] = "@(#)snit.c 1.2 12/3/95 (C)1995 Darren Reed"; -#endif - -#define BUFSPACE 32768 - -/* - * Be careful to only include those defined in the flags option for the - * interface are included in the header size. - */ -#define BUFHDR_SIZE (sizeof(struct nit_bufhdr)) -#define NIT_HDRSIZE (BUFHDR_SIZE) - -static int timeout; - - -int ack_recv(ep) - char *ep; -{ - struct tcpiphdr tip; - struct tcphdr *tcp; - struct ip *ip; - - ip = (struct ip *)&tip; - tcp = (struct tcphdr *)(ip + 1); - bcopy(ep + 14, (char *)ip, sizeof(*ip)); - bcopy(ep + 14 + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp)); - if (ip->ip_off & 0x1fff != 0) - return 0; - if (0 == detect(ip, tcp)) - return 1; - return 0; -} - - -int readloop(fd, dst) - int fd; - struct in_addr dst; -{ - static u_char buf[BUFSPACE]; - register u_char *bp, *cp, *bufend; - register struct nit_bufhdr *hp; - register int cc; - time_t now = time(NULL); - int done = 0; - - while ((cc = read(fd, buf, BUFSPACE-1)) >= 0) { - if (!cc) - if ((time(NULL) - now) > timeout) - return done; - else - continue; - bp = buf; - bufend = buf + cc; - /* - * loop through each snapshot in the chunk - */ - while (bp < bufend) { - cp = (u_char *)((char *)bp + NIT_HDRSIZE); - /* - * get past NIT buffer - */ - hp = (struct nit_bufhdr *)bp; - /* - * next snapshot - */ - bp += hp->nhb_totlen; - done += ack_recv(cp); - } - return done; - } - perror("read"); - exit(-1); -} - -int initdevice(device, tout) - char *device; - int tout; -{ - struct strioctl si; - struct timeval to; - struct ifreq ifr; - struct packetfilt pfil; - u_long if_flags; - u_short *fwp = pfil.Pf_Filter; - int ret, offset, fd, snaplen= 76, chunksize = BUFSPACE; - - if ((fd = open("/dev/nit", O_RDWR)) < 0) - { - perror("/dev/nit"); - exit(-1); - } - - /* - * Create some filter rules for our TCP watcher. We only want ethernet - * pacets which are IP protocol and only the TCP packets from IP. - */ - offset = 6; - *fwp++ = ENF_PUSHWORD + offset; - *fwp++ = ENF_PUSHLIT | ENF_CAND; - *fwp++ = htons(ETHERTYPE_IP); - *fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4; - *fwp++ = ENF_PUSHLIT | ENF_AND; - *fwp++ = htons(0x00ff); - *fwp++ = ENF_PUSHLIT | ENF_COR; - *fwp++ = htons(IPPROTO_TCP); - *fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4; - *fwp++ = ENF_PUSHLIT | ENF_AND; - *fwp++ = htons(0x00ff); - *fwp++ = ENF_PUSHLIT | ENF_CAND; - *fwp++ = htons(IPPROTO_UDP); - pfil.Pf_FilterLen = fwp - &pfil.Pf_Filter[0]; - /* - * put filter in place. - */ - if (ioctl(fd, I_PUSH, "pf") == -1) - { - perror("ioctl: I_PUSH pf"); - exit(1); - } - if (ioctl(fd, NIOCSETF, &pfil) == -1) - { - perror("ioctl: NIOCSETF"); - exit(1); - } - /* - * arrange to get messages from the NIT STREAM and use NIT_BUF option - */ - ioctl(fd, I_SRDOPT, (char*)RMSGD); - ioctl(fd, I_PUSH, "nbuf"); - /* - * set the timeout - */ - timeout = tout; - si.ic_timout = 1; - to.tv_sec = 1; - to.tv_usec = 0; - si.ic_cmd = NIOCSTIME; - si.ic_len = sizeof(to); - si.ic_dp = (char*)&to; - if (ioctl(fd, I_STR, (char*)&si) == -1) - { - perror("ioctl: NIT timeout"); - exit(-1); - } - /* - * set the chunksize - */ - si.ic_cmd = NIOCSCHUNK; - si.ic_len = sizeof(chunksize); - si.ic_dp = (char*)&chunksize; - if (ioctl(fd, I_STR, (char*)&si) == -1) - perror("ioctl: NIT chunksize"); - if (ioctl(fd, NIOCGCHUNK, (char*)&chunksize) == -1) - { - perror("ioctl: NIT chunksize"); - exit(-1); - } - printf("NIT buffer size: %d\n", chunksize); - - /* - * request the interface - */ - strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); - ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = ' '; - si.ic_cmd = NIOCBIND; - si.ic_len = sizeof(ifr); - si.ic_dp = (char*)𝔦 - if (ioctl(fd, I_STR, (char*)&si) == -1) - { - perror(ifr.ifr_name); - exit(1); - } - - /* - * set the snapshot length - */ - si.ic_cmd = NIOCSSNAP; - si.ic_len = sizeof(snaplen); - si.ic_dp = (char*)&snaplen; - if (ioctl(fd, I_STR, (char*)&si) == -1) - { - perror("ioctl: NIT snaplen"); - exit(1); - } - (void) ioctl(fd, I_FLUSH, (char*)FLUSHR); - return fd; -} diff --git a/contrib/ipfilter/ipsend/.OLD/ip_compat.h b/contrib/ipfilter/ipsend/.OLD/ip_compat.h deleted file mode 100644 index b5b8f0741c25..000000000000 --- a/contrib/ipfilter/ipsend/.OLD/ip_compat.h +++ /dev/null @@ -1,244 +0,0 @@ -/* $FreeBSD$ */ - -/* - * (C)opyright 1995 by Darren Reed. - * - * This code may be freely distributed as long as it retains this notice - * and is not changed in any way. The author accepts no responsibility - * for the use of this software. I hate legaleese, don't you ? - * - * @(#)ip_compat.h 1.2 12/7/95 - */ - -/* - * These #ifdef's are here mainly for linux, but who knows, they may - * not be in other places or maybe one day linux will grow up and some - * of these will turn up there too. - */ -#ifndef ICMP_UNREACH -# define ICMP_UNREACH ICMP_DEST_UNREACH -#endif -#ifndef ICMP_SOURCEQUENCH -# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH -#endif -#ifndef ICMP_TIMXCEED -# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED -#endif -#ifndef ICMP_PARAMPROB -# define ICMP_PARAMPROB ICMP_PARAMETERPROB -#endif -#ifndef IPVERSION -# define IPVERSION 4 -#endif -#ifndef IPOPT_MINOFF -# define IPOPT_MINOFF 4 -#endif -#ifndef IPOPT_COPIED -# define IPOPT_COPIED(x) ((x)&0x80) -#endif -#ifndef IPOPT_EOL -# define IPOPT_EOL 0 -#endif -#ifndef IPOPT_NOP -# define IPOPT_NOP 1 -#endif -#ifndef IP_MF -# define IP_MF ((u_short)0x2000) -#endif -#ifndef ETHERTYPE_IP -# define ETHERTYPE_IP ((u_short)0x0800) -#endif -#ifndef TH_FIN -# define TH_FIN 0x01 -#endif -#ifndef TH_SYN -# define TH_SYN 0x02 -#endif -#ifndef TH_RST -# define TH_RST 0x04 -#endif -#ifndef TH_PUSH -# define TH_PUSH 0x08 -#endif -#ifndef TH_ACK -# define TH_ACK 0x10 -#endif -#ifndef TH_URG -# define TH_URG 0x20 -#endif -#ifndef IPOPT_EOL -# define IPOPT_EOL 0 -#endif -#ifndef IPOPT_NOP -# define IPOPT_NOP 1 -#endif -#ifndef IPOPT_RR -# define IPOPT_RR 7 -#endif -#ifndef IPOPT_TS -# define IPOPT_TS 68 -#endif -#ifndef IPOPT_SECURITY -# define IPOPT_SECURITY 130 -#endif -#ifndef IPOPT_LSRR -# define IPOPT_LSRR 131 -#endif -#ifndef IPOPT_SATID -# define IPOPT_SATID 136 -#endif -#ifndef IPOPT_SSRR -# define IPOPT_SSRR 137 -#endif -#ifndef IPOPT_SECUR_UNCLASS -# define IPOPT_SECUR_UNCLASS ((u_short)0x0000) -#endif -#ifndef IPOPT_SECUR_CONFID -# define IPOPT_SECUR_CONFID ((u_short)0xf135) -#endif -#ifndef IPOPT_SECUR_EFTO -# define IPOPT_SECUR_EFTO ((u_short)0x789a) -#endif -#ifndef IPOPT_SECUR_MMMM -# define IPOPT_SECUR_MMMM ((u_short)0xbc4d) -#endif -#ifndef IPOPT_SECUR_RESTR -# define IPOPT_SECUR_RESTR ((u_short)0xaf13) -#endif -#ifndef IPOPT_SECUR_SECRET -# define IPOPT_SECUR_SECRET ((u_short)0xd788) -#endif -#ifndef IPOPT_SECUR_TOPSECRET -# define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5) -#endif - -#ifdef linux -# if LINUX < 0200 -# define icmp icmphdr -# define icmp_type type -# define icmp_code code -# endif - -/* - * From /usr/include/netinet/ip_var.h - * !%@#!$@# linux... - */ -struct ipovly { - caddr_t ih_next, ih_prev; /* for protocol sequence q's */ - u_char ih_x1; /* (unused) */ - u_char ih_pr; /* protocol */ - short ih_len; /* protocol length */ - struct in_addr ih_src; /* source internet address */ - struct in_addr ih_dst; /* destination internet address */ -}; - -typedef struct { - __u16 th_sport; - __u16 th_dport; - __u32 th_seq; - __u32 th_ack; -# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ - defined(vax) - __u8 th_res:4; - __u8 th_off:4; -#else - __u8 th_off:4; - __u8 th_res:4; -#endif - __u8 th_flags; - __u16 th_win; - __u16 th_sum; - __u16 th_urp; -} tcphdr_t; - -typedef struct { - __u16 uh_sport; - __u16 uh_dport; - __s16 uh_ulen; - __u16 uh_sum; -} udphdr_t; - -typedef struct { -# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ - defined(vax) - __u8 ip_hl:4; - __u8 ip_v:4; -# else - __u8 ip_hl:4; - __u8 ip_v:4; -# endif - __u8 ip_tos; - __u16 ip_len; - __u16 ip_id; - __u16 ip_off; - __u8 ip_ttl; - __u8 ip_p; - __u16 ip_sum; - struct in_addr ip_src; - struct in_addr ip_dst; -} ip_t; - -typedef struct { - __u8 ether_dhost[6]; - __u8 ether_shost[6]; - __u16 ether_type; -} ether_header_t; - -typedef struct icmp { - u_char icmp_type; /* type of message, see below */ - u_char icmp_code; /* type sub code */ - u_short icmp_cksum; /* ones complement cksum of struct */ - union { - u_char ih_pptr; /* ICMP_PARAMPROB */ - struct in_addr ih_gwaddr; /* ICMP_REDIRECT */ - struct ih_idseq { - n_short icd_id; - n_short icd_seq; - } ih_idseq; - int ih_void; - } icmp_hun; -#define icmp_pptr icmp_hun.ih_pptr -#define icmp_gwaddr icmp_hun.ih_gwaddr -#define icmp_id icmp_hun.ih_idseq.icd_id -#define icmp_seq icmp_hun.ih_idseq.icd_seq -#define icmp_void icmp_hun.ih_void - union { - struct id_ts { - n_time its_otime; - n_time its_rtime; - n_time its_ttime; - } id_ts; - struct id_ip { - ip_t idi_ip; - /* options and then 64 bits of data */ - } id_ip; - u_long id_mask; - char id_data[1]; - } icmp_dun; -#define icmp_otime icmp_dun.id_ts.its_otime -#define icmp_rtime icmp_dun.id_ts.its_rtime -#define icmp_ttime icmp_dun.id_ts.its_ttime -#define icmp_ip icmp_dun.id_ip.idi_ip -#define icmp_mask icmp_dun.id_mask -#define icmp_data icmp_dun.id_data -} icmphdr_t; - -# define bcopy(a,b,c) memmove(b,a,c) -# define bcmp(a,b,c) memcmp(a,b,c) - -# define ifnet device - -#else - -typedef struct udphdr udphdr_t; -typedef struct tcphdr tcphdr_t; -typedef struct ip ip_t; -typedef struct ether_header ether_header_t; - -#endif - -#if defined(__SVR4) || defined(__svr4__) -# define bcopy(a,b,c) memmove(b,a,c) -# define bcmp(a,b,c) memcmp(a,b,c) -# define bzero(a,b) memset(a,0,b) -#endif diff --git a/contrib/ipfilter/ipsend/44arp.c b/contrib/ipfilter/ipsend/44arp.c deleted file mode 100644 index 9215959395ab..000000000000 --- a/contrib/ipfilter/ipsend/44arp.c +++ /dev/null @@ -1,120 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Based upon 4.4BSD's /usr/sbin/arp - */ -#include -#include -#include -#include -#include -#include -#include -#ifndef __osf__ -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ipsend.h" -#include "iplang/iplang.h" - - -/* - * lookup host and return - * its IP address in address - * (4 bytes) - */ -int resolve(host, address) - char *host, *address; -{ - struct hostent *hp; - u_long add; - - add = inet_addr(host); - if (add == -1) - { - if (!(hp = gethostbyname(host))) - { - fprintf(stderr, "unknown host: %s\n", host); - return -1; - } - bcopy((char *)hp->h_addr, (char *)address, 4); - return 0; - } - bcopy((char*)&add, address, 4); - return 0; -} - - -int arp(addr, eaddr) - char *addr, *eaddr; -{ - int mib[6]; - size_t needed; - char *lim, *buf, *next; - struct rt_msghdr *rtm; - struct sockaddr_in *sin; - struct sockaddr_dl *sdl; - -#ifdef IPSEND - if (arp_getipv4(addr, ether) == 0) - return 0; -#endif - - if (!addr) - return -1; - - mib[0] = CTL_NET; - mib[1] = PF_ROUTE; - mib[2] = 0; - mib[3] = AF_INET; - mib[4] = NET_RT_FLAGS; -#ifdef RTF_LLINFO - mib[5] = RTF_LLINFO; -#else - mib[5] = 0; -#endif - - if (sysctl(mib, 6, NULL, &needed, NULL, 0) == -1) - { - perror("route-sysctl-estimate"); - exit(-1); - } - if ((buf = malloc(needed)) == NULL) - { - perror("malloc"); - exit(-1); - } - if (sysctl(mib, 6, buf, &needed, NULL, 0) == -1) - { - perror("actual retrieval of routing table"); - exit(-1); - } - lim = buf + needed; - for (next = buf; next < lim; next += rtm->rtm_msglen) - { - rtm = (struct rt_msghdr *)next; - sin = (struct sockaddr_in *)(rtm + 1); - sdl = (struct sockaddr_dl *)(sin + 1); - if (!bcmp(addr, (char *)&sin->sin_addr, - sizeof(struct in_addr))) - { - bcopy(LLADDR(sdl), eaddr, sdl->sdl_alen); - return 0; - } - } - return -1; -} diff --git a/contrib/ipfilter/ipsend/Crashable b/contrib/ipfilter/ipsend/Crashable deleted file mode 100644 index c7ffcde38c32..000000000000 --- a/contrib/ipfilter/ipsend/Crashable +++ /dev/null @@ -1,21 +0,0 @@ -Test 1: - Solaris 2.4 - upto and including 101945-34, > 34 ? - Solaris 2.5 - 11/95 - Linux 1.2.13, < 1.3.45(?) - 3com/sonix bridge - Instant Internet - KA9Q NOS - Netblazer 40i, Version 3.2 OS - Irix 6.x - HP-UX 9.0 - HP-UX 10.1 - LivingstonsComOS - MacOS 7.x, 8.x - -Test 6: - SunOS 4.1.x - ULtrix 4.3 - -Test 7: - SunOS 4.1.x - Linux <= 1.3.84 diff --git a/contrib/ipfilter/ipsend/Makefile b/contrib/ipfilter/ipsend/Makefile deleted file mode 100644 index 34485efce0d6..000000000000 --- a/contrib/ipfilter/ipsend/Makefile +++ /dev/null @@ -1,183 +0,0 @@ -# -# Copyright (C) 2012 by Darren Reed. -# -# See the IPFILTER.LICENCE file for details on licencing. -# -IPFT=ipft_ef.o ipft_hx.o ipft_pc.o ipft_sn.o ipft_td.o ipft_tx.o opt.o -OBJS=ipsend.o ip.o ipsopt.o y.tab.o lex.yy.o -ROBJS=ipresend.o ip.o resend.o $(IPFT) -TOBJS=iptest.o iptests.o ip.o -BPF=sbpf.o -NIT=snit.o -SUNOS4=sock.o arp.o inet_addr.o -BSD=sock.o 44arp.o -LINUX=lsock.o slinux.o larp.o -LINUXK= -TOP=.. -SUNOS5=dlcommon.o sdlpi.o arp.o inet_addr.o -ULTRIX=ultrix.o sock.o arp.o inet_addr.o -HPUX=hpux.o sock.o arp.o inet_addr.o - -#CC=gcc -DEBUG=-g -CFLAGS=$(DEBUG) -I. -Iipf -# -MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \ - "IPFLKM=$(IPFLKM)" \ - "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \ - "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \ - "CPUDIR=$(CPUDIR)" -# -all: - @echo "Use one of these targets:" - @echo " sunos4-nit (standard SunOS 4.1.x)" - @echo " sunos4-bpf (SunOS4.1.x with BPF in the kernel)" - @echo " bsd-bpf (4.4BSD variant with BPF in the kernel)" - @echo " linux10 (Linux 1.0 kernels)" - @echo " linux12 (Linux 1.2 kernels)" - @echo " linux20 (Linux 2.0 kernels)" - @echo " sunos5 (Solaris 2.x)" - -ipf: - -if [ ! -d iplang ] ; then ln -s ../iplang iplang; fi - -if [ ! -d netinet ] ; then ln -s ../netinet netinet; fi - -if [ ! -d ipf ] ; then ln -s .. ipf; fi - -y.tab.o: iplang/iplang_y.y - -if [ -h iplang ] ; then \ - (cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=../ipsend' ) \ - else \ - (cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=..' ) \ - fi - -lex.yy.o: iplang/iplang_l.l - -if [ -h iplang ] ; then \ - (cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=../ipsend' ) \ - else \ - (cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=..' ) \ - fi - -.c.o: - $(CC) $(CFLAGS) $(LINUXK) -c $< -o $@ - -install: - -$(INSTALL) -cs -g wheel -m 755 -o root ipsend ipresend iptest $(BINDEST) - -bpf sunos4-bpf : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET -DIPSEND" "LLIB=-ll" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - -nit sunos4 sunos4-nit : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET -DIPSEND" "LLIB=-ll" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - -dlpi sunos5 : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -Dsolaris -DIPSEND" "LIBS=-lsocket -lnsl" \ - "LLIB=-ll" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -Dsolaris" "LIBS=-lsocket -lnsl" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -Dsolaris" "LIBS=-lsocket -lnsl" - -bsd-bpf : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET -DIPSEND" "LLIB=-ll" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - -linuxrev : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) $(INC) -DDOSOCKET -DIPSEND" $(LINUXK) - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) $(INC) -DDOSOCKET" $(LINUXK) - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) $(INC) -DDOSOCKET" $(LINUXK) - -linux10: - make linuxrev 'LINUXK="LINUXK=-DLINUX=0100"' \ - "INC=-I/usr/src/linux/include" "LLIB=-lfl" - -linux12: - make linuxrev 'LINUXK="LINUXK=-DLINUX=0102"' "INC=-I/usr/src/linux" \ - "LLIB=-lfl" - -linux20: - make linuxrev 'LINUXK="LINUXK=-DLINUX=0200"' \ - "INC=-I/usr/src/linux/include" "LLIB=-lfl" "ELIB=-lelf" - -ultrix : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(ULTRIX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -DIPSEND" "LIBS=" "LLIB=-ll" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(ULTRIX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS)" "LIBS=" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(ULTRIX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS)" "LIBS=" - -hpux9 : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -DIPSEND" "LIBS=" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS)" "LIBS=" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS)" "LIBS=" - -hpux11 : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -DIPSEND" "LIBS=" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS)" "LIBS=" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS)" "LIBS=" - -ipsend: ipf $(OBJS) $(UNIXOBJS) - $(CC) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) $(LLIB) $(ELIB) - -ipresend: $(ROBJS) $(UNIXOBJS) - $(CC) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS) $(ELIB) - -iptest: $(TOBJS) $(UNIXOBJS) - $(CC) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS) $(ELIB) - -ipft_ef.o: ipf/ipft_ef.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_ef.c -o $@ - -ipft_hx.o: ipf/ipft_hx.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_hx.c -o $@ - -ipft_pc.o: ipf/ipft_pc.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_pc.c -o $@ - -ipft_sn.o: ipf/ipft_sn.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_sn.c -o $@ - -ipft_td.o: ipf/ipft_td.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_td.c -o $@ - -ipft_tx.o: ipf/ipft_tx.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_tx.c -o $@ - -opt.o: ipf/opt.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/opt.c -o $@ - -inet_addr.o: ipf/inet_addr.c - $(CC) $(CFLAGS) $(LINUXK) -c ipf/inet_addr.c -o $@ - -clean: - rm -rf *.o *core a.out ipsend ipresend iptest - if [ -d iplang ]; then (cd iplang; $(MAKE) $(MFLAGS) clean); fi - if [ -d $(TOP)/iplang ]; then (cd $(TOP)/iplang; $(MAKE) $(MFLAGS) clean); fi - -do-cvs: - find . -type d -name CVS -print | xargs /bin/rm -rf - find . -type f -name .cvsignore -print | xargs /bin/rm -f diff --git a/contrib/ipfilter/ipsend/arp.c b/contrib/ipfilter/ipsend/arp.c deleted file mode 100644 index 58a1523e5db5..000000000000 --- a/contrib/ipfilter/ipsend/arp.c +++ /dev/null @@ -1,141 +0,0 @@ -/* $FreeBSD$ */ - -/* - * arp.c (C) 1995-1998 Darren Reed - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if !defined(lint) -static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id$"; -#endif -#include -#include -#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) && !defined(_AIX51) -# include -#endif -#include -#include -#include -#include -#include -#ifndef ultrix -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include "ipsend.h" -#include "iplang/iplang.h" - - -/* - * lookup host and return - * its IP address in address - * (4 bytes) - */ -int resolve(host, address) - char *host, *address; -{ - struct hostent *hp; - u_long add; - - add = inet_addr(host); - if (add == -1) - { - if (!(hp = gethostbyname(host))) - { - fprintf(stderr, "unknown host: %s\n", host); - return -1; - } - bcopy((char *)hp->h_addr, (char *)address, 4); - return 0; - } - bcopy((char*)&add, address, 4); - return 0; -} - -/* - * ARP for the MAC address corresponding - * to the IP address. This taken from - * some BSD program, I cant remember which. - */ -int arp(ip, ether) - char *ip; - char *ether; -{ - static int sfd = -1; - static char ethersave[6], ipsave[4]; - struct arpreq ar; - struct sockaddr_in *sin, san; - struct hostent *hp; - int fd; - -#ifdef IPSEND - if (arp_getipv4(ip, ether) == 0) - return 0; -#endif - if (!bcmp(ipsave, ip, 4)) { - bcopy(ethersave, ether, 6); - return 0; - } - fd = -1; - bzero((char *)&ar, sizeof(ar)); - sin = (struct sockaddr_in *)&ar.arp_pa; - sin->sin_family = AF_INET; - bcopy(ip, (char *)&sin->sin_addr.s_addr, 4); -#ifndef hpux - if ((hp = gethostbyaddr(ip, 4, AF_INET))) -# if SOLARIS && (SOLARIS2 >= 10) - if (!(ether_hostton(hp->h_name, (struct ether_addr *)ether))) -# else - if (!(ether_hostton(hp->h_name, ether))) -# endif - goto savearp; -#endif - - if (sfd == -1) - if ((sfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) - { - perror("arp: socket"); - return -1; - } -tryagain: - if (ioctl(sfd, SIOCGARP, (caddr_t)&ar) == -1) - { - if (fd == -1) - { - bzero((char *)&san, sizeof(san)); - san.sin_family = AF_INET; - san.sin_port = htons(1); - bcopy(ip, &san.sin_addr.s_addr, 4); - fd = socket(AF_INET, SOCK_DGRAM, 0); - (void) sendto(fd, ip, 4, 0, - (struct sockaddr *)&san, sizeof(san)); - sleep(1); - (void) close(fd); - goto tryagain; - } - fprintf(stderr, "(%s):", inet_ntoa(sin->sin_addr)); - if (errno != ENXIO) - perror("SIOCGARP"); - return -1; - } - - if ((ar.arp_ha.sa_data[0] == 0) && (ar.arp_ha.sa_data[1] == 0) && - (ar.arp_ha.sa_data[2] == 0) && (ar.arp_ha.sa_data[3] == 0) && - (ar.arp_ha.sa_data[4] == 0) && (ar.arp_ha.sa_data[5] == 0)) { - fprintf(stderr, "(%s):", inet_ntoa(sin->sin_addr)); - return -1; - } - - bcopy(ar.arp_ha.sa_data, ether, 6); -savearp: - bcopy(ether, ethersave, 6); - bcopy(ip, ipsave, 4); - return 0; -} diff --git a/contrib/ipfilter/ipsend/dlcommon.c b/contrib/ipfilter/ipsend/dlcommon.c deleted file mode 100644 index 55bc9423ab15..000000000000 --- a/contrib/ipfilter/ipsend/dlcommon.c +++ /dev/null @@ -1,1383 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Common (shared) DLPI test routines. - * Mostly pretty boring boilerplate sorta stuff. - * These can be split into individual library routines later - * but it's just convenient to keep them in a single file - * while they're being developed. - * - * Not supported: - * Connection Oriented stuff - * QOS stuff - */ - -/* -typedef unsigned long ulong; -*/ - - -#include -#include -#include -#ifdef __osf__ -# include -#else -# include -#endif -#include -#include -#include -#include "dltest.h" - -#define CASERET(s) case s: return ("s") - - char *dlprim(); - char *dlstate(); - char *dlerrno(); - char *dlpromisclevel(); - char *dlservicemode(); - char *dlstyle(); - char *dlmactype(); - - -void -dlinforeq(fd) - int fd; -{ - dl_info_req_t info_req; - struct strbuf ctl; - int flags; - - info_req.dl_primitive = DL_INFO_REQ; - - ctl.maxlen = 0; - ctl.len = sizeof (info_req); - ctl.buf = (char *) &info_req; - - flags = RS_HIPRI; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlinforeq: putmsg"); -} - -void -dlinfoack(fd, bufp) - int fd; - char *bufp; -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlinfoack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_INFO_ACK, dlp); - - if (ctl.len < sizeof (dl_info_ack_t)) - err("dlinfoack: response ctl.len too short: %d", ctl.len); - - if (flags != RS_HIPRI) - err("dlinfoack: DL_INFO_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_info_ack_t)) - err("dlinfoack: short response ctl.len: %d", ctl.len); -} - -void -dlattachreq(fd, ppa) - int fd; - u_long ppa; -{ - dl_attach_req_t attach_req; - struct strbuf ctl; - int flags; - - attach_req.dl_primitive = DL_ATTACH_REQ; - attach_req.dl_ppa = ppa; - - ctl.maxlen = 0; - ctl.len = sizeof (attach_req); - ctl.buf = (char *) &attach_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlattachreq: putmsg"); -} - -void -dlenabmultireq(fd, addr, length) - int fd; - char *addr; - int length; -{ - long buf[MAXDLBUF]; - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - dlp = (union DL_primitives*) buf; - - dlp->enabmulti_req.dl_primitive = DL_ENABMULTI_REQ; - dlp->enabmulti_req.dl_addr_length = length; - dlp->enabmulti_req.dl_addr_offset = sizeof (dl_enabmulti_req_t); - - (void) memcpy((char*)OFFADDR(buf, sizeof (dl_enabmulti_req_t)), addr, length); - - ctl.maxlen = 0; - ctl.len = sizeof (dl_enabmulti_req_t) + length; - ctl.buf = (char*) buf; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlenabmultireq: putmsg"); -} - -void -dldisabmultireq(fd, addr, length) - int fd; - char *addr; - int length; -{ - long buf[MAXDLBUF]; - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - dlp = (union DL_primitives*) buf; - - dlp->disabmulti_req.dl_primitive = DL_ENABMULTI_REQ; - dlp->disabmulti_req.dl_addr_length = length; - dlp->disabmulti_req.dl_addr_offset = sizeof (dl_disabmulti_req_t); - - (void) memcpy((char*)OFFADDR(buf, sizeof (dl_disabmulti_req_t)), addr, length); - - ctl.maxlen = 0; - ctl.len = sizeof (dl_disabmulti_req_t) + length; - ctl.buf = (char*) buf; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dldisabmultireq: putmsg"); -} - -void -dlpromisconreq(fd, level) - int fd; - u_long level; -{ - dl_promiscon_req_t promiscon_req; - struct strbuf ctl; - int flags; - - promiscon_req.dl_primitive = DL_PROMISCON_REQ; - promiscon_req.dl_level = level; - - ctl.maxlen = 0; - ctl.len = sizeof (promiscon_req); - ctl.buf = (char *) &promiscon_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlpromiscon: putmsg"); - -} - -void -dlpromiscoff(fd, level) - int fd; - u_long level; -{ - dl_promiscoff_req_t promiscoff_req; - struct strbuf ctl; - int flags; - - promiscoff_req.dl_primitive = DL_PROMISCOFF_REQ; - promiscoff_req.dl_level = level; - - ctl.maxlen = 0; - ctl.len = sizeof (promiscoff_req); - ctl.buf = (char *) &promiscoff_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlpromiscoff: putmsg"); -} - -void -dlphysaddrreq(fd, addrtype) - int fd; - u_long addrtype; -{ - dl_phys_addr_req_t phys_addr_req; - struct strbuf ctl; - int flags; - - phys_addr_req.dl_primitive = DL_PHYS_ADDR_REQ; - phys_addr_req.dl_addr_type = addrtype; - - ctl.maxlen = 0; - ctl.len = sizeof (phys_addr_req); - ctl.buf = (char *) &phys_addr_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlphysaddrreq: putmsg"); -} - -void -dlsetphysaddrreq(fd, addr, length) - int fd; - char *addr; - int length; -{ - long buf[MAXDLBUF]; - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - dlp = (union DL_primitives*) buf; - - dlp->set_physaddr_req.dl_primitive = DL_ENABMULTI_REQ; - dlp->set_physaddr_req.dl_addr_length = length; - dlp->set_physaddr_req.dl_addr_offset = sizeof (dl_set_phys_addr_req_t); - - (void) memcpy((char*)OFFADDR(buf, sizeof (dl_set_phys_addr_req_t)), addr, length); - - ctl.maxlen = 0; - ctl.len = sizeof (dl_set_phys_addr_req_t) + length; - ctl.buf = (char*) buf; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlsetphysaddrreq: putmsg"); -} - -void -dldetachreq(fd) - int fd; -{ - dl_detach_req_t detach_req; - struct strbuf ctl; - int flags; - - detach_req.dl_primitive = DL_DETACH_REQ; - - ctl.maxlen = 0; - ctl.len = sizeof (detach_req); - ctl.buf = (char *) &detach_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dldetachreq: putmsg"); -} - -void -dlbindreq(fd, sap, max_conind, service_mode, conn_mgmt, xidtest) - int fd; - u_long sap; - u_long max_conind; - u_long service_mode; - u_long conn_mgmt; - u_long xidtest; -{ - dl_bind_req_t bind_req; - struct strbuf ctl; - int flags; - - bind_req.dl_primitive = DL_BIND_REQ; - bind_req.dl_sap = sap; - bind_req.dl_max_conind = max_conind; - bind_req.dl_service_mode = service_mode; - bind_req.dl_conn_mgmt = conn_mgmt; - bind_req.dl_xidtest_flg = xidtest; - - ctl.maxlen = 0; - ctl.len = sizeof (bind_req); - ctl.buf = (char *) &bind_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlbindreq: putmsg"); -} - -void -dlunitdatareq(fd, addrp, addrlen, minpri, maxpri, datap, datalen) - int fd; - u_char *addrp; - int addrlen; - u_long minpri, maxpri; - u_char *datap; - int datalen; -{ - long buf[MAXDLBUF]; - union DL_primitives *dlp; - struct strbuf data, ctl; - - dlp = (union DL_primitives*) buf; - - dlp->unitdata_req.dl_primitive = DL_UNITDATA_REQ; - dlp->unitdata_req.dl_dest_addr_length = addrlen; - dlp->unitdata_req.dl_dest_addr_offset = sizeof (dl_unitdata_req_t); - dlp->unitdata_req.dl_priority.dl_min = minpri; - dlp->unitdata_req.dl_priority.dl_max = maxpri; - - (void) memcpy(OFFADDR(dlp, sizeof (dl_unitdata_req_t)), addrp, addrlen); - - ctl.maxlen = 0; - ctl.len = sizeof (dl_unitdata_req_t) + addrlen; - ctl.buf = (char *) buf; - - data.maxlen = 0; - data.len = datalen; - data.buf = (char *) datap; - - if (putmsg(fd, &ctl, &data, 0) < 0) - syserr("dlunitdatareq: putmsg"); -} - -void -dlunbindreq(fd) - int fd; -{ - dl_unbind_req_t unbind_req; - struct strbuf ctl; - int flags; - - unbind_req.dl_primitive = DL_UNBIND_REQ; - - ctl.maxlen = 0; - ctl.len = sizeof (unbind_req); - ctl.buf = (char *) &unbind_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlunbindreq: putmsg"); -} - -void -dlokack(fd, bufp) - int fd; - char *bufp; -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlokack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_OK_ACK, dlp); - - if (ctl.len < sizeof (dl_ok_ack_t)) - err("dlokack: response ctl.len too short: %d", ctl.len); - - if (flags != RS_HIPRI) - err("dlokack: DL_OK_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_ok_ack_t)) - err("dlokack: short response ctl.len: %d", ctl.len); -} - -void -dlerrorack(fd, bufp) - int fd; - char *bufp; -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlerrorack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_ERROR_ACK, dlp); - - if (ctl.len < sizeof (dl_error_ack_t)) - err("dlerrorack: response ctl.len too short: %d", ctl.len); - - if (flags != RS_HIPRI) - err("dlerrorack: DL_OK_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_error_ack_t)) - err("dlerrorack: short response ctl.len: %d", ctl.len); -} - -void -dlbindack(fd, bufp) - int fd; - char *bufp; -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlbindack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_BIND_ACK, dlp); - - if (flags != RS_HIPRI) - err("dlbindack: DL_OK_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_bind_ack_t)) - err("dlbindack: short response ctl.len: %d", ctl.len); -} - -void -dlphysaddrack(fd, bufp) - int fd; - char *bufp; -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlphysaddrack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_PHYS_ADDR_ACK, dlp); - - if (flags != RS_HIPRI) - err("dlbindack: DL_OK_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_phys_addr_ack_t)) - err("dlphysaddrack: short response ctl.len: %d", ctl.len); -} - -void -sigalrm() -{ - (void) err("sigalrm: TIMEOUT"); -} - -strgetmsg(fd, ctlp, datap, flagsp, caller) - int fd; - struct strbuf *ctlp, *datap; - int *flagsp; - char *caller; -{ - int rc; - static char errmsg[80]; - - /* - * Start timer. - */ - (void) signal(SIGALRM, sigalrm); - if (alarm(MAXWAIT) < 0) { - (void) sprintf(errmsg, "%s: alarm", caller); - syserr(errmsg); - } - - /* - * Set flags argument and issue getmsg(). - */ - *flagsp = 0; - if ((rc = getmsg(fd, ctlp, datap, flagsp)) < 0) { - (void) sprintf(errmsg, "%s: getmsg", caller); - syserr(errmsg); - } - - /* - * Stop timer. - */ - if (alarm(0) < 0) { - (void) sprintf(errmsg, "%s: alarm", caller); - syserr(errmsg); - } - - /* - * Check for MOREDATA and/or MORECTL. - */ - if ((rc & (MORECTL | MOREDATA)) == (MORECTL | MOREDATA)) - err("%s: MORECTL|MOREDATA", caller); - if (rc & MORECTL) - err("%s: MORECTL", caller); - if (rc & MOREDATA) - err("%s: MOREDATA", caller); - - /* - * Check for at least sizeof (long) control data portion. - */ - if (ctlp->len < sizeof (long)) - err("getmsg: control portion length < sizeof (long): %d", ctlp->len); -} - -expecting(prim, dlp) - int prim; - union DL_primitives *dlp; -{ - if (dlp->dl_primitive != (u_long)prim) { - printdlprim(dlp); - err("expected %s got %s", dlprim(prim), - dlprim(dlp->dl_primitive)); - exit(1); - } -} - -/* - * Print any DLPI msg in human readable format. - */ -printdlprim(dlp) - union DL_primitives *dlp; -{ - switch (dlp->dl_primitive) { - case DL_INFO_REQ: - printdlinforeq(dlp); - break; - - case DL_INFO_ACK: - printdlinfoack(dlp); - break; - - case DL_ATTACH_REQ: - printdlattachreq(dlp); - break; - - case DL_OK_ACK: - printdlokack(dlp); - break; - - case DL_ERROR_ACK: - printdlerrorack(dlp); - break; - - case DL_DETACH_REQ: - printdldetachreq(dlp); - break; - - case DL_BIND_REQ: - printdlbindreq(dlp); - break; - - case DL_BIND_ACK: - printdlbindack(dlp); - break; - - case DL_UNBIND_REQ: - printdlunbindreq(dlp); - break; - - case DL_SUBS_BIND_REQ: - printdlsubsbindreq(dlp); - break; - - case DL_SUBS_BIND_ACK: - printdlsubsbindack(dlp); - break; - - case DL_SUBS_UNBIND_REQ: - printdlsubsunbindreq(dlp); - break; - - case DL_ENABMULTI_REQ: - printdlenabmultireq(dlp); - break; - - case DL_DISABMULTI_REQ: - printdldisabmultireq(dlp); - break; - - case DL_PROMISCON_REQ: - printdlpromisconreq(dlp); - break; - - case DL_PROMISCOFF_REQ: - printdlpromiscoffreq(dlp); - break; - - case DL_UNITDATA_REQ: - printdlunitdatareq(dlp); - break; - - case DL_UNITDATA_IND: - printdlunitdataind(dlp); - break; - - case DL_UDERROR_IND: - printdluderrorind(dlp); - break; - - case DL_UDQOS_REQ: - printdludqosreq(dlp); - break; - - case DL_PHYS_ADDR_REQ: - printdlphysaddrreq(dlp); - break; - - case DL_PHYS_ADDR_ACK: - printdlphysaddrack(dlp); - break; - - case DL_SET_PHYS_ADDR_REQ: - printdlsetphysaddrreq(dlp); - break; - - default: - err("printdlprim: unknown primitive type 0x%x", - dlp->dl_primitive); - break; - } -} - -/* ARGSUSED */ -printdlinforeq(dlp) - union DL_primitives *dlp; -{ - (void) printf("DL_INFO_REQ\n"); -} - -printdlinfoack(dlp) - union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - u_char brdcst[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->info_ack.dl_addr_offset), - dlp->info_ack.dl_addr_length, addr); - addrtostring(OFFADDR(dlp, dlp->info_ack.dl_brdcst_addr_offset), - dlp->info_ack.dl_brdcst_addr_length, brdcst); - - (void) printf("DL_INFO_ACK: max_sdu %d min_sdu %d\n", - dlp->info_ack.dl_max_sdu, - dlp->info_ack.dl_min_sdu); - (void) printf("addr_length %d mac_type %s current_state %s\n", - dlp->info_ack.dl_addr_length, - dlmactype(dlp->info_ack.dl_mac_type), - dlstate(dlp->info_ack.dl_current_state)); - (void) printf("sap_length %d service_mode %s qos_length %d\n", - dlp->info_ack.dl_sap_length, - dlservicemode(dlp->info_ack.dl_service_mode), - dlp->info_ack.dl_qos_length); - (void) printf("qos_offset %d qos_range_length %d qos_range_offset %d\n", - dlp->info_ack.dl_qos_offset, - dlp->info_ack.dl_qos_range_length, - dlp->info_ack.dl_qos_range_offset); - (void) printf("provider_style %s addr_offset %d version %d\n", - dlstyle(dlp->info_ack.dl_provider_style), - dlp->info_ack.dl_addr_offset, - dlp->info_ack.dl_version); - (void) printf("brdcst_addr_length %d brdcst_addr_offset %d\n", - dlp->info_ack.dl_brdcst_addr_length, - dlp->info_ack.dl_brdcst_addr_offset); - (void) printf("addr %s\n", addr); - (void) printf("brdcst_addr %s\n", brdcst); -} - -printdlattachreq(dlp) - union DL_primitives *dlp; -{ - (void) printf("DL_ATTACH_REQ: ppa %d\n", - dlp->attach_req.dl_ppa); -} - -printdlokack(dlp) - union DL_primitives *dlp; -{ - (void) printf("DL_OK_ACK: correct_primitive %s\n", - dlprim(dlp->ok_ack.dl_correct_primitive)); -} - -printdlerrorack(dlp) - union DL_primitives *dlp; -{ - (void) printf("DL_ERROR_ACK: error_primitive %s errno %s unix_errno %d: %s\n", - dlprim(dlp->error_ack.dl_error_primitive), - dlerrno(dlp->error_ack.dl_errno), - dlp->error_ack.dl_unix_errno, - strerror(dlp->error_ack.dl_unix_errno)); -} - -printdlenabmultireq(dlp) - union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->enabmulti_req.dl_addr_offset), - dlp->enabmulti_req.dl_addr_length, addr); - - (void) printf("DL_ENABMULTI_REQ: addr_length %d addr_offset %d\n", - dlp->enabmulti_req.dl_addr_length, - dlp->enabmulti_req.dl_addr_offset); - (void) printf("addr %s\n", addr); -} - -printdldisabmultireq(dlp) - union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->disabmulti_req.dl_addr_offset), - dlp->disabmulti_req.dl_addr_length, addr); - - (void) printf("DL_DISABMULTI_REQ: addr_length %d addr_offset %d\n", - dlp->disabmulti_req.dl_addr_length, - dlp->disabmulti_req.dl_addr_offset); - (void) printf("addr %s\n", addr); -} - -printdlpromisconreq(dlp) - union DL_primitives *dlp; -{ - (void) printf("DL_PROMISCON_REQ: level %s\n", - dlpromisclevel(dlp->promiscon_req.dl_level)); -} - -printdlpromiscoffreq(dlp) - union DL_primitives *dlp; -{ - (void) printf("DL_PROMISCOFF_REQ: level %s\n", - dlpromisclevel(dlp->promiscoff_req.dl_level)); -} - -printdlphysaddrreq(dlp) - union DL_primitives *dlp; -{ - (void) printf("DL_PHYS_ADDR_REQ: addr_type 0x%x\n", - dlp->physaddr_req.dl_addr_type); -} - -printdlphysaddrack(dlp) - union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->physaddr_ack.dl_addr_offset), - dlp->physaddr_ack.dl_addr_length, addr); - - (void) printf("DL_PHYS_ADDR_ACK: addr_length %d addr_offset %d\n", - dlp->physaddr_ack.dl_addr_length, - dlp->physaddr_ack.dl_addr_offset); - (void) printf("addr %s\n", addr); -} - -printdlsetphysaddrreq(dlp) - union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->set_physaddr_req.dl_addr_offset), - dlp->set_physaddr_req.dl_addr_length, addr); - - (void) printf("DL_SET_PHYS_ADDR_REQ: addr_length %d addr_offset %d\n", - dlp->set_physaddr_req.dl_addr_length, - dlp->set_physaddr_req.dl_addr_offset); - (void) printf("addr %s\n", addr); -} - -/* ARGSUSED */ -printdldetachreq(dlp) - union DL_primitives *dlp; -{ - (void) printf("DL_DETACH_REQ\n"); -} - -printdlbindreq(dlp) - union DL_primitives *dlp; -{ - (void) printf("DL_BIND_REQ: sap %d max_conind %d\n", - dlp->bind_req.dl_sap, - dlp->bind_req.dl_max_conind); - (void) printf("service_mode %s conn_mgmt %d xidtest_flg 0x%x\n", - dlservicemode(dlp->bind_req.dl_service_mode), - dlp->bind_req.dl_conn_mgmt, - dlp->bind_req.dl_xidtest_flg); -} - -printdlbindack(dlp) - union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->bind_ack.dl_addr_offset), - dlp->bind_ack.dl_addr_length, addr); - - (void) printf("DL_BIND_ACK: sap %d addr_length %d addr_offset %d\n", - dlp->bind_ack.dl_sap, - dlp->bind_ack.dl_addr_length, - dlp->bind_ack.dl_addr_offset); - (void) printf("max_conind %d xidtest_flg 0x%x\n", - dlp->bind_ack.dl_max_conind, - dlp->bind_ack.dl_xidtest_flg); - (void) printf("addr %s\n", addr); -} - -/* ARGSUSED */ -printdlunbindreq(dlp) - union DL_primitives *dlp; -{ - (void) printf("DL_UNBIND_REQ\n"); -} - -printdlsubsbindreq(dlp) - union DL_primitives *dlp; -{ - u_char sap[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->subs_bind_req.dl_subs_sap_offset), - dlp->subs_bind_req.dl_subs_sap_length, sap); - - (void) printf("DL_SUBS_BIND_REQ: subs_sap_offset %d sub_sap_len %d\n", - dlp->subs_bind_req.dl_subs_sap_offset, - dlp->subs_bind_req.dl_subs_sap_length); - (void) printf("sap %s\n", sap); -} - -printdlsubsbindack(dlp) - union DL_primitives *dlp; -{ - u_char sap[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->subs_bind_ack.dl_subs_sap_offset), - dlp->subs_bind_ack.dl_subs_sap_length, sap); - - (void) printf("DL_SUBS_BIND_ACK: subs_sap_offset %d sub_sap_length %d\n", - dlp->subs_bind_ack.dl_subs_sap_offset, - dlp->subs_bind_ack.dl_subs_sap_length); - (void) printf("sap %s\n", sap); -} - -printdlsubsunbindreq(dlp) - union DL_primitives *dlp; -{ - u_char sap[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->subs_unbind_req.dl_subs_sap_offset), - dlp->subs_unbind_req.dl_subs_sap_length, sap); - - (void) printf("DL_SUBS_UNBIND_REQ: subs_sap_offset %d sub_sap_length %d\n", - dlp->subs_unbind_req.dl_subs_sap_offset, - dlp->subs_unbind_req.dl_subs_sap_length); - (void) printf("sap %s\n", sap); -} - -printdlunitdatareq(dlp) - union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->unitdata_req.dl_dest_addr_offset), - dlp->unitdata_req.dl_dest_addr_length, addr); - - (void) printf("DL_UNITDATA_REQ: dest_addr_length %d dest_addr_offset %d\n", - dlp->unitdata_req.dl_dest_addr_length, - dlp->unitdata_req.dl_dest_addr_offset); - (void) printf("dl_priority.min %d dl_priority.max %d\n", - dlp->unitdata_req.dl_priority.dl_min, - dlp->unitdata_req.dl_priority.dl_max); - (void) printf("addr %s\n", addr); -} - -printdlunitdataind(dlp) - union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - u_char src[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->unitdata_ind.dl_dest_addr_offset), - dlp->unitdata_ind.dl_dest_addr_length, dest); - addrtostring(OFFADDR(dlp, dlp->unitdata_ind.dl_src_addr_offset), - dlp->unitdata_ind.dl_src_addr_length, src); - - (void) printf("DL_UNITDATA_IND: dest_addr_length %d dest_addr_offset %d\n", - dlp->unitdata_ind.dl_dest_addr_length, - dlp->unitdata_ind.dl_dest_addr_offset); - (void) printf("src_addr_length %d src_addr_offset %d\n", - dlp->unitdata_ind.dl_src_addr_length, - dlp->unitdata_ind.dl_src_addr_offset); - (void) printf("group_address 0x%x\n", - dlp->unitdata_ind.dl_group_address); - (void) printf("dest %s\n", dest); - (void) printf("src %s\n", src); -} - -printdluderrorind(dlp) - union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->uderror_ind.dl_dest_addr_offset), - dlp->uderror_ind.dl_dest_addr_length, addr); - - (void) printf("DL_UDERROR_IND: dest_addr_length %d dest_addr_offset %d\n", - dlp->uderror_ind.dl_dest_addr_length, - dlp->uderror_ind.dl_dest_addr_offset); - (void) printf("unix_errno %d errno %s\n", - dlp->uderror_ind.dl_unix_errno, - dlerrno(dlp->uderror_ind.dl_errno)); - (void) printf("addr %s\n", addr); -} - -printdltestreq(dlp) - union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->test_req.dl_dest_addr_offset), - dlp->test_req.dl_dest_addr_length, addr); - - (void) printf("DL_TEST_REQ: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->test_req.dl_flag, - dlp->test_req.dl_dest_addr_length, - dlp->test_req.dl_dest_addr_offset); - (void) printf("dest_addr %s\n", addr); -} - -printdltestind(dlp) - union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - u_char src[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->test_ind.dl_dest_addr_offset), - dlp->test_ind.dl_dest_addr_length, dest); - addrtostring(OFFADDR(dlp, dlp->test_ind.dl_src_addr_offset), - dlp->test_ind.dl_src_addr_length, src); - - (void) printf("DL_TEST_IND: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->test_ind.dl_flag, - dlp->test_ind.dl_dest_addr_length, - dlp->test_ind.dl_dest_addr_offset); - (void) printf("src_addr_length %d src_addr_offset %d\n", - dlp->test_ind.dl_src_addr_length, - dlp->test_ind.dl_src_addr_offset); - (void) printf("dest_addr %s\n", dest); - (void) printf("src_addr %s\n", src); -} - -printdltestres(dlp) - union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->test_res.dl_dest_addr_offset), - dlp->test_res.dl_dest_addr_length, dest); - - (void) printf("DL_TEST_RES: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->test_res.dl_flag, - dlp->test_res.dl_dest_addr_length, - dlp->test_res.dl_dest_addr_offset); - (void) printf("dest_addr %s\n", dest); -} - -printdltestcon(dlp) - union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - u_char src[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->test_con.dl_dest_addr_offset), - dlp->test_con.dl_dest_addr_length, dest); - addrtostring(OFFADDR(dlp, dlp->test_con.dl_src_addr_offset), - dlp->test_con.dl_src_addr_length, src); - - (void) printf("DL_TEST_CON: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->test_con.dl_flag, - dlp->test_con.dl_dest_addr_length, - dlp->test_con.dl_dest_addr_offset); - (void) printf("src_addr_length %d src_addr_offset %d\n", - dlp->test_con.dl_src_addr_length, - dlp->test_con.dl_src_addr_offset); - (void) printf("dest_addr %s\n", dest); - (void) printf("src_addr %s\n", src); -} - -printdlxidreq(dlp) - union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->xid_req.dl_dest_addr_offset), - dlp->xid_req.dl_dest_addr_length, dest); - - (void) printf("DL_XID_REQ: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->xid_req.dl_flag, - dlp->xid_req.dl_dest_addr_length, - dlp->xid_req.dl_dest_addr_offset); - (void) printf("dest_addr %s\n", dest); -} - -printdlxidind(dlp) - union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - u_char src[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->xid_ind.dl_dest_addr_offset), - dlp->xid_ind.dl_dest_addr_length, dest); - addrtostring(OFFADDR(dlp, dlp->xid_ind.dl_src_addr_offset), - dlp->xid_ind.dl_src_addr_length, src); - - (void) printf("DL_XID_IND: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->xid_ind.dl_flag, - dlp->xid_ind.dl_dest_addr_length, - dlp->xid_ind.dl_dest_addr_offset); - (void) printf("src_addr_length %d src_addr_offset %d\n", - dlp->xid_ind.dl_src_addr_length, - dlp->xid_ind.dl_src_addr_offset); - (void) printf("dest_addr %s\n", dest); - (void) printf("src_addr %s\n", src); -} - -printdlxidres(dlp) - union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->xid_res.dl_dest_addr_offset), - dlp->xid_res.dl_dest_addr_length, dest); - - (void) printf("DL_XID_RES: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->xid_res.dl_flag, - dlp->xid_res.dl_dest_addr_length, - dlp->xid_res.dl_dest_addr_offset); - (void) printf("dest_addr %s\n", dest); -} - -printdlxidcon(dlp) - union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - u_char src[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->xid_con.dl_dest_addr_offset), - dlp->xid_con.dl_dest_addr_length, dest); - addrtostring(OFFADDR(dlp, dlp->xid_con.dl_src_addr_offset), - dlp->xid_con.dl_src_addr_length, src); - - (void) printf("DL_XID_CON: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->xid_con.dl_flag, - dlp->xid_con.dl_dest_addr_length, - dlp->xid_con.dl_dest_addr_offset); - (void) printf("src_addr_length %d src_addr_offset %d\n", - dlp->xid_con.dl_src_addr_length, - dlp->xid_con.dl_src_addr_offset); - (void) printf("dest_addr %s\n", dest); - (void) printf("src_addr %s\n", src); -} - -printdludqosreq(dlp) - union DL_primitives *dlp; -{ - (void) printf("DL_UDQOS_REQ: qos_length %d qos_offset %d\n", - dlp->udqos_req.dl_qos_length, - dlp->udqos_req.dl_qos_offset); -} - -/* - * Return string. - */ -addrtostring(addr, length, s) - u_char *addr; - u_long length; - u_char *s; -{ - int i; - - for (i = 0; i < length; i++) { - (void) sprintf((char*) s, "%x:", addr[i] & 0xff); - s = s + strlen((char*)s); - } - if (length) - *(--s) = '\0'; -} - -/* - * Return length - */ -stringtoaddr(sp, addr) - char *sp; - char *addr; -{ - int n = 0; - char *p; - int val; - - p = sp; - while (p = strtok(p, ":")) { - if (sscanf(p, "%x", &val) != 1) - err("stringtoaddr: invalid input string: %s", sp); - if (val > 0xff) - err("stringtoaddr: invalid input string: %s", sp); - *addr++ = val; - n++; - p = NULL; - } - - return (n); -} - - -static char -hexnibble(c) - char c; -{ - static char hextab[] = { - '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', - 'a', 'b', 'c', 'd', 'e', 'f' - }; - - return (hextab[c & 0x0f]); -} - -char* -dlprim(prim) - u_long prim; -{ - static char primbuf[80]; - - switch ((int)prim) { - CASERET(DL_INFO_REQ); - CASERET(DL_INFO_ACK); - CASERET(DL_ATTACH_REQ); - CASERET(DL_DETACH_REQ); - CASERET(DL_BIND_REQ); - CASERET(DL_BIND_ACK); - CASERET(DL_UNBIND_REQ); - CASERET(DL_OK_ACK); - CASERET(DL_ERROR_ACK); - CASERET(DL_SUBS_BIND_REQ); - CASERET(DL_SUBS_BIND_ACK); - CASERET(DL_UNITDATA_REQ); - CASERET(DL_UNITDATA_IND); - CASERET(DL_UDERROR_IND); - CASERET(DL_UDQOS_REQ); - CASERET(DL_CONNECT_REQ); - CASERET(DL_CONNECT_IND); - CASERET(DL_CONNECT_RES); - CASERET(DL_CONNECT_CON); - CASERET(DL_TOKEN_REQ); - CASERET(DL_TOKEN_ACK); - CASERET(DL_DISCONNECT_REQ); - CASERET(DL_DISCONNECT_IND); - CASERET(DL_RESET_REQ); - CASERET(DL_RESET_IND); - CASERET(DL_RESET_RES); - CASERET(DL_RESET_CON); - default: - (void) sprintf(primbuf, "unknown primitive 0x%x", prim); - return (primbuf); - } -} - - -char* -dlstate(state) - u_long state; -{ - static char statebuf[80]; - - switch (state) { - CASERET(DL_UNATTACHED); - CASERET(DL_ATTACH_PENDING); - CASERET(DL_DETACH_PENDING); - CASERET(DL_UNBOUND); - CASERET(DL_BIND_PENDING); - CASERET(DL_UNBIND_PENDING); - CASERET(DL_IDLE); - CASERET(DL_UDQOS_PENDING); - CASERET(DL_OUTCON_PENDING); - CASERET(DL_INCON_PENDING); - CASERET(DL_CONN_RES_PENDING); - CASERET(DL_DATAXFER); - CASERET(DL_USER_RESET_PENDING); - CASERET(DL_PROV_RESET_PENDING); - CASERET(DL_RESET_RES_PENDING); - CASERET(DL_DISCON8_PENDING); - CASERET(DL_DISCON9_PENDING); - CASERET(DL_DISCON11_PENDING); - CASERET(DL_DISCON12_PENDING); - CASERET(DL_DISCON13_PENDING); - CASERET(DL_SUBS_BIND_PND); - default: - (void) sprintf(statebuf, "unknown state 0x%x", state); - return (statebuf); - } -} - -char* -dlerrno(errno) - u_long errno; -{ - static char errnobuf[80]; - - switch (errno) { - CASERET(DL_ACCESS); - CASERET(DL_BADADDR); - CASERET(DL_BADCORR); - CASERET(DL_BADDATA); - CASERET(DL_BADPPA); - CASERET(DL_BADPRIM); - CASERET(DL_BADQOSPARAM); - CASERET(DL_BADQOSTYPE); - CASERET(DL_BADSAP); - CASERET(DL_BADTOKEN); - CASERET(DL_BOUND); - CASERET(DL_INITFAILED); - CASERET(DL_NOADDR); - CASERET(DL_NOTINIT); - CASERET(DL_OUTSTATE); - CASERET(DL_SYSERR); - CASERET(DL_UNSUPPORTED); - CASERET(DL_UNDELIVERABLE); - CASERET(DL_NOTSUPPORTED); - CASERET(DL_TOOMANY); - CASERET(DL_NOTENAB); - CASERET(DL_BUSY); - CASERET(DL_NOAUTO); - CASERET(DL_NOXIDAUTO); - CASERET(DL_NOTESTAUTO); - CASERET(DL_XIDAUTO); - CASERET(DL_TESTAUTO); - CASERET(DL_PENDING); - - default: - (void) sprintf(errnobuf, "unknown dlpi errno 0x%x", errno); - return (errnobuf); - } -} - -char* -dlpromisclevel(level) - u_long level; -{ - static char levelbuf[80]; - - switch (level) { - CASERET(DL_PROMISC_PHYS); - CASERET(DL_PROMISC_SAP); - CASERET(DL_PROMISC_MULTI); - default: - (void) sprintf(levelbuf, "unknown promisc level 0x%x", level); - return (levelbuf); - } -} - -char* -dlservicemode(servicemode) - u_long servicemode; -{ - static char servicemodebuf[80]; - - switch (servicemode) { - CASERET(DL_CODLS); - CASERET(DL_CLDLS); - CASERET(DL_CODLS|DL_CLDLS); - default: - (void) sprintf(servicemodebuf, - "unknown provider service mode 0x%x", servicemode); - return (servicemodebuf); - } -} - -char* -dlstyle(style) - long style; -{ - static char stylebuf[80]; - - switch (style) { - CASERET(DL_STYLE1); - CASERET(DL_STYLE2); - default: - (void) sprintf(stylebuf, "unknown provider style 0x%x", style); - return (stylebuf); - } -} - -char* -dlmactype(media) - u_long media; -{ - static char mediabuf[80]; - - switch (media) { - CASERET(DL_CSMACD); - CASERET(DL_TPB); - CASERET(DL_TPR); - CASERET(DL_METRO); - CASERET(DL_ETHER); - CASERET(DL_HDLC); - CASERET(DL_CHAR); - CASERET(DL_CTCA); - default: - (void) sprintf(mediabuf, "unknown media type 0x%x", media); - return (mediabuf); - } -} - -/*VARARGS1*/ -err(fmt, a1, a2, a3, a4) - char *fmt; - char *a1, *a2, *a3, *a4; -{ - (void) fprintf(stderr, fmt, a1, a2, a3, a4); - (void) fprintf(stderr, "\n"); - (void) exit(1); -} - -syserr(s) - char *s; -{ - (void) perror(s); - exit(1); -} - -strioctl(fd, cmd, timout, len, dp) - int fd; - int cmd; - int timout; - int len; - char *dp; -{ - struct strioctl sioc; - int rc; - - sioc.ic_cmd = cmd; - sioc.ic_timout = timout; - sioc.ic_len = len; - sioc.ic_dp = dp; - rc = ioctl(fd, I_STR, &sioc); - - if (rc < 0) - return (rc); - else - return (sioc.ic_len); -} diff --git a/contrib/ipfilter/ipsend/dltest.h b/contrib/ipfilter/ipsend/dltest.h deleted file mode 100644 index 086782c1fbb7..000000000000 --- a/contrib/ipfilter/ipsend/dltest.h +++ /dev/null @@ -1,34 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Common DLPI Test Suite header file - * - */ - -/* - * Maximum control/data buffer size (in long's !!) for getmsg(). - */ -#define MAXDLBUF 8192 - -/* - * Maximum number of seconds we'll wait for any - * particular DLPI acknowledgment from the provider - * after issuing a request. - */ -#define MAXWAIT 15 - -/* - * Maximum address buffer length. - */ -#define MAXDLADDR 1024 - - -/* - * Handy macro. - */ -#define OFFADDR(s, n) (u_char*)((char*)(s) + (int)(n)) - -/* - * externs go here - */ -extern void sigalrm(); diff --git a/contrib/ipfilter/ipsend/ip.c b/contrib/ipfilter/ipsend/ip.c deleted file mode 100644 index fc7617065ac7..000000000000 --- a/contrib/ipfilter/ipsend/ip.c +++ /dev/null @@ -1,364 +0,0 @@ -/* $FreeBSD$ */ - -/* - * ip.c (C) 1995-1998 Darren Reed - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C)1995"; -static const char rcsid[] = "@(#)$Id$"; -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -# include -# include -# include -#endif -#include -#include -#include -#include -#include -#include "ipsend.h" - - -static char *ipbuf = NULL, *ethbuf = NULL; - - -u_short chksum(buf,len) - u_short *buf; - int len; -{ - u_long sum = 0; - int nwords = len >> 1; - - for(; nwords > 0; nwords--) - sum += *buf++; - sum = (sum>>16) + (sum & 0xffff); - sum += (sum >>16); - return (~sum); -} - - -int send_ether(nfd, buf, len, gwip) - int nfd, len; - char *buf; - struct in_addr gwip; -{ - static struct in_addr last_gw; - static char last_arp[6] = { 0, 0, 0, 0, 0, 0}; - ether_header_t *eh; - char *s; - int err; - - if (!ethbuf) - ethbuf = (char *)calloc(1, 65536+1024); - s = ethbuf; - eh = (ether_header_t *)s; - - bcopy((char *)buf, s + sizeof(*eh), len); - if (gwip.s_addr == last_gw.s_addr) - { - bcopy(last_arp, (char *)A_A eh->ether_dhost, 6); - } - else if (arp((char *)&gwip, (char *)A_A eh->ether_dhost) == -1) - { - perror("arp"); - return -2; - } - eh->ether_type = htons(ETHERTYPE_IP); - last_gw.s_addr = gwip.s_addr; - err = sendip(nfd, s, sizeof(*eh) + len); - return err; -} - - -/* - */ -int send_ip(nfd, mtu, ip, gwip, frag) - int nfd, mtu; - ip_t *ip; - struct in_addr gwip; - int frag; -{ - static struct in_addr last_gw, local_ip; - static char local_arp[6] = { 0, 0, 0, 0, 0, 0}; - static char last_arp[6] = { 0, 0, 0, 0, 0, 0}; - static u_short id = 0; - ether_header_t *eh; - ip_t ipsv; - int err, iplen; - - if (!ipbuf) - { - ipbuf = (char *)malloc(65536); - if (!ipbuf) - { - perror("malloc failed"); - return -2; - } - } - - eh = (ether_header_t *)ipbuf; - - bzero((char *)A_A eh->ether_shost, sizeof(eh->ether_shost)); - if (last_gw.s_addr && (gwip.s_addr == last_gw.s_addr)) - { - bcopy(last_arp, (char *)A_A eh->ether_dhost, 6); - } - else if (arp((char *)&gwip, (char *)A_A eh->ether_dhost) == -1) - { - perror("arp"); - return -2; - } - bcopy((char *)A_A eh->ether_dhost, last_arp, sizeof(last_arp)); - eh->ether_type = htons(ETHERTYPE_IP); - - bcopy((char *)ip, (char *)&ipsv, sizeof(*ip)); - last_gw.s_addr = gwip.s_addr; - iplen = ip->ip_len; - ip->ip_len = htons(iplen); - if (!(frag & 2)) { - if (!IP_V(ip)) - IP_V_A(ip, IPVERSION); - if (!ip->ip_id) - ip->ip_id = htons(id++); - if (!ip->ip_ttl) - ip->ip_ttl = 60; - } - - if (ip->ip_src.s_addr != local_ip.s_addr) { - (void) arp((char *)&ip->ip_src, (char *)A_A local_arp); - bcopy(local_arp, (char *)A_A eh->ether_shost,sizeof(last_arp)); - local_ip = ip->ip_src; - } else - bcopy(local_arp, (char *)A_A eh->ether_shost, 6); - - if (!frag || (sizeof(*eh) + iplen < mtu)) - { - ip->ip_sum = 0; - ip->ip_sum = chksum((u_short *)ip, IP_HL(ip) << 2); - - bcopy((char *)ip, ipbuf + sizeof(*eh), iplen); - err = sendip(nfd, ipbuf, sizeof(*eh) + iplen); - } - else - { - /* - * Actually, this is bogus because we're putting all IP - * options in every packet, which isn't always what should be - * done. Will do for now. - */ - ether_header_t eth; - char optcpy[48], ol; - char *s; - int i, sent = 0, ts, hlen, olen; - - hlen = IP_HL(ip) << 2; - if (mtu < (hlen + 8)) { - fprintf(stderr, "mtu (%d) < ip header size (%d) + 8\n", - mtu, hlen); - fprintf(stderr, "can't fragment data\n"); - return -2; - } - ol = (IP_HL(ip) << 2) - sizeof(*ip); - for (i = 0, s = (char*)(ip + 1); ol > 0; ) - if (*s == IPOPT_EOL) { - optcpy[i++] = *s; - break; - } else if (*s == IPOPT_NOP) { - s++; - ol--; - } else - { - olen = (int)(*(u_char *)(s + 1)); - ol -= olen; - if (IPOPT_COPIED(*s)) - { - bcopy(s, optcpy + i, olen); - i += olen; - s += olen; - } - } - if (i) - { - /* - * pad out - */ - while ((i & 3) && (i & 3) != 3) - optcpy[i++] = IPOPT_NOP; - if ((i & 3) == 3) - optcpy[i++] = IPOPT_EOL; - } - - bcopy((char *)eh, (char *)ð, sizeof(eth)); - s = (char *)ip + hlen; - iplen = ntohs(ip->ip_len) - hlen; - ip->ip_off |= htons(IP_MF); - - while (1) - { - if ((sent + (mtu - hlen)) >= iplen) - { - ip->ip_off ^= htons(IP_MF); - ts = iplen - sent; - } - else - ts = (mtu - hlen); - ip->ip_off &= htons(0xe000); - ip->ip_off |= htons(sent >> 3); - ts += hlen; - ip->ip_len = htons(ts); - ip->ip_sum = 0; - ip->ip_sum = chksum((u_short *)ip, hlen); - bcopy((char *)ip, ipbuf + sizeof(*eh), hlen); - bcopy(s + sent, ipbuf + sizeof(*eh) + hlen, ts - hlen); - err = sendip(nfd, ipbuf, sizeof(*eh) + ts); - - bcopy((char *)ð, ipbuf, sizeof(eth)); - sent += (ts - hlen); - if (!(ntohs(ip->ip_off) & IP_MF)) - break; - else if (!(ip->ip_off & htons(0x1fff))) - { - hlen = i + sizeof(*ip); - IP_HL_A(ip, (sizeof(*ip) + i) >> 2); - bcopy(optcpy, (char *)(ip + 1), i); - } - } - } - - bcopy((char *)&ipsv, (char *)ip, sizeof(*ip)); - return err; -} - - -/* - * send a tcp packet. - */ -int send_tcp(nfd, mtu, ip, gwip) - int nfd, mtu; - ip_t *ip; - struct in_addr gwip; -{ - static tcp_seq iss = 2; - tcphdr_t *t, *t2; - int thlen, i, iplen, hlen; - u_32_t lbuf[20]; - ip_t *ip2; - - iplen = ip->ip_len; - hlen = IP_HL(ip) << 2; - t = (tcphdr_t *)((char *)ip + hlen); - ip2 = (struct ip *)lbuf; - t2 = (tcphdr_t *)((char *)ip2 + hlen); - thlen = TCP_OFF(t) << 2; - if (!thlen) - thlen = sizeof(tcphdr_t); - bzero((char *)ip2, sizeof(*ip2) + sizeof(*t2)); - ip->ip_p = IPPROTO_TCP; - ip2->ip_p = ip->ip_p; - ip2->ip_src = ip->ip_src; - ip2->ip_dst = ip->ip_dst; - bcopy((char *)ip + hlen, (char *)t2, thlen); - - if (!t2->th_win) - t2->th_win = htons(4096); - iss += 63; - - i = sizeof(struct tcpiphdr) / sizeof(long); - - if ((t2->th_flags == TH_SYN) && !ntohs(ip->ip_off) && - (lbuf[i] != htonl(0x020405b4))) { - lbuf[i] = htonl(0x020405b4); - bcopy((char *)ip + hlen + thlen, (char *)ip + hlen + thlen + 4, - iplen - thlen - hlen); - thlen += 4; - } - TCP_OFF_A(t2, thlen >> 2); - ip2->ip_len = htons(thlen); - ip->ip_len = hlen + thlen; - t2->th_sum = 0; - t2->th_sum = chksum((u_short *)ip2, thlen + sizeof(ip_t)); - - bcopy((char *)t2, (char *)ip + hlen, thlen); - return send_ip(nfd, mtu, ip, gwip, 1); -} - - -/* - * send a udp packet. - */ -int send_udp(nfd, mtu, ip, gwip) - int nfd, mtu; - ip_t *ip; - struct in_addr gwip; -{ - struct tcpiphdr *ti; - int thlen; - u_long lbuf[20]; - - ti = (struct tcpiphdr *)lbuf; - bzero((char *)ti, sizeof(*ti)); - thlen = sizeof(udphdr_t); - ti->ti_pr = ip->ip_p; - ti->ti_src = ip->ip_src; - ti->ti_dst = ip->ip_dst; - bcopy((char *)ip + (IP_HL(ip) << 2), - (char *)&ti->ti_sport, sizeof(udphdr_t)); - - ti->ti_len = htons(thlen); - ip->ip_len = (IP_HL(ip) << 2) + thlen; - ti->ti_sum = 0; - ti->ti_sum = chksum((u_short *)ti, thlen + sizeof(ip_t)); - - bcopy((char *)&ti->ti_sport, - (char *)ip + (IP_HL(ip) << 2), sizeof(udphdr_t)); - return send_ip(nfd, mtu, ip, gwip, 1); -} - - -/* - * send an icmp packet. - */ -int send_icmp(nfd, mtu, ip, gwip) - int nfd, mtu; - ip_t *ip; - struct in_addr gwip; -{ - struct icmp *ic; - - ic = (struct icmp *)((char *)ip + (IP_HL(ip) << 2)); - - ic->icmp_cksum = 0; - ic->icmp_cksum = chksum((u_short *)ic, sizeof(struct icmp)); - - return send_ip(nfd, mtu, ip, gwip, 1); -} - - -int send_packet(nfd, mtu, ip, gwip) - int nfd, mtu; - ip_t *ip; - struct in_addr gwip; -{ - switch (ip->ip_p) - { - case IPPROTO_TCP : - return send_tcp(nfd, mtu, ip, gwip); - case IPPROTO_UDP : - return send_udp(nfd, mtu, ip, gwip); - case IPPROTO_ICMP : - return send_icmp(nfd, mtu, ip, gwip); - default : - return send_ip(nfd, mtu, ip, gwip, 1); - } -} diff --git a/contrib/ipfilter/ipsend/ipresend.1 b/contrib/ipfilter/ipsend/ipresend.1 deleted file mode 100644 index 6761a183caea..000000000000 --- a/contrib/ipfilter/ipsend/ipresend.1 +++ /dev/null @@ -1,108 +0,0 @@ -.\" $FreeBSD$ -.\" -.TH IPRESEND 1 -.SH NAME -ipresend \- resend IP packets out to network -.SH SYNOPSIS -.B ipresend -[ -.B \-EHPRSTX -] [ -.B \-d - -] [ -.B \-g -<\fIgateway\fP> -] [ -.B \-m -<\fIMTU\fP> -] [ -.B \-r -<\fIfilename\fP> -] -.SH DESCRIPTION -.PP -\fBipresend\fP was designed to allow packets to be resent, once captured, -back out onto the network for use in testing. \fIipresend\fP supports a -number of different file formats as input, including saved snoop/tcpdump -binary data. -.SH OPTIONS -.TP -.BR \-d \0 -Set the interface name to be the name supplied. This is useful with the -\fB\-P, \-S, \-T\fP and \fB\-E\fP options, where it is not otherwise possible -to associate a packet with an interface. Normal "text packets" can override -this setting. -.TP -.BR \-g \0 -Specify the hostname of the gateway through which to route packets. This -is required whenever the destination host isn't directly attached to the -same network as the host from which you're sending. -.TP -.BR \-m \0 -Specify the MTU to be used when sending out packets. This option allows you -to set a fake MTU, allowing the simulation of network interfaces with small -MTU's without setting them so. -.TP -.BR \-r \0 -Specify the filename from which to take input. Default is stdin. -.TP -.B \-E -The input file is to be text output from etherfind. The text formats which -are currently supported are those which result from the following etherfind -option combinations: -.PP -.nf - etherfind -n - etherfind -n -t -.fi -.LP -.TP -.B \-H -The input file is to be hex digits, representing the binary makeup of the -packet. No length correction is made, if an incorrect length is put in -the IP header. -.TP -.B \-P -The input file specified by \fB\-i\fP is a binary file produced using libpcap -(i.e., tcpdump version 3). Packets are read from this file as being input -(for rule purposes). -.TP -.B \-R -When sending packets out, send them out "raw" (the way they came in). The -only real significance here is that it will expect the link layer (i.e. -ethernet) headers to be prepended to the IP packet being output. -.TP -.B \-S -The input file is to be in "snoop" format (see RFC 1761). Packets are read -from this file and used as input from any interface. This is perhaps the -most useful input type, currently. -.TP -.B \-T -The input file is to be text output from tcpdump. The text formats which -are currently supported are those which result from the following tcpdump -option combinations: -.PP -.nf - tcpdump -n - tcpdump -nq - tcpdump -nqt - tcpdump -nqtt - tcpdump -nqte -.fi -.LP -.TP -.B \-X -The input file is composed of text descriptions of IP packets. -.DT -.SH SEE ALSO -snoop(1m), tcpdump(8), etherfind(8c), ipftest(1), ipresend(1), iptest(1), bpf(4), dlpi(7p) -.SH DIAGNOSTICS -.PP -Needs to be run as root. -.SH BUGS -.PP -Not all of the input formats are sufficiently capable of introducing a -wide enough variety of packets for them to be all useful in testing. -If you find any, please send email to me at darrenr@pobox.com - diff --git a/contrib/ipfilter/ipsend/ipresend.c b/contrib/ipfilter/ipsend/ipresend.c deleted file mode 100644 index 7520a0e5bf55..000000000000 --- a/contrib/ipfilter/ipsend/ipresend.c +++ /dev/null @@ -1,151 +0,0 @@ -/* $FreeBSD$ */ - -/* - * ipresend.c (C) 1995-1998 Darren Reed - * - * See the IPFILTER.LICENCE file for details on licencing. - * - */ -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id$"; -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#endif -#include -#include -#include -#include -#include -#include "ipsend.h" - - -extern char *optarg; -extern int optind; -#ifndef NO_IPF -extern struct ipread pcap, iphex, iptext; -#endif - -int opts = 0; -#ifndef DEFAULT_DEVICE -# ifdef linux -char default_device[] = "eth0"; -# else -# ifdef sun -char default_device[] = "le0"; -# else -# ifdef ultrix -char default_device[] = "ln0"; -# else -# ifdef __bsdi__ -char default_device[] = "ef0"; -# else -# ifdef __sgi -char default_device[] = "ec0"; -# else -char default_device[] = "lan0"; -# endif -# endif -# endif -# endif -# endif -#else -char default_device[] = DEFAULT_DEVICE; -#endif - - -static void usage __P((char *)); -int main __P((int, char **)); - - -static void usage(prog) - char *prog; -{ - fprintf(stderr, "Usage: %s [options] <-r filename|-R filename>\n\ -\t\t-r filename\tsnoop data file to resend\n\ -\t\t-R filename\tlibpcap data file to resend\n\ -\toptions:\n\ -\t\t-d device\tSend out on this device\n\ -\t\t-g gateway\tIP gateway to use if non-local dest.\n\ -\t\t-m mtu\t\tfake MTU to use when sending out\n\ -", prog); - exit(1); -} - - -int main(argc, argv) - int argc; - char **argv; -{ - struct in_addr gwip; - struct ipread *ipr = NULL; - char *name = argv[0], *gateway = NULL, *dev = NULL; - char *resend = NULL; - int mtu = 1500, c; - - while ((c = getopt(argc, argv, "EHPRSTXd:g:m:r:")) != -1) - switch (c) - { - case 'd' : - dev = optarg; - break; - case 'g' : - gateway = optarg; - break; - case 'm' : - mtu = atoi(optarg); - if (mtu < 28) - { - fprintf(stderr, "mtu must be > 28\n"); - exit(1); - } - case 'r' : - resend = optarg; - break; - case 'R' : - opts |= OPT_RAW; - break; -#ifndef NO_IPF - case 'H' : - ipr = &iphex; - break; - case 'P' : - ipr = &pcap; - break; - case 'X' : - ipr = &iptext; - break; -#endif - default : - fprintf(stderr, "Unknown option \"%c\"\n", c); - usage(name); - } - - if (!ipr || !resend) - usage(name); - - gwip.s_addr = 0; - if (gateway && resolve(gateway, (char *)&gwip) == -1) - { - fprintf(stderr,"Cant resolve %s\n", gateway); - exit(2); - } - - if (!dev) - dev = default_device; - - printf("Device: %s\n", dev); - printf("Gateway: %s\n", inet_ntoa(gwip)); - printf("mtu: %d\n", mtu); - - return ip_resend(dev, mtu, ipr, gwip, resend); -} diff --git a/contrib/ipfilter/ipsend/ipsend.1 b/contrib/ipfilter/ipsend/ipsend.1 deleted file mode 100644 index 7f0a8e39538a..000000000000 --- a/contrib/ipfilter/ipsend/ipsend.1 +++ /dev/null @@ -1,111 +0,0 @@ -.\" $FreeBSD$ -.\" -.TH IPSEND 1 -.SH NAME -ipsend \- sends IP packets -.SH SYNOPSIS -.B ipsend -[ -.B \-dITUv -] [ -.B \-i - -] [ -.B \-f -<\fIoffset\fP> -] [ -.B \-g -<\fIgateway\fP> -] [ -.B \-m -<\fIMTU\fP> -] [ -.B \-o -<\fIoption\fP> -] [ -.B \-P - -] [ -.B \-s -<\fIsource\fP> -] [ -.B \-t -<\fIdest. port\fP> -] [ -.B \-w -<\fIwindow\fP> -] [TCP-flags] -.SH DESCRIPTION -.PP -\fBipsend\fP can be compiled in two ways. The first is used to send one-off -packets to a destination host, using command line options to specify various -attributes present in the headers. The \fIdestination\fP must be given as -the last command line option, except for when TCP flags are specified as -a combination of A, S, F, U, P and R, last. -.PP -The other way it may be compiled, with DOSOCKET defined, is to allow an -attempt at making a TCP connection using a with ipsend resending the SYN -packet as per the command line options. -.SH OPTIONS -.TP -.BR \-d -enable debugging mode. -.TP -.BR \-f \0 -The \fI-f\fP allows the IP offset field in the IP header to be set to an -arbitrary value, which can be specified in decimal or hexadecimal. -.TP -.BR \-g \0 -Specify the hostname of the gateway through which to route packets. This -is required whenever the destination host isn't directly attached to the -same network as the host from which you're sending. -.TP -.BR \-i \0 -Set the interface name to be the name supplied. -.TP -.TP -.BR \-m \0 -Specify the MTU to be used when sending out packets. This option allows you -to set a fake MTU, allowing the simulation of network interfaces with small -MTU's without setting them so. -.TP -.BR \-o \0