d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import IP filter 3.4.13

Browse Source
This commit is contained in:
darrenr 2000-10-29 07:50:11 +00:00
parent e04f9f34d2
commit ab46516b6b
8 changed files with 60 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
sys/contrib/ipfilter/netinet/fil.c
View File

@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.26 2000/10/24 11:58:17 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.27 2000/10/26 21:20:54 darrenr Exp $";
#endif
#include <sys/errno.h>
@ -274,32 +274,35 @@ fr_info_t *fin;
int minicmpsz = sizeof(struct icmp);
icmphdr_t *icmp;
if (fin->fin_dlen > 1)
if (!off && (fin->fin_dlen > 1)) {
fin->fin_data[0] = *(u_short *)tcp;
if ((!(plen >= hlen + minicmpsz) && !off) ||
(off && off < sizeof(struct icmp))) {
fi->fi_fl |= FI_SHORT;
if (fin->fin_dlen < 2)
break;
icmp = (icmphdr_t *)tcp;
if (icmp->icmp_type == ICMP_ECHOREPLY ||
icmp->icmp_type == ICMP_ECHO)
minicmpsz = ICMP_MINLEN;
/*
* type(1) + code(1) + cksum(2) + id(2) seq(2) +
* 3*timestamp(3*4)
*/
else if (icmp->icmp_type == ICMP_TSTAMP ||
icmp->icmp_type == ICMP_TSTAMPREPLY)
minicmpsz = 20;
/*
* type(1) + code(1) + cksum(2) + id(2) seq(2) +
* mask(4)
*/
else if (icmp->icmp_type == ICMP_MASKREQ ||
icmp->icmp_type == ICMP_MASKREPLY)
minicmpsz = 12;
}
icmp = (icmphdr_t *)tcp;
if (!off && (icmp->icmp_type == ICMP_ECHOREPLY ||
icmp->icmp_type == ICMP_ECHO))
minicmpsz = ICMP_MINLEN;
/* type(1) + code(1) + cksum(2) + id(2) seq(2) +
* 3*timestamp(3*4) */
else if (!off && (icmp->icmp_type == ICMP_TSTAMP ||
icmp->icmp_type == ICMP_TSTAMPREPLY))
minicmpsz = 20;
/* type(1) + code(1) + cksum(2) + id(2) seq(2) + mask(4) */
else if (!off && (icmp->icmp_type == ICMP_MASKREQ ||
icmp->icmp_type == ICMP_MASKREPLY))
minicmpsz = 12;
if ((!(plen >= hlen + minicmpsz) && !off) ||
(off && off < sizeof(struct icmp)))
fi->fi_fl |= FI_SHORT;
break;
}
@ -1398,7 +1401,7 @@ nodata:
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
* $Id: fil.c,v 2.35.2.26 2000/10/24 11:58:17 darrenr Exp $
* $Id: fil.c,v 2.35.2.27 2000/10/26 21:20:54 darrenr Exp $
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,

4
sys/contrib/ipfilter/netinet/ip_ftp_pxy.c
View File

@ -2,7 +2,7 @@
* Simple FTP transparent proxy for in-kernel use. For use with the NAT
* code.
*
* $Id: ip_ftp_pxy.c,v 2.7.2.17 2000/10/19 15:40:40 darrenr Exp $
* $Id: ip_ftp_pxy.c,v 2.7.2.18 2000/10/27 14:02:10 darrenr Exp $
*/
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
@ -252,6 +252,7 @@ int dlen;
tcp2->th_dport = 0; /* XXX - don't specify remote port */
fi.fin_data[0] = ntohs(sp);
fi.fin_data[1] = 0;
fi.fin_dlen = sizeof(*tcp2);
fi.fin_dp = (char *)tcp2;
swip = ip->ip_src;
ip->ip_src = nat->nat_inip;
@ -467,6 +468,7 @@ int dlen;
tcp2->th_sport = 0; /* XXX - fake it for nat_new */
tcp2->th_off = 5;
fi.fin_data[0] = a5 << 8 | a6;
fi.fin_dlen = sizeof(*tcp2);
tcp2->th_dport = htons(fi.fin_data[0]);
fi.fin_data[1] = 0;
fi.fin_dp = (char *)tcp2;

39
sys/contrib/ipfilter/netinet/ip_nat.c
View File

@ -9,7 +9,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.25 2000/10/25 10:38:47 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.26 2000/10/27 14:06:48 darrenr Exp $";
#endif
#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
@ -118,7 +118,6 @@ u_int ipf_nattable_sz = NAT_TABLE_SZ;
u_int ipf_natrules_sz = NAT_SIZE;
u_int ipf_rdrrules_sz = RDR_SIZE;
u_int ipf_hostmap_sz = HOSTMAP_SIZE;
int nat_wilds = 0;
u_32_t nat_masks = 0;
u_32_t rdr_masks = 0;
ipnat_t **nat_rules = NULL;
@ -144,7 +143,7 @@ static void nat_delnat __P((struct ipnat *));
static int fr_natgetent __P((caddr_t));
static int fr_natgetsz __P((caddr_t));
static int fr_natputent __P((caddr_t));
static void nat_tabmove __P((nat_t *, u_int));
static void nat_tabmove __P((nat_t *));
static int nat_match __P((fr_info_t *, ipnat_t *, ip_t *));
static hostmap_t *nat_hostmap __P((ipnat_t *, struct in_addr,
struct in_addr));
@ -1004,7 +1003,7 @@ struct nat *natd;
struct ipnat *ipn;
if (natd->nat_flags & FI_WILDP)
nat_wilds--;
nat_stats.ns_wilds--;
if (natd->nat_hnext[0])
natd->nat_hnext[0]->nat_phnext[0] = natd->nat_phnext[0];
*natd->nat_phnext[0] = natd->nat_hnext[0];
@ -1148,7 +1147,7 @@ int direction;
bzero((char *)nat, sizeof(*nat));
nat->nat_flags = flags;
if (flags & FI_WILDP)
nat_wilds++;
nat_stats.ns_wilds++;
/*
* Search the current table for a match.
*/
@ -1916,7 +1915,7 @@ u_32_t ports;
((nat->nat_outport == dport) || (nflags & FI_W_SPORT)))))
return nat;
}
if (!nat_wilds || !(flags & IPN_TCPUDP))
if (!nat_stats.ns_wilds || !(flags & IPN_TCPUDP))
return NULL;
RWLOCK_EXIT(&ipf_nat);
hv = NAT_HASH_FN(dst, 0, ipf_nattable_sz);
@ -1935,8 +1934,7 @@ u_32_t ports;
continue;
if (((nat->nat_oport == sport) || (nflags & FI_W_DPORT)) &&
((nat->nat_outport == dport) || (nflags & FI_W_SPORT))) {
hv = NAT_HASH_FN(dst, dport, ipf_nattable_sz);
nat_tabmove(nat, hv);
nat_tabmove(nat);
break;
}
}
@ -1945,11 +1943,11 @@ u_32_t ports;
}
static void nat_tabmove(nat, hv)
static void nat_tabmove(nat)
nat_t *nat;
u_int hv;
{
nat_t **natp;
u_int hv;
/*
* Remove the NAT entry from the old location
@ -1959,9 +1957,14 @@ u_int hv;
*nat->nat_phnext[0] = nat->nat_hnext[0];
if (nat->nat_hnext[1])
nat->nat_hnext[0]->nat_phnext[1] = nat->nat_phnext[1];
nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1];
*nat->nat_phnext[1] = nat->nat_hnext[1];
/*
* Add into the NAT table in the new position
*/
hv = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport,
ipf_nattable_sz);
natp = &nat_table[0][hv];
if (*natp)
(*natp)->nat_phnext[0] = &nat->nat_hnext[0];
@ -1969,9 +1972,8 @@ u_int hv;
nat->nat_hnext[0] = *natp;
*natp = nat;
/*
* Add into the NAT table in the new position
*/
hv = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport,
ipf_nattable_sz);
natp = &nat_table[1][hv];
if (*natp)
(*natp)->nat_phnext[1] = &nat->nat_hnext[1];
@ -2018,7 +2020,7 @@ u_32_t ports;
(nat->nat_oport == dport || nflags & FI_W_DPORT))))
return nat;
}
if (!nat_wilds || !(flags & IPN_TCPUDP))
if (!nat_stats.ns_wilds || !(flags & IPN_TCPUDP))
return NULL;
RWLOCK_EXIT(&ipf_nat);
hv = NAT_HASH_FN(srcip, 0, ipf_nattable_sz);
@ -2037,8 +2039,7 @@ u_32_t ports;
continue;
if (((nat->nat_inport == sport) || (nflags & FI_W_DPORT)) &&
((nat->nat_oport == dport) || (nflags & FI_W_SPORT))) {
hv = NAT_HASH_FN(srcip, sport, ipf_nattable_sz);
nat_tabmove(nat, hv);
nat_tabmove(nat);
break;
}
}
@ -2179,7 +2180,7 @@ fr_info_t *fin;
nat->nat_outport = sport;
nat->nat_flags &= ~(FI_W_DPORT|FI_W_SPORT);
nflags = nat->nat_flags;
nat_wilds--;
nat_stats.ns_wilds--;
}
} else {
RWLOCK_EXIT(&ipf_nat);
@ -2392,7 +2393,7 @@ fr_info_t *fin;
nat->nat_outport = dport;
nat->nat_flags &= ~(FI_W_SPORT|FI_W_DPORT);
nflags = nat->nat_flags;
nat_wilds--;
nat_stats.ns_wilds--;
}
} else {
RWLOCK_EXIT(&ipf_nat);

3
sys/contrib/ipfilter/netinet/ip_nat.h
View File

@ -6,7 +6,7 @@
* to the original author and the contributors.
*
* @(#)ip_nat.h 1.5 2/4/96
* $Id: ip_nat.h,v 2.17.2.9 2000/10/19 15:44:04 darrenr Exp $
* $Id: ip_nat.h,v 2.17.2.10 2000/10/27 14:06:51 darrenr Exp $
*/
#ifndef __IP_NAT_H__
@ -207,6 +207,7 @@ typedef struct natstat {
u_int ns_rultab_sz;
u_int ns_rdrtab_sz;
nat_t *ns_instances;
u_int ns_wilds;
} natstat_t;
#define IPN_ANY 0x000

3
sys/contrib/ipfilter/netinet/ip_raudio_pxy.c
View File

@ -1,5 +1,5 @@
/*
* $Id: ip_raudio_pxy.c,v 1.7.2.2 2000/09/03 00:23:12 darrenr Exp $
* $Id: ip_raudio_pxy.c,v 1.7.2.3 2000/10/27 22:54:04 darrenr Exp $
*/
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
@ -265,6 +265,7 @@ nat_t *nat;
tcp2->th_off = 5;
fi.fin_dp = (char *)tcp2;
fi.fin_fr = &raudiofr;
fi.fin_dlen = sizeof(*tcp2);
tcp2->th_win = htons(8192);
slen = ip->ip_len;
ip->ip_len = fin->fin_hlen + sizeof(*tcp);

3
sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c
View File

@ -1,5 +1,5 @@
/*
* $Id: ip_rcmd_pxy.c,v 1.4.2.2 2000/07/15 12:38:30 darrenr Exp $
* $Id: ip_rcmd_pxy.c,v 1.4.2.3 2000/10/27 22:54:04 darrenr Exp $
*/
/*
* Simple RCMD transparent proxy for in-kernel use. For use with the NAT
@ -146,6 +146,7 @@ nat_t *nat;
fi.fin_data[0] = ntohs(sp);
fi.fin_data[1] = 0;
fi.fin_dp = (char *)tcp2;
fi.fin_dlen = sizeof(*tcp2);
swip = ip->ip_src;
ip->ip_src = nat->nat_inip;
ipn = nat_new(nat->nat_ptr, ip, &fi, IPN_TCP|FI_W_DPORT,

3
sys/contrib/ipfilter/netinet/ip_state.c
View File

@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.22 2000/10/26 10:41:29 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.23 2000/10/27 14:06:08 darrenr Exp $";
#endif
#include <sys/errno.h>
@ -1188,6 +1188,7 @@ u_int hv;
* ...and put the hash in the new one.
*/
hvm = hv % fr_statesize;
is->is_hv = hvm;
isp = &ips_table[hvm];
if (*isp)
(*isp)->is_phnext = &is->is_hnext;

4
sys/contrib/ipfilter/netinet/ipl.h
View File

@ -6,12 +6,12 @@
* to the original author and the contributors.
*
* @(#)ipl.h 1.21 6/5/96
* $Id: ipl.h,v 2.15.2.13 2000/10/25 11:08:41 darrenr Exp $
* $Id: ipl.h,v 2.15.2.14 2000/10/27 22:54:41 darrenr Exp $
*/
#ifndef __IPL_H__
#define __IPL_H__
#define IPL_VERSION "IP Filter: v3.4.12"
#define IPL_VERSION "IP Filter: v3.4.13"
#endif