This commit is contained in:
markm 2013-09-07 07:58:29 +00:00
commit b41e1125b0
685 changed files with 73034 additions and 25091 deletions

View File

@ -31,6 +31,12 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 10.x IS SLOW:
disable the most expensive debugging functionality run
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
20130906:
The GNU Compiler Collection and C++ standard library (libstdc++)
are no longer built by default on platforms where clang is the system
compiler. You can enable them with the WITH_GCC and WITH_GNUCXX
options in src.conf.
20130905:
The PROCDESC kernel option is now part of the GENERIC kernel
configuration and is required for the rwhod(8) to work.

View File

@ -1,28 +0,0 @@
ipf
sparcv7
sparcv9
h
ipf-darren
bugs
ipftest
patches
state
cbits
CVS
old
new
netinet
import
bak
streams
cvs.diff
threads
glibc
hp
windows
ipnat
opt_inet6.h
ippool
ipmon
ip_rules.c
ip_rules.h

View File

@ -67,7 +67,7 @@ facility = "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" |
"audit" | "logalert" | "local0" | "local1" | "local2" |
"local3" | "local4" | "local5" | "local6" | "local7" .
priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" |
"info" | "debug" .
"info" | "debug" .
hexnumber = "0" "x" hexstring .
hexstring = hexdigit [ hexstring ] .

View File

@ -1,22 +0,0 @@
ipf
ipfs
ipfstat
ipftest
ipmon
ipnat
ipresend
ipsend
iptest
vnode_if.h
if_ipl
i386
amiga
FreeBSD*
BSDOS*
NetBSD*
OpenBSD*
*_lex_var.h
*_y.c
*_l.c
*_y.h
ip_rules.*

View File

@ -1,9 +1,8 @@
#
# Copyright (C) 1993-1998 by Darren Reed.
# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
TOP=../..
BINDEST=/usr/sbin
SBINDEST=/sbin
MANDIR=/usr/share/man
@ -17,13 +16,14 @@ CFLAGS=-g -I$(TOP)
#
DEVFS!=/usr/bin/lsvfs 2>&1 | sed -n 's/.*devfs.*/-DDEVFS/p'
CPU!=uname -m
INC=-I/usr/include -I/sys -I/sys/sys -I/sys/arch
COMPDIR!=/bin/ls -1tr /usr/src/sys/arch/${CPU}/compile | tail -1
INC=-I/usr/include -I/sys -I/sys/sys -I/sys/arch -I/usr/src/sys/arch/${CPU}/compile/${COMPDIR}
DEF=-D$(CPU) -D__$(CPU)__ -DINET -DKERNEL -D_KERNEL $(INC) $(DEVFS) -fno-builtin
IPDEF=$(DEF) -DGATEWAY -DDIRECTED_BROADCAST
VNODESHDIR=/sys/kern
MLD=$(ML)
ML=mln_ipl.c
LKM=if_ipl.o
LKM=ipflkm.o
LKMR=ipfrule.o
DLKM=
OBJ=.
@ -44,15 +44,15 @@ INSTALL=install
#
MODOBJS=ip_fil.o fil.o ml_ipl.o ip_nat.o ip_frag.o ip_state.o ip_proxy.o \
ip_auth.o ip_log.o ip_pool.o ip_htable.o ip_lookup.o ip_rules.o \
ip_scan.o ip_sync.o
ip_scan.o ip_sync.o ip_nat6.o ip_dstlist.o radix_ipf.o
# ip_trafcon.o
DFLAGS=$(IPFLKM) $(IPFLOG) $(LOOKUP) $(SYNC) $(DEF) $(DLKM) $(IPFBPF)
IPF=ipf.o ipfcomp.o ipf_y.o ipf_l.o bpf_filter_u.o
IPT=ipftest.o fil_u.o ip_frag_u.o ip_state_u.o ip_nat_u.o \
IPF=ipf.o ipfcomp.o ipf_y.o ipf_l.o
IPT=ipftest.o fil_u.o ip_frag_u.o ip_state_u.o ip_nat_u.o ip_nat6_u.o \
ip_proxy_u.o ip_auth_u.o ip_htable_u.o ip_lookup_u.o ip_pool_u.o \
ip_scan_u.o ip_sync_u.o ip_rules_u.o ip_fil_u.o ip_log_u.o \
ippool_y.o ippool_l.o ipf_y.o ipf_l.o ipnat_y.o ipnat_l.o \
md5_u.o radix_u.o bpf_filter_u.o
md5_u.o radix_ipf_u.o ip_dstlist_u.o
# ip_syn_u.o
#ip_trafcon_u.o
TOOL=$(TOP)/tools
@ -60,9 +60,9 @@ IPNAT=ipnat.o ipnat_y.o ipnat_l.o
IPMON=ipmon.o ipmon_y.o ipmon_l.o
IPPOOL=ippool_y.o ippool_l.o kmem.o ippool.o
IPTRAFCON=iptrafcon.o
PROXYLIST=$(TOP)/ip_ftp_pxy.c $(TOP)/ip_ipsec_pxy.c $(TOP)/ip_irc_pxy.c \
$(TOP)/ip_netbios_pxy.c $(TOP)/ip_raudio_pxy.c $(TOP)/ip_rcmd_pxy.c \
$(TOP)/ip_rpcb_pxy.c $(TOP)/ip_pptp_pxy.c
PROXYLIST=$(TOP)/ip_dns_pxy.c $(TOP)/ip_ftp_pxy.c $(TOP)/ip_ipsec_pxy.c \
$(TOP)/ip_irc_pxy.c $(TOP)/ip_netbios_pxy.c $(TOP)/ip_raudio_pxy.c \
$(TOP)/ip_rcmd_pxy.c $(TOP)/ip_rpcb_pxy.c $(TOP)/ip_pptp_pxy.c
FILS=ipfstat.o
LIBSRC=$(TOP)/lib
RANLIB=ranlib
@ -70,6 +70,11 @@ AROPTS=cq
HERE!=pwd
CCARGS=-I. $(DEBUG) $(CFLAGS) $(UFLAGS)
KCARGS=-I. $(DEBUG) $(CFLAGS)
.if ${MACHINE_ARCH} == amd64
KCARGS+=-mcmodel=kernel -mno-red-zone -fno-omit-frame-pointer \
-mfpmath=387 -mno-sse -mno-sse2 -mno-mmx -mno-3dnow \
-msoft-float -fno-asynchronous-unwind-tables
.endif
#
# Extra is option kernel things we always want in user space.
#
@ -77,9 +82,11 @@ EXTRA=$(ALLOPTS)
include $(TOP)/lib/Makefile
build all: machine $(OBJ)/libipf.a ipf ipfs ipfstat ipftest ipmon ipnat \
ippool ipscan ipsyncm ipsyncs $(LKM) $(LKMR)
-sh -c 'for i in ipf ipftest ipmon ippool ipnat ipscan ipsyncm ipsyncs; do /bin/rm -f $(TOP)/$$i; ln -s `pwd`/$$i $(TOP); done'
build all: machine $(OBJ)/libipf.a tools $(LKM) $(LKMR)
tools: ipf ipfs ipfstat ipftest ipmon ipnat ippool ipscan ipsyncm \
ipsyncs ipfsyncd
-sh -c 'for i in ipf ipftest ipmon ippool ipnat ipscan ipsyncm ipsyncs ipfsyncd; do /bin/rm -f $(TOP)/$$i; ln -s `pwd`/$$i $(TOP); done'
-/bin/rm -f ../tools ./tools
-ln -s ../tools .
-ln -s ../tools ..
@ -122,12 +129,18 @@ ipsyncm: ipsyncm.o $(OBJ)/libipf.a
ipsyncs: ipsyncs.o $(OBJ)/libipf.a
$(CC) $(CCARGS) ipsyncs.o -o $@ $(LIBS)
ipfsyncd: ipfsyncd.o $(OBJ)/libipf.a
$(CC) $(CCARGS) ipfsyncd.o -o $@ $(LIBS)
ipsyncm.o: $(TOOL)/ipsyncm.c $(TOP)/ip_sync.h
$(CC) $(CCARGS) -c $(TOOL)/ipsyncm.c -o $@
ipsyncs.o: $(TOOL)/ipsyncs.c $(TOP)/ip_sync.h
$(CC) $(CCARGS) -c $(TOOL)/ipsyncs.c -o $@
ipfsyncd.o: $(TOOL)/ipfsyncd.c $(TOP)/ip_sync.h
$(CC) $(CCARGS) -c $(TOOL)/ipfsyncd.c -o $@
tests:
(cd test; make )
@ -146,7 +159,7 @@ fil_u.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h \
fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ipl.h \
$(TOP)/ip_rules.h
$(CC) $(KCARGS) $(POLICY) $(DFLAGS) $(IPFBPF) $(COMPIPF) \
$(CC) $(KCARGS) $(POLICY) $(DFLAGS) $(IPFBPF) $(COMPIPF) $(COMPATIPF) \
-c $(TOP)/fil.c -o $@
ipf.o: $(TOOL)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/opts.h
@ -163,7 +176,7 @@ ipnat.o: $(TOOL)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h \
$(TOP)/opts.h
$(CC) $(CCARGS) -c $(TOOL)/ipnat.c -o $@
ipnat_y.o: ipnat_y.c ipnat_y.h ipnat_l.h
ipnat_y.o: ipnat_y.c ipnat_y.h ipnat_l.h $(TOP)/ip_fil.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c ipnat_y.c -o $@
ipnat_l.o: ipnat_l.c ipnat_y.h
@ -183,6 +196,9 @@ ipnat_l.h: $(TOOL)/lexer.h
ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_nat.c -o $@
ip_nat6_u.o: $(TOP)/ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_nat6.c -o $@
ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h $(PROXYLIST) $(TOP)/ip_nat.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_proxy.c -o $@
@ -222,8 +238,13 @@ ip_htable_u.o: $(TOP)/ip_htable.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_htable.c -o $@
ip_dstlist_u.o: $(TOP)/ip_dstlist.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_dstlist.c -o $@
ip_lookup_u.o: $(TOP)/ip_lookup.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_lookup.h $(TOP)/ip_pool.h $(TOP)/ip_htable.h
$(TOP)/ip_lookup.h $(TOP)/ip_pool.h $(TOP)/ip_htable.h \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_lookup.c -o $@
ip_trafcon_u.o: $(TOP)/ip_trafcon.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
@ -236,19 +257,28 @@ ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
md5_u.o: $(TOP)/md5.c $(TOP)/md5.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/md5.c -o $@
radix_u.o: $(TOP)/md5.c $(TOP)/radix_ipf.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/radix.c -o $@
radix_ipf_u.o: $(TOP)/md5.c $(TOP)/radix_ipf.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/radix_ipf.c -o $@
bpf_filter_u.o: $(TOP)/bpf_filter.c $(TOP)/pcap-ipf.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/bpf_filter.c -o $@
if_ipl.o: $(MODOBJS)
ipflkm.o: $(MODOBJS)
ld -r $(MODOBJS) -o $(LKM)
${RM} -f if_ipl
${RM} -f ipflkm
ipfrule.ko.5: ip_rulesx.o $(MLR)
.if ${MACHINE_ARCH} != amd64
ld -warn-common -r -d -o $(.TARGET:S/.ko/.kld/) ip_rulesx.o $(MLR)
ld -Bshareable -d -warn-common -o $(LKMR:S/.5$//) $(.TARGET:S/.ko/.kld/)
ld -Bshareable -d -warn-common -o $(LKMR:S/.5$//) $(.TARGET:S/.ko/.kld/)
.else
ld -warn-common -r -d -o $(.TARGET:S/.5$//) ip_rulesx.o $(MLR)
nm -g $(.TARGET:S/.5$//) | \
awk '/^[^[:space:]]+ [^AU] (.*)$$/ { print ($$2=="C" ? "-N" : "-L") $$3 }' | \
xargs -J% objcopy % $(.TARGET:S/.5$//)
.endif
ipfrule.ko: ip_rulesx.o $(MLR)
gensetdefs ip_rulesx.o $(MLR)
$(CC) $(KCARGS) -c setdef0.c
@ -256,10 +286,17 @@ ipfrule.ko: ip_rulesx.o $(MLR)
ld -Bshareable -o $@ setdef0.o ip_rulesx.o $(MLR) setdef1.o
ipf.ko.5 ipl.ko.5: $(MODOBJS)
.if ${MACHINE_ARCH} != amd64
ld -warn-common -r -d -o $(.TARGET:S/.ko/.kld/) $(MODOBJS)
ld -Bshareable -d -warn-common -o $(LKM:S/.5$//) $(.TARGET:S/.ko/.kld/)
.else
ld -warn-common -r -d -o $(.TARGET:S/.5$//) $(MODOBJS)
nm -g $(.TARGET:S/.5$//) | \
awk '/^[^[:space:]]+ [^AU] (.*)$$/ { print ($$2=="C" ? "-N" : "-L") $$3 }' | \
xargs -J% objcopy % $(.TARGET:S/.5$//)
.endif
ipf.ko ipl.ko: $(MODOBJS)
ipf.ko ipl.ko: $(MODOBJS)
gensetdefs $(MODOBJS)
$(CC) $(KCARGS) -c setdef0.c
$(CC) $(KCARGS) -c setdef1.c
@ -268,6 +305,9 @@ ipf.ko ipl.ko: $(MODOBJS)
ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@
ip_nat6.o: $(TOP)/ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_nat6.c -o $@
ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@
@ -290,6 +330,11 @@ ip_fil.c:
ip_fil.o: ip_fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ip_nat.h
$(CC) $(KCARGS) $(DFLAGS) $(COMPIPF) -c ip_fil.c -o $@
ip_fil_compat.o: $(TOP)/ip_fil_compat.c $(TOP)/ipl.h $(TOP)/ip_fil.h \
$(TOP)/ip_compat.h $(TOP)/ip_nat.h $(TOP)/ip_state.h
$(CC) $(KCARGS) $(DFLAGS) $(COMPIPF) $(COMPATIPF) \
-c $(TOP)/ip_fil_compat.c -o $@
ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_log.c -o $@
@ -307,16 +352,26 @@ ip_htable.o: $(TOP)/ip_htable.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_lookup.h $(TOP)/ip_htable.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_htable.c -o $@
ip_dstlist.o: $(TOP)/ip_dstlist.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_lookup.h $(TOP)/ip_dstlist.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_dstlist.c -o $@
ip_lookup.o: $(TOP)/ip_lookup.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_htable.h $(TOP)/ip_lookup.h
$(TOP)/ip_pool.h $(TOP)/ip_htable.h $(TOP)/ip_lookup.h \
$(TOP)/ip_dstlist.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_lookup.c -o $@
radix_ipf.o: $(TOP)/md5.c $(TOP)/radix_ipf.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/radix_ipf.c -o $@
ip_trafcon.o: $(TOP)/ip_trafcon.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_trafcon.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_trafcon.c -o $@
vnode_if.h: $(VNODESHDIR)/vnode_if.src
mkdir -p ../sys
mkdir -p ../rump/include/rump
mkdir -p ../rump/librump/rumpvfs
if [ -f $(VNODESHDIR)/vnode_if.sh ] ; then \
sh $(VNODESHDIR)/vnode_if.sh $(VNODESHDIR)/vnode_if.src; \
fi
@ -325,10 +380,11 @@ vnode_if.h: $(VNODESHDIR)/vnode_if.src
fi
if [ -f ../sys/vnode_if.h ] ; then mv ../sys/vnode_if.h .; fi
rmdir ../sys
rm -rf ../rump
ml_ipl.o: vnode_if.h $(TOP)/$(MLD) $(TOP)/ipl.h
-/bin/rm -f vnode_if.c
$(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/$(ML) -o $@
$(CC) -I. $(KCARGS) $(DFLAGS) -c $(TOP)/$(ML) -o $@
ip_rules.o: ip_rules.c $(TOP)/ip_rules.h
$(CC) -I. $(CFLAGS) $(DFLAGS) $(COMPIPF) -c ip_rules.c -o $@
@ -344,7 +400,7 @@ $(TOP)/ip_rules.h: ip_rules.c
fi
ip_rulesx.o: ip_rules.c $(TOP)/ip_rules.h
$(CC) -I. $(CFLAGS) $(DFLAGS) -DIPFILTER_COMPILED -c ip_rules.c -o $@
$(CC) -I. $(KCARGS) $(DFLAGS) -DIPFILTER_COMPILED -c ip_rules.c -o $@
mlf_rule.o: $(TOP)/mlf_rule.c $(TOP)/ip_rules.h
$(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/mlf_rule.c -o $@
@ -356,7 +412,7 @@ mlo_rule.o: $(TOP)/mlo_rule.c $(TOP)/ip_rules.h
$(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/mlo_rule.c -o $@
mlfk_rule.o: $(TOP)/mlfk_rule.c $(TOP)/ip_rules.h
$(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/mlfk_rule.c -o $@
$(CC) -I. $(KCARGS) $(DFLAGS) -c $(TOP)/mlfk_rule.c -o $@
ipf_y.o: ipf_y.c ipf_y.h $(TOP)/ipf.h ipf_l.h $(TOP)/opts.h
$(CC) $(CCARGS) $(IPFBPF) -c ipf_y.c -o $@
@ -427,10 +483,11 @@ ippool_y.o: ippool_y.c ippool_y.h $(TOP)/ip_pool.h ippool_l.h
ippool_l.o: ippool_l.c ippool_y.h $(TOP)/ip_pool.h
$(CC) $(CCARGS) -I. -c ippool_l.c -o $@
ippool_y.c: $(TOOL)/ippool_y.y $(TOP)/ip_pool.h ippool_l.h
ippool_y.c: $(TOOL)/ippool_y.y $(TOP)/ip_pool.h ippool_l.h ippool_y.h
(cd $(TOOL); make "DEST=$(HERE)" $(HERE)/$@)
ippool_y.h: ippool_y.c
ippool_y.h: $(TOOL)/ippool_y.y
(cd $(TOOL); make "DEST=$(HERE)" $(HERE)/$@)
ippool_l.c: $(TOOL)/lexer.c $(TOP)/ip_pool.h
(cd $(TOOL); make "DEST=$(HERE)" $(HERE)/$@)
@ -449,10 +506,10 @@ iptrafcon: $(IPTRAFCON) $(OBJ)/libipf.a
.l.c:
clean:
${RM} -f ../ipf ../ipnat ../ipmon ../ippool ../ipftest
${RM} -f ../ipf ../ipnat ../ipmon ../ippool ../ipftest
${RM} -f ../ipscan ../ipsyncm ../ipsyncs
${RM} -f *.core *.o *.a ipt ipfstat ipf ipfstat ipftest ipmon
${RM} -f if_ipl ipnat ipfrule.ko* ipf.kld* ipfrule.kld*
${RM} -f ipflkm ipnat ipfrule.ko* ipf.kld* ipfrule.kld*
${RM} -f vnode_if.h $(LKM) ioconf.h *.ko setdef1.c setdef0.c setdefs.h
${RM} -f ip_fil.c ipf_l.c ipf_y.c ipf_y.h ipf_l.h
${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c ipscan_l.h
@ -481,8 +538,8 @@ install:
/bin/cp $(TOP)/$$i /usr/include/netinet/; \
$(CHMOD) 444 /usr/include/netinet/$$i; \
done
-if [ -d /lkm -a -f if_ipl.o ] ; then \
cp if_ipl.o /lkm; \
-if [ -d /lkm -a -f ipflkm.o ] ; then \
cp ipflkm.o /lkm; \
fi
-if [ -d /modules -a -f ipf.ko ] ; then \
if [ -f /modules/ipl.ko ] ; then \
@ -494,6 +551,7 @@ install:
-if [ -d /modules -a -f ipfrule.ko ] ; then \
cp ipfrule.ko /modules; \
fi
.if ${MACHINE_ARCH} != amd64
-if [ -d /boot/kernel -a -f ipf.ko ] ; then \
if [ -f /boot/kernel/ipl.ko ] ; then \
cp ipf.ko /boot/kernel/ipl.ko; \
@ -504,8 +562,29 @@ install:
-if [ -d /boot/kernel -a -f ipfrule.ko ] ; then \
cp ipfrule.ko /boot/kernel; \
fi
-if [ -d /usr/lkm -a -f if_ipl.o ] ; then \
cp if_ipl.o /usr/lkm; \
.else
-if [ -d /boot/kernel -a -f ipf.ko ] ; then \
if [ -f /boot/kernel/ipl.ko ] ; then \
objcopy --only-keep-debug ipf.ko
/boot/kernel/ipl.ko.symbols; \
objcopy --strip-debug \
--add-gnu-debuglink=ipl.ko.symbols \
ipf.ko /boot/kernel/ipl.ko; \
else \
objcopy --only-keep-debug ipf.ko \
/boot/kernel/ipf.ko.symbols; \
objcopy --strip-debug \
--add-gnu-debuglink=ipl.ko.symbols \
ipf.ko /boot/kernel/ipf.ko; \
fi \
fi
-if [ -d /boot/kernel -a -f ipfrule.ko ] ; then \
objcopy --only-keep-debug ipfrule.ko /boot/kernel/ipfrule.ko.symbols; \
objcopy --strip-debug --add-gnu-debuglink=ipfrule.ko.symbols ipfrule.ko /boot/kernel/ipfrule.ko; \
fi
.endif
-if [ -d /usr/lkm -a -f ipflkm.o ] ; then \
cp ipflkm.o /usr/lkm; \
fi
-$(INSTALL) -cs -g wheel -m 755 -o root ipscan $(SBINDEST)
(cd $(TOP)/man; make INSTALL=$(INSTALL) MANDIR=$(MANDIR) install; cd $(TOP))
@ -533,8 +612,8 @@ install:
(cd $(TOP)/man; make INSTALL=$(INSTALL) MANDIR=$(MANDIR) install; cd $(TOP))
coverage:
ksh -c 'for i in *.da; do j=$${i%%.da}.c; gcov $$j 2>&1 | egrep -v "y.tab.c|Could|Creating|_l\.c|\.h"; done' | sort -k 1n -k 3n > report
sort -k 1n -k 3n report | perl -e 'while(<>) { next if (/^0.00/); s/\%//g; @F=split;$$lc+=$$F[2];$$t += ($$F[0]/100)*$$F[2];} printf "%d of %d = %d%%\n", $$t, $$lc,($$t/$$lc)*100;' >> report
ksh -c 'for i in *.da; do j=$${i%%.da}.c; gcov $$j 2>&1 | egrep -v "y.tab.c|Could|Creating|_l\.c|\.h"; done' | sort -n > report
sort -n report | perl -e 'while(<>) { next if (/^0.00/); s/\%//g; @F=split;$$lc+=$$F[2];$$t += $$F[0]/100*$$F[2];} printf "%d of %d = %d%%\n", $$t, $$lc,$$t/$$lc*100;' >> report
clean-coverage:
/bin/rm -f *.gcov *.da

View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.ipsend,v 2.8 2002/05/22 16:15:36 darrenr Exp $
# $Id$
#
BINDEST=/usr/sbin
@ -23,7 +23,8 @@ MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
"CPUDIR=$(CPUDIR)" "LOOKUP=$(LOOKUP)"
#
all build bsd-bpf : ipsend ipresend iptest
build:
all bsd-bpf : ipsend ipresend iptest
iplang_y.o: $(TOP)/iplang/iplang_y.y
(cd $(TOP)/iplang; $(MAKE) ../BSD/$(CPUDIR)/$@ $(MFLAGS) 'DESTDIR=../BSD/$(CPUDIR)' )
@ -103,6 +104,6 @@ dlcommon.o: $(TOP)/ipsend/dlcommon.c
sdlpi.o: $(TOP)/ipsend/sdlpi.c
$(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sdlpi.c -o $@
install:
install:
-$(INSTALL) -cs -g wheel -m 755 -o root ipsend ipresend iptest $(BINDEST)

View File

@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (C) 2006 by Darren Reed.
# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#

View File

@ -2,7 +2,7 @@
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
argv0=`basename $0`
os=`uname -s`
rev=`uname -r`
maj=`expr $rev : '\([0-9]*\)\.'`
@ -23,6 +23,7 @@ fi
if [ -d /sys/dist/ipf ] ; then
ipfdir=/sys/dist/ipf/netinet
fi
mkdir -m 755 -p $ipfdir/../net
confdir="$archdir/conf"
if [ -f /dev/ipnat ] ; then
major=`ls -l /dev/ipnat | sed -e 's/.* \([0-9]*\),.*/\1/'`
@ -30,7 +31,7 @@ if [ -f /dev/ipnat ] ; then
else
major=x
fi
if [ ! -f ip_rules.c -o ! -f ip_rules.h ] ; then
echo "Trying to build ip_rules.c and ip_rules.h"
make ip_rules.c
@ -43,8 +44,9 @@ if [ ! -f ip_rules.c -o ! -f ip_rules.h ] ; then
fi
fi
echo -n "Installing "
for j in auth frag nat proxy scan state sync pool htable lookup rules; do
echo -n "Installing into $ipfdir"
for j in auth frag nat proxy scan state sync pool dstlist htable lookup rules \
dstlist; do
for i in ip_$j.[ch]; do
if [ -f "$i" ] ; then
echo -n " $i"
@ -53,6 +55,12 @@ for j in auth frag nat proxy scan state sync pool htable lookup rules; do
fi
done
done
echo -n " net/radix_ipf.h"
cp radix_ipf.h $ipfdir
chmod 644 $ipfdir/radix_ipf.h
echo -n " radix_ipf.c -> $ipfdir/radix_ipf.c"
cp radix_ipf.c $ipfdir/radix_ipf.c
chmod 644 $ipfdir/radix_ipf.c
case $os in
SunOS)
@ -88,14 +96,16 @@ if [ -f $ipfdir/ip_fil.c ] ; then
chmod 644 $ipfdir/ip_fil.c
fi
for i in ip_fil.h fil.c ip_log.c ip_compat.h ipl.h ip_*_pxy.c; do
for i in ip_nat6.c ip_fil.h fil.c ip_log.c ip_compat.h ipl.h ip_*_pxy.c \
ip_fil_compat.c ipf_rb.h; do
echo -n " $i"
cp $i $ipfdir
chmod 644 $ipfdir/$i
done
echo ""
echo -n "Installing into /usr/include/netinet"
for j in auth compat fil frag nat proxy scan state sync pool htable lookup; do
for j in auth compat fil frag nat proxy scan state sync pool htable dstlist \
lookup; do
i=ip_$j.h
if [ -f "$i" ] ; then
echo -n " $i"
@ -103,7 +113,7 @@ for j in auth compat fil frag nat proxy scan state sync pool htable lookup; do
chmod 644 /usr/include/netinet/$i
fi
done
for j in ipl.h; do
for j in ipl.h ipf_rb.h; do
if [ -f "$j" ] ; then
echo -n " $j"
cp $j /usr/include/netinet/$j
@ -157,15 +167,19 @@ if [ $os = FreeBSD -a -f /sys/conf/files ] ; then
mv files files.preipf4
cp -p files.preipf4 files
fi
for i in htable pool lookup; do
for i in dstlist htable pool lookup; do
grep ip_$i.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "contrib/ipfilter/netinet/ip_$i.c optional ipfilter inet ipfilter_lookup" >> files
fi
done
grep ip_fil_compat.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo 'contrib/ipfilter/netinet/ip_fil_compat.c optional ipfilter inet ipfilter_compat' >> files
fi
grep ip_sync.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo 'contrib/ipfilter/netinet/ip_sync.c optional ipfilter inet ipfilter_sync' >> files
echo 'contrib/ipfilter/netinet/ip_sync.c optional ipfilter inet' >> files
fi
grep ip_scan.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
@ -177,13 +191,19 @@ if [ $os = FreeBSD -a -f /sys/conf/files ] ; then
fi
fi
if [ $os = NetBSD -a -f /sys/conf/files ] ; then
if [ -f /sys/netinet/files.ipfilter ] ; then
if ! grep -q ip_fil_compat.c /sys/netinet/files.ipfilter; then
echo 'file dist/ipf/netinet/ip_fil_compat.c ipfilter & ipfilter_compat' >> /sys/netinet/files.ipfilter
echo 'defflag opt_ipfilter.h IPFILTER_COMPAT' >> /sys/netinet/files.ipfilter
fi
fi
cd /sys/conf
if [ ! -f files.preipf4 ] ; then
mv files files.preipf4
cp -p files.preipf4 files
fi
if [ $fullrev -ge 010600 -a $fullrev -lt 020000 ] ; then
for i in htable pool lookup; do
for i in dstlist htable pool lookup; do
grep ip_$i.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "file netinet/ip_$i.c ipfilter & ipfilter_lookup" >> files
@ -191,7 +211,7 @@ if [ $os = NetBSD -a -f /sys/conf/files ] ; then
done
grep ip_sync.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo 'file netinet/ip_sync.c ipfilter & ipfilter_sync' >> files
echo 'file netinet/ip_sync.c ipfilter' >> files
fi
grep ip_scan.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
@ -210,15 +230,18 @@ if [ $os = OpenBSD -a -f /sys/conf/files ] ; then
cp -p files.preipf4 files
fi
if [ $fullrev -ge 030400 ] ; then
for i in htable pool lookup; do
for i in dstlist htable pool lookup; do
grep ip_$i.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "file netinet/ip_$i.c ipfilter & ipfilter_lookup" >> files
fi
done
grep ip_sync.c files >/dev/null 2>&1
grep ip_fil_compat.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo 'file netinet/ip_sync.c ipfilter & ipfilter_sync' >> files
echo 'file netinet/ip_fil_compat.c ipfilter & ipfilter_compat' >> files
fi
if [ $? -ne 0 ] ; then
echo 'file netinet/ip_sync.c ipfilter' >> files
fi
grep ip_scan.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
@ -241,7 +264,7 @@ cat | (cd /usr/src/sys/modules/ipfilter; patch) <<__EOF__
KMOD= ipl
SRCS= mlfk_ipl.c ip_nat.c ip_frag.c ip_state.c ip_proxy.c ip_auth.c \\
! ip_log.c ip_fil.c fil.c
.if !defined(NOINET6)
CFLAGS+= -DUSE_INET6
.endif
@ -249,10 +272,10 @@ cat | (cd /usr/src/sys/modules/ipfilter; patch) <<__EOF__
! CFLAGS+= -DIPFILTER=1 -DIPFILTER_LKM -DIPFILTER_LOG -DPFIL_HOOKS
--- 5,15 ----
KMOD= ipl
SRCS= mlfk_ipl.c ip_nat.c ip_frag.c ip_state.c ip_proxy.c ip_auth.c \\
! ip_log.c ip_fil.c fil.c ip_lookup.c ip_pool.c ip_htable.c \\
! ip_sync.c ip_scan.c ip_rules.c
SRCS= mlfk_ipl.c ip_nat.c ip_nat6.c ip_frag.c ip_state.c ip_proxy.c ip_auth.c \\
! ip_log.c ip_fil.c fil.c ip_lookup.c ip_pool.c ip_dstlist.c ip_htable.c \\
! ip_sync.c ip_scan.c ip_rules.c ip_fil_compat.c
.if !defined(NOINET6)
CFLAGS+= -DUSE_INET6
.endif
@ -261,4 +284,29 @@ cat | (cd /usr/src/sys/modules/ipfilter; patch) <<__EOF__
! -DIPFILTER_LOOKUP -DIPFILTER_COMPILED
__EOF__
fi
CONF=/sys/netinet/files.ipfilter
if [ -f $CONF -a $os = NetBSD ] ; then
for i in ip_nat6.c ip_dstlist.c radix_ipf.c; do
echo "Checking for $i in $CONF"
grep $i $CONF >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "Adding $i to $CONF"
sed -n -e /ip_nat.c/s/ip_nat.c/$i/p $CONF >> $CONF
fi
done
fi
CONF=/sys/conf/files
if [ -f $CONF -a $os = FreeBSD ] ; then
for i in ip_nat6.c ip_dstlist.c radix_ipf.c; do
echo "Checking for $i in $CONF"
grep $i $CONF >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "Adding $i to $CONF"
sed -n -e /ip_nat.c/,/NORMAL/p $CONF | \
sed -e s/ip_nat.c/$i/p >> $CONF
fi
done
fi
exit 0

46
contrib/ipfilter/BSD/upgrade Executable file
View File

@ -0,0 +1,46 @@
#!/bin/sh
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
argv0=`basename $0`
case `pwd` in
*BSD)
;;
*)
cd BSD
;;
esac
os=`uname -s`
rev=`uname -r`
maj=`expr $rev : '\([0-9]*\)\.'`
min=`expr $rev : '[0-9]*\.\([0-9]*\)'`
sub=`expr $rev : '[0-9]*\.[0-9]*\.\([0-9]*\)'`
plat=`uname -p`
objdir=${os}-${rev}-${plat}
# try to bomb out fast if anything fails....
set -e
for i in ipf ipfstat ipmon ipnat ippool; do
if [ ! -f /sbin/${i}.dist -a -f /sbin/${i} ] ; then
mv /sbin/${i} /sbin/${i}.dist
cp -p /sbin/${i}.dist /sbin/${i}
cp ${objdir}/${i} /sbin/
fi
if [ ! -f /usr/sbin/${i}.dist -a -f /usr/sbin/${i} ] ; then
mv /usr/sbin/${i} /usr/sbin/${i}.dist
cp -p /usr/sbin/${i}.dist /usr/sbin/${i}
cp ${objdir}/${i} /usr/sbin/
fi
done
if [ -f /boot/kernel/ipl.ko ] ; then
if [ ! -f /boot/kernel/ipl.ko.dist ] ; then
mv /boot/kernel/ipl.ko /boot/kernel/ipl.ko.dist
cp -p /boot/kernel/ipl.ko.dist /boot/kernel/ipl.ko
fi
if [ ! -f /boot/kernel/ipl.ko.symbols.dist ] ; then
mv /boot/kernel/ipl.ko.symbols /boot/kernel/ipl.ko.symbols.dist
fi
cp ${objdir}/ipf.ko /boot/kernel/ipl.ko
fi
exit 0

View File

@ -1,4 +1,4 @@
These are Instructions for Configuring A FreeBSD Box For NAT
These are Instructions for Configuring A FreeBSD Box For NAT
After you have installed IP-Filter.
You will need to change three files:
@ -54,7 +54,7 @@ fpx0 is the interface with the real internet address.
/32 is the subnet mask 255.255.255.255, ie only use this ip address.
portmap tcp/udp 10000:65000
portmap tcp/udp 10000:65000
tells it to use the ports to redirect the tcp/udp calls through
@ -67,7 +67,7 @@ reboots.
In your /etc/rc.local put the line:
ipnat -f /etc/natrules
ipnat -f /etc/natrules
To check and see if it is loaded, as root type
ipnat -ls

View File

@ -4,7 +4,7 @@
*** 11,31 ****
--- 11,41 ----
*/
static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.1 1999/08/04 17:30:30 darrenr Exp $";
static char RcsId[] = "$Header$";
+ /*
+ * Patches for IP Filter NAT extensions written by Darren Reed, 7/7/96

View File

@ -124,7 +124,7 @@ diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris
***************
*** 11,30 ****
#
# RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.2 2001/02/28 09:36:06 darrenr Exp $"
# RcsId: "$Header$"
# Your C compiler (eg, "cc" or "gcc")
@ -145,7 +145,7 @@ diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris
-Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
--- 11,34 ----
#
# RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.2 2001/02/28 09:36:06 darrenr Exp $"
# RcsId: "$Header$"
+ #
+ # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c)

View File

@ -17,8 +17,8 @@ foreach i (ip_{auth,fil,frag,nat,pool,proxy,scan,state,sync}.[ch] fil.c \
case *.h:
/bin/cp $i /usr/include/netinet/$i
chmod 644 /usr/include/netinet/$i
breaksw
endsw
breaksw
endsw
end
echo ""
echo "Copying /usr/include/osreldate.h to /sys/sys"

View File

@ -10,7 +10,7 @@ To build a kernel with the IP filter, follow these seven steps:
4. build a new kernel
5. install the new kernel
6. If not using DEVFS, create devices for IP Filter as follows:
mknod /dev/ipl c 79 0
mknod /dev/ipnat c 79 1
@ -18,7 +18,7 @@ To build a kernel with the IP filter, follow these seven steps:
mknod /dev/ipauth c 79 3
mknod /dev/ipsync c 79 4
mknod /dev/ipscan c 79 5
7. reboot

View File

@ -18,8 +18,8 @@ foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \
case *.h:
/bin/cp $i /usr/include/netinet/$i
chmod 644 /usr/include/netinet/$i
breaksw
endsw
breaksw
endsw
end
echo ""
echo "Linking /usr/include/osreldate.h to /sys/sys/osreldate.h"

View File

@ -20,8 +20,8 @@ foreach i (ip_{auth,fil,nat,pool,proxy,scan,state,sync}.[ch] fil.c \
case *.h:
/bin/cp $i /usr/include/netinet/$i
chmod 644 /usr/include/netinet/$i
breaksw
endsw
breaksw
endsw
end
echo ""
echo "Linking /usr/include/osreldate.h to /sys/sys/osreldate.h"

View File

@ -17,8 +17,8 @@ foreach i (ip_{auth,fil,frag,nat,pool,proxy,scan,state,sync}.[ch] fil.c \
case *.h:
/bin/cp $i /usr/include/netinet/$i
chmod 644 /usr/include/netinet/$i
breaksw
endsw
breaksw
endsw
end
echo ""
grep iplopen $archdir/$karch/conf.c >& /dev/null

File diff suppressed because it is too large Load Diff

View File

@ -1,8 +1,11 @@
This file is for use with FreeBSD 4.x and 5.x only.
Thi file is for use with FreeBSD 4.x and 5.x only.
To build a kernel for use with the loadable kernel module, follow these
steps:
0. Run "config GENERIC" or similar in /sys/i386/conf or the
appropriate directory for your kernel.
1. For FreeBSD version:
4.* do make freebsd4
5.* do make freebsd5
@ -16,10 +19,12 @@ steps:
5. install and reboot with the new kernel
6. use modload(8) to load the packet filter with:
6. use modload(8)/kldload(8) to load the packet filter with:
modload if_ipl.o
kldload ipf.ko
7. do "modstat" to confirm that it has been loaded successfully.
7. do "modstat" or "kldstat" to confirm that it has been loaded
successfully.
There is no need to use mknod to create the device in /dev;
- upon loading the module, it will create itself with the correct values,

View File

@ -1,5 +1,5 @@
#
# Copyright (C) 1993-2001 by Darren Reed.
# Copyright (C) 2012 by Darren Reed.
#
# Redistribution and use in source and binary forms are permitted
# provided that this notice is preserved and due credit is given
@ -13,8 +13,7 @@ BINDEST=/usr/local/bin
SBINDEST=/sbin
MANDIR=/usr/local/man
#To test prototyping
#CC=gcc -Wstrict-prototypes -Wmissing-prototypes
# -Wunused -Wuninitialized
CC=gcc -Wstrict-prototypes -Wmissing-prototypes -Wunused -Wuninitialized
#CC=gcc
#CC=cc -Dconst=
DEBUG=-g
@ -36,14 +35,14 @@ IPFLOG=-DIPFILTER_LOG
#
#COMPIPF=-DIPFILTER_COMPILED
#
# To enable IPFilter compatibility with older CLI utilities
#
#COMPATIPF=-DIPFILTER_COMPAT
#
# To enable synchronisation between IPFilter hosts
#
#SYNC=-DIPFILTER_SYNC
#
# To enable extended IPFilter functionality
#
LOOKUP=-DIPFILTER_LOOKUP -DIPFILTER_SCAN
#
# The facility you wish to log messages from ipmon to syslogd with.
#
LOGFAC=-DLOGFAC=LOG_SECURITY
@ -65,22 +64,27 @@ LOGFAC=-DLOGFAC=LOG_SECURITY
# By default IPFilter looks for /usr/src/linux, but you may have to change
# it to /usr/src/linux-2.4 or similar.
#
LINUXKERNEL=/usr/src/linux
LINUXKERNEL=/usr/src/kernels/2.6.29.5-191.fc11.i586
LINUX=`uname -r | awk -F. ' { printf"%d",$$1;for(i=1;i<NF&&i<3;i++){printf("%02d",$$(i+1));}}'`
#
#
#
#BUILDROOT=/usr/src/redhat/BUILD/ipfilter
BUILDROOT=${HOME}/rpmbuild/BUILDROOT/ipfilter-4.1.32-1.i386
#
# All of the compile-time options are here, used for compiling the userland
# tools for regression testing. Well, all except for IPFILTER_LKM, of course.
#
ALLOPTS=-DIPFILTER_LOG -DIPFILTER_LOOKUP \
-DIPFILTER_SCAN -DIPFILTER_SYNC -DIPFILTER_CKSUM
-DIPFILTER_SYNC -DIPFILTER_CKSUM
#
# Uncomment the next 3 lines if you want to view the state table a la top(1)
# (requires that you have installed ncurses).
#STATETOP_CFLAGS=-DSTATETOP
#
# Where to find the ncurses include files (if not in default path),
# Where to find the ncurses include files (if not in default path),
#
#STATETOP_INC=
#STATETOP_INC=-I/usr/local/include
@ -93,7 +97,7 @@ ALLOPTS=-DIPFILTER_LOG -DIPFILTER_LOOKUP \
#
# Uncomment this when building IPv6 capability.
#
#INET6=-DUSE_INET6
INET6=-DUSE_INET6
#
# For packets which don't match any pass rules or any block rules, set either
# FR_PASS or FR_BLOCK (respectively). It defaults to FR_PASS if left
@ -110,6 +114,7 @@ MFLAGS1='CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2) $(SGIREV) $(INET6)' \
'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' "BPFILTER=$(BPFILTER)" \
'STATETOP_INC=$(STATETOP_INC)' 'STATETOP_LIB=$(STATETOP_LIB)' \
"BITS=$(BITS)" "OBJ=$(OBJ)" "LOOKUP=$(LOOKUP)" "COMPIPF=$(COMPIPF)" \
"COMPATIPF=$(COMPATIPF)" \
'SYNC=$(SYNC)' 'ALLOPTS=$(ALLOPTS)' 'LIBBPF=$(LIBBPF)'
MFLAGS=$(MFLAGS1) "IPFLKM=$(IPFLKM)"
MACHASSERT=`/bin/ls -1 /usr/sys/*/mach_assert.h | head -1`
@ -156,10 +161,6 @@ include:
touch netinet/done; \
fi
-(cd netinet; ln -s ../ip_rules.h ip_rules.h)
if [ ! -f net/done ] ; then \
(cd net; ln -s ../radix_ipf.h .; ); \
touch net/done; \
fi
sunos solaris: include
MAKE="$(MAKE)" MAKEFLAGS="$(MAKEFLAGS)" BPFILTER=$(BPFILTER) \
@ -189,7 +190,7 @@ freebsd22: include
fi
make freebsd20
freebsd5 freebsd6 freebsd7: include
freebsd5 freebsd6 freebsd7 freebsd8: include
if [ x$(INET6) = x ] ; then \
echo "#undef INET6" > opt_inet6.h; \
else \
@ -212,7 +213,7 @@ freebsd5 freebsd6 freebsd7: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko.5" "LKMR=ipfrule.ko.5" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
freebsd4 : include
if [ x$(INET6) = x ] ; then \
@ -241,7 +242,7 @@ netbsd: include
exit 1; \
fi
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" LKMR= "MLR=mln_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
openbsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
@ -294,7 +295,7 @@ setup:
clean: clean-include
/bin/rm -rf h y.output
${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl \
${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl ipflkm \
vnode_if.h $(LKM) *~
/bin/rm -rf sparcv7 sparcv9 mdbgen_build
(cd SunOS4; $(MAKE) TOP=.. clean)
@ -352,7 +353,7 @@ sunos4 solaris1:
(cd SunOS4; make -f Makefile.ipsend build "CC=$(CC)" TOP=.. $(DEST) $(MFLAGS); cd ..)
sunos5 solaris2: null
(cd SunOS5/$(CPUDIR); $(MAKE) build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)"; cd ..)
(cd SunOS5/$(CPUDIR); $(MAKE) build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" INSTANCE=$(INSTANCE); cd ..)
(cd SunOS5/$(CPUDIR); $(MAKE) -f Makefile.ipsend build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
linux: include
@ -361,7 +362,7 @@ linux: include
# (cd Linux; make -f Makefile.ipsend build LINUX=$(LINUX) TOP=.. "CC=$(CC)" $(MFLAGS); cd ..)
install-linux: linux
(cd Linux/; make LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) install ; cd ..)
(cd Linux/; make LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) ROOTDIR=$(BUILDROOT) install ; cd ..)
install-bsd:
(cd BSD/$(CPUDIR); make install "TOP=../.." $(MFLAGS); cd ..)
@ -407,4 +408,3 @@ mdb:
-DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \
-I/home/dr146992/pfil -I/home/dr146992/ipf -f \
/usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h

View File

@ -1,4 +1,4 @@
These are Instructions for Configuring A FreeBSD Box For NAT
These are Instructions for Configuring A FreeBSD Box For NAT
After you have installed IpFilter.
You will need to change three files:
@ -54,7 +54,7 @@ fpx0 is the interface with the real internet address.
/32 is the subnet mask 255.255.255.255, ie only use this ip address.
portmap tcp/udp 10000:65000
portmap tcp/udp 10000:65000
tells it to use the ports to redirect the tcp/udp calls through
@ -67,7 +67,7 @@ reboots.
In your /etc/rc.local put the line:
ipnat -f /etc/natrules
ipnat -f /etc/natrules
To check and see if it is loaded, as root type
ipnat -ls

View File

@ -0,0 +1,83 @@
What's new in 5.1
=================
General
-------
* all of the tuneables can now be set at any time, not just whilst disabled
or prior to loading rules;
* group identifiers may now be a number or name (universal);
* man pages rewritten
* tunables can now be set via ipf.conf;
Logging
-------
* ipmon.conf can now be used to generate SNMPv1 and SNMPv2 traps using
information from log entries from the kernel;
NAT changes
-----------
* DNS proxy for the kernel that can block queries based on domain names;
* FTP proxy can be configured to limit data connections to one or many
connections per client;
* NAT on IPv6 is now supported;
* rewrite command allows changing both the source and destination address
in a single NAT rule;
* simple encapsulation can now be configured with ipnat.conf,
* TFTP proxy now included;
Packet Filtering
----------------
* acceptance of ICMP packets for "keep state" rules can be refined through
the use of filtering rules;
* alternative form for writing rules using simple filtering expressions;
* CIPSO headers now recognised and analysed for filtering on DOI;
* comments can now be a part of a rule and loaded into the kernel and
thus displayed with ipfstat;
* decapsulation rules allow filtering on inner headers, providing they
are not encrypted;
* interface names, aside from that the packet is on, can be present in
filter rules;
* internally now a single list of filter rules, there is no longer an
IPv4 and IPv6 list;
* rules can now be added with an expiration time, allowing for their
automatic removal after some period of time;
* single file, ipf.conf, can now be used for both IPv4 and IPv6 rules;
* stateful filtering now allows for limits to be placed on the number
of distinct hosts allowed per rule;
Pools
-----
* addresses added to a pool via the command line (only!) can be given
an expiration timeout;
* destination lists are a new type of address pool, primarily for use with
NAT rdr rules, supporting newer algorithms for target selection;
* raw whois information saved to a file can be used to populate a pool;
Solaris
-------
* support for use in zones with exclusive IP instances fully supported.
Tools
-----
* use of matching expressions allows for refining what is displayed or
flushed;

View File

@ -0,0 +1,277 @@
/*-
* THE BEER-WARE LICENSE
*
* <dan@FreeBSD.ORG> wrote this file. As long as you retain this notice you
* can do whatever you want with this stuff. If we meet some day, and you
* think this stuff is worth it, you can buy me a beer in return.
*
* Dan Moschuk
*/
#if !defined(SOLARIS2) && !defined(__osf__)
# include <sys/cdefs.h>
#endif
#include <sys/types.h>
#include <sys/param.h>
#ifdef __FreeBSD__
# include <sys/kernel.h>
#endif
#if !defined(__osf__)
# include <sys/random.h>
#endif
#ifdef __FreeBSD__
# include <sys/libkern.h>
#endif
#include <sys/lock.h>
#ifndef __osf__
# include <sys/mutex.h>
#endif
#include <sys/time.h>
#if defined(SOLARIS2) && (SOLARIS2 < 9)
# include <netinet/in_systm.h>
#endif
#include <sys/socket.h>
#include <net/if.h>
#ifdef __osf__
# include <net/route.h>
#endif
#include <netinet/in.h>
#include <netinet/ip.h>
#include "netinet/ip_compat.h"
#ifdef HAS_SYS_MD5_H
# include <sys/md5.h>
#else
# include "md5.h"
#endif
#ifdef NEED_LOCAL_RAND
#if !defined(__GNUC__)
# define __inline
#endif
#define ARC4_RESEED_BYTES 65536
#define ARC4_RESEED_SECONDS 300
#define ARC4_KEYBYTES (256 / 8)
static u_int8_t arc4_i, arc4_j;
static int arc4_numruns = 0;
static u_int8_t arc4_sbox[256];
static time_t arc4_t_reseed;
static ipfmutex_t arc4_mtx;
static MD5_CTX md5ctx;
static u_int8_t arc4_randbyte(void);
static int ipf_read_random(void *dest, int length);
static __inline void
arc4_swap(u_int8_t *a, u_int8_t *b)
{
u_int8_t c;
c = *a;
*a = *b;
*b = c;
}
/*
* Stir our S-box.
*/
static void
arc4_randomstir (void)
{
u_int8_t key[256];
int r, n;
struct timeval tv_now;
/*
* XXX read_random() returns unsafe numbers if the entropy
* device is not loaded -- MarkM.
*/
r = ipf_read_random(key, ARC4_KEYBYTES);
GETKTIME(&tv_now);
MUTEX_ENTER(&arc4_mtx);
/* If r == 0 || -1, just use what was on the stack. */
if (r > 0) {
for (n = r; n < sizeof(key); n++)
key[n] = key[n % r];
}
for (n = 0; n < 256; n++) {
arc4_j = (arc4_j + arc4_sbox[n] + key[n]) % 256;
arc4_swap(&arc4_sbox[n], &arc4_sbox[arc4_j]);
}
/* Reset for next reseed cycle. */
arc4_t_reseed = tv_now.tv_sec + ARC4_RESEED_SECONDS;
arc4_numruns = 0;
/*
* Throw away the first N words of output, as suggested in the
* paper "Weaknesses in the Key Scheduling Algorithm of RC4"
* by Fluher, Mantin, and Shamir. (N = 256 in our case.)
*/
for (n = 0; n < 256*4; n++)
arc4_randbyte();
MUTEX_EXIT(&arc4_mtx);
}
/*
* Initialize our S-box to its beginning defaults.
*/
static void
arc4_init(void)
{
int n;
MD5Init(&md5ctx);
MUTEX_INIT(&arc4_mtx, "arc4_mtx");
arc4_i = arc4_j = 0;
for (n = 0; n < 256; n++)
arc4_sbox[n] = (u_int8_t) n;
arc4_t_reseed = 0;
}
/*
* Generate a random byte.
*/
static u_int8_t
arc4_randbyte(void)
{
u_int8_t arc4_t;
arc4_i = (arc4_i + 1) % 256;
arc4_j = (arc4_j + arc4_sbox[arc4_i]) % 256;
arc4_swap(&arc4_sbox[arc4_i], &arc4_sbox[arc4_j]);
arc4_t = (arc4_sbox[arc4_i] + arc4_sbox[arc4_j]) % 256;
return arc4_sbox[arc4_t];
}
/*
* MPSAFE
*/
void
arc4rand(void *ptr, u_int len, int reseed)
{
u_int8_t *p;
struct timeval tv;
GETKTIME(&tv);
if (reseed ||
(arc4_numruns > ARC4_RESEED_BYTES) ||
(tv.tv_sec > arc4_t_reseed))
arc4_randomstir();
MUTEX_ENTER(&arc4_mtx);
arc4_numruns += len;
p = ptr;
while (len--)
*p++ = arc4_randbyte();
MUTEX_EXIT(&arc4_mtx);
}
uint32_t
ipf_random(void)
{
uint32_t ret;
arc4rand(&ret, sizeof ret, 0);
return ret;
}
static u_char pot[ARC4_RESEED_BYTES];
static u_char *pothead = pot, *pottail = pot;
static int inpot = 0;
/*
* This is not very strong, and this is understood, but the aim isn't to
* be cryptographically strong - it is just to make up something that is
* pseudo random.
*/
void
ipf_rand_push(void *src, int length)
{
static int arc4_inited = 0;
u_char *nsrc;
int mylen;
if (arc4_inited == 0) {
arc4_init();
arc4_inited = 1;
}
if (length < 64) {
MD5Update(&md5ctx, src, length);
return;
}
nsrc = src;
mylen = length;
#if defined(_SYS_MD5_H) && defined(SOLARIS2)
# define buf buf_un.buf8
#endif
MUTEX_ENTER(&arc4_mtx);
while ((mylen > 64) && (sizeof(pot) - inpot > sizeof(md5ctx.buf))) {
MD5Update(&md5ctx, nsrc, 64);
mylen -= 64;
nsrc += 64;
if (pottail + sizeof(md5ctx.buf) > pot + sizeof(pot)) {
int left, numbytes;
numbytes = pot + sizeof(pot) - pottail;
bcopy(md5ctx.buf, pottail, numbytes);
left = sizeof(md5ctx.buf) - numbytes;
pottail = pot;
bcopy(md5ctx.buf + sizeof(md5ctx.buf) - left,
pottail, left);
pottail += left;
} else {
bcopy(md5ctx.buf, pottail, sizeof(md5ctx.buf));
pottail += sizeof(md5ctx.buf);
}
inpot += 64;
}
MUTEX_EXIT(&arc4_mtx);
#if defined(_SYS_MD5_H) && defined(SOLARIS2)
# undef buf
#endif
}
static int
ipf_read_random(void *dest, int length)
{
if (length > inpot)
return 0;
MUTEX_ENTER(&arc4_mtx);
if (pothead + length > pot + sizeof(pot)) {
int left, numbytes;
left = length;
numbytes = pot + sizeof(pot) - pothead;
bcopy(pothead, dest, numbytes);
left -= numbytes;
pothead = pot;
bcopy(pothead, dest + length - left, left);
pothead += left;
} else {
bcopy(pothead, dest, length);
pothead += length;
}
inpot -= length;
if (inpot == 0)
pothead = pottail = pot;
MUTEX_EXIT(&arc4_mtx);
return length;
}
#endif /* NEED_LOCAL_RAND */

View File

@ -101,4 +101,4 @@ any 99 any # private encryption scheme
gmtp 100 GMTP # GMTP
pim 103 PIM # Protocol Independant Multicast
ipcomp 108 IPCOMP # IP Payload Compression Protocol
reserved 255 Reserved #
reserved 255 Reserved #

View File

@ -228,7 +228,7 @@ qmtp 209/tcp # The Quick Mail Transfer Protocol
qmtp 209/udp # The Quick Mail Transfer Protocol
anet 212/tcp # ATEXSSTR
anet 212/udp # ATEXSSTR
ipx 213/tcp # IPX
ipx 213/tcp # IPX
ipx 213/udp # IPX
vmpwscs 214/tcp # VM PWSCS
vmpwscs 214/udp # VM PWSCS
@ -1104,8 +1104,8 @@ shockwave 1626/tcp # Shockwave
shockwave 1626/udp # Shockwave
oraclenet8cman 1630/tcp # Oracle Net8 Cman
oraclenet8cman 1630/udp # Oracle Net8 Cman
visitview 1631/tcp # Visit view
visitview 1631/udp # Visit view
visitview 1631/tcp # Visit view
visitview 1631/udp # Visit view
pammratc 1632/tcp # PAMMRATC
pammratc 1632/udp # PAMMRATC
pammrpc 1633/tcp # PAMMRPC

View File

@ -0,0 +1,68 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
int genmask(family, msk, mskp)
int family;
char *msk;
i6addr_t *mskp;
{
char *endptr = 0L;
u_32_t addr;
int bits;
if (strchr(msk, '.') || strchr(msk, 'x') || strchr(msk, ':')) {
/* possibly of the form xxx.xxx.xxx.xxx
* or 0xYYYYYYYY */
switch (family)
{
#ifdef USE_INET6
case AF_INET6 :
if (inet_pton(AF_INET6, msk, &mskp->in4) != 1)
return -1;
break;
#endif
case AF_INET :
if (inet_aton(msk, &mskp->in4) == 0)
return -1;
break;
default :
return -1;
/*NOTREACHED*/
}
} else {
/*
* set x most significant bits
*/
bits = (int)strtol(msk, &endptr, 0);
switch (family)
{
case AF_INET6 :
if ((*endptr != '\0') || (bits < 0) || (bits > 128))
return -1;
fill6bits(bits, mskp->i6);
break;
case AF_INET :
if (*endptr != '\0' || bits > 32 || bits < 0)
return -1;
if (bits == 0)
addr = 0;
else
addr = htonl(0xffffffff << (32 - bits));
mskp->in4.s_addr = addr;
break;
default :
return -1;
/*NOTREACHED*/
}
}
return 0;
}

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,68 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: ip_dstlist.h,v 1.5.2.6 2012/07/22 08:04:23 darren_r Exp $
*/
#ifndef __IP_DSTLIST_H__
#define __IP_DSTLIST_H__
typedef struct ipf_dstnode {
struct ipf_dstnode *ipfd_next;
struct ipf_dstnode **ipfd_pnext;
ipfmutex_t ipfd_lock;
frdest_t ipfd_dest;
u_long ipfd_syncat;
int ipfd_flags;
int ipfd_size;
int ipfd_states;
int ipfd_ref;
int ipfd_uid;
char ipfd_names[1];
} ipf_dstnode_t;
typedef enum ippool_policy_e {
IPLDP_NONE = 0,
IPLDP_ROUNDROBIN,
IPLDP_CONNECTION,
IPLDP_RANDOM,
IPLDP_HASHED,
IPLDP_SRCHASH,
IPLDP_DSTHASH
} ippool_policy_t;
typedef struct ippool_dst {
struct ippool_dst *ipld_next;
struct ippool_dst **ipld_pnext;
ipfmutex_t ipld_lock;
int ipld_seed;
int ipld_unit;
int ipld_ref;
int ipld_flags;
int ipld_nodes;
int ipld_maxnodes;
ippool_policy_t ipld_policy;
ipf_dstnode_t **ipld_dests;
ipf_dstnode_t *ipld_selected;
char ipld_name[FR_GROUPLEN];
} ippool_dst_t;
#define IPDST_DELETE 0x01
typedef struct dstlist_stat_s {
void *ipls_list[LOOKUP_POOL_SZ];
int ipls_numlists;
u_long ipls_nomem;
int ipls_numnodes;
int ipls_numdereflists;
int ipls_numderefnodes;
} ipf_dstl_stat_t;
extern ipf_lookup_t ipf_dstlist_backend;
extern int ipf_dstlist_select_node __P((fr_info_t *, void *, u_32_t *,
frdest_t *));
#endif /* __IP_DSTLIST_H__ */

View File

@ -1,154 +1,29 @@
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.18 2007/09/09 11:32:05 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#ifndef SOLARIS
#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
#endif
#include <sys/param.h>
#if defined(__FreeBSD__) && !defined(__FreeBSD_version)
# if defined(IPFILTER_LKM)
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
# endif
#endif
#include <sys/errno.h>
#if defined(__hpux) && (HPUXREV >= 1111) && !defined(_KERNEL)
# include <sys/kern_svcs.h>
#endif
#include <sys/types.h>
#define _KERNEL
#define KERNEL
#ifdef __OpenBSD__
struct file;
#endif
#include <sys/uio.h>
#undef _KERNEL
#undef KERNEL
#include <sys/file.h>
#include <sys/ioctl.h>
#ifdef __sgi
# include <sys/ptimers.h>
#endif
#include <sys/time.h>
#if !SOLARIS
# if (NetBSD > 199609) || (OpenBSD > 199603) || (__FreeBSD_version >= 300000)
# include <sys/dirent.h>
# else
# include <sys/dir.h>
# endif
#else
# include <sys/filio.h>
#endif
#ifndef linux
# include <sys/protosw.h>
#endif
#include <sys/socket.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <fcntl.h>
#ifdef __hpux
# define _NET_ROUTE_INCLUDED
#endif
#include <net/if.h>
#ifdef sun
# include <net/af.h>
#endif
#if __FreeBSD_version >= 300000
# include <net/if_var.h>
#endif
#ifdef __sgi
#include <sys/debug.h>
# ifdef IFF_DRVRLOCK /* IRIX6 */
#include <sys/hashing.h>
# endif
#endif
#if defined(__FreeBSD__) || defined(SOLARIS2)
# include "radix_ipf.h"
#endif
#ifndef __osf__
# include <net/route.h>
#endif
#include <netinet/in.h>
#if !(defined(__sgi) && !defined(IFF_DRVRLOCK)) /* IRIX < 6 */ && \
!defined(__hpux) && !defined(linux)
# include <netinet/in_var.h>
#endif
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#if !defined(linux)
# include <netinet/ip_var.h>
#endif
#include <netinet/tcp.h>
#if defined(__osf__)
# include <netinet/tcp_timer.h>
#endif
#if defined(__osf__) || defined(__hpux) || defined(__sgi)
# include "radix_ipf_local.h"
# define _RADIX_H_
#endif
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include <unistd.h>
#include <syslog.h>
#include <arpa/inet.h>
#ifdef __hpux
# undef _NET_ROUTE_INCLUDED
#endif
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_frag.h"
#include "netinet/ip_state.h"
#include "netinet/ip_proxy.h"
#include "netinet/ip_auth.h"
#ifdef IPFILTER_SYNC
#include "netinet/ip_sync.h"
#endif
#ifdef IPFILTER_SCAN
#include "netinet/ip_scan.h"
#endif
#include "netinet/ip_pool.h"
#ifdef IPFILTER_COMPILED
# include "netinet/ip_rules.h"
#endif
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
# include <sys/malloc.h>
#endif
#ifdef __hpux
struct rtentry;
#endif
#include "ipf.h"
#include "md5.h"
#if !defined(__osf__) && !defined(__linux__)
extern struct protosw inetsw[];
#endif
#include "ipt.h"
ipf_main_softc_t ipfmain;
static struct ifnet **ifneta = NULL;
static int nifs = 0;
static void fr_setifpaddr __P((struct ifnet *, char *));
struct rtentry;
static void ipf_setifpaddr __P((struct ifnet *, char *));
void init_ifp __P((void));
#if defined(__sgi) && (IRIX < 60500)
static int no_output __P((struct ifnet *, struct mbuf *,
@ -170,16 +45,18 @@ static int write_output __P((struct ifnet *, struct mbuf *,
#endif
int ipfattach()
int
ipfattach(softc)
ipf_main_softc_t *softc;
{
fr_running = 1;
return 0;
}
int ipfdetach()
int
ipfdetach(softc)
ipf_main_softc_t *softc;
{
fr_running = -1;
return 0;
}
@ -187,101 +64,96 @@ int ipfdetach()
/*
* Filter ioctl interface.
*/
int iplioctl(dev, cmd, data, mode)
int dev;
ioctlcmd_t cmd;
caddr_t data;
int mode;
int
ipfioctl(softc, dev, cmd, data, mode)
ipf_main_softc_t *softc;
int dev;
ioctlcmd_t cmd;
caddr_t data;
int mode;
{
int error = 0, unit = 0, uid;
SPL_INT(s);
uid = getuid();
unit = dev;
SPL_NET(s);
error = fr_ioctlswitch(unit, data, cmd, mode, uid, NULL);
error = ipf_ioctlswitch(softc, unit, data, cmd, mode, uid, NULL);
if (error != -1) {
SPL_X(s);
return error;
}
SPL_X(s);
return error;
}
void fr_forgetifp(ifp)
void *ifp;
void
ipf_forgetifp(softc, ifp)
ipf_main_softc_t *softc;
void *ifp;
{
register frentry_t *f;
WRITE_ENTER(&ipf_mutex);
for (f = ipacct[0][fr_active]; (f != NULL); f = f->fr_next)
WRITE_ENTER(&softc->ipf_mutex);
for (f = softc->ipf_acct[0][softc->ipf_active]; (f != NULL);
f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
for (f = ipacct[1][fr_active]; (f != NULL); f = f->fr_next)
for (f = softc->ipf_acct[1][softc->ipf_active]; (f != NULL);
f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
for (f = ipfilter[0][fr_active]; (f != NULL); f = f->fr_next)
for (f = softc->ipf_rules[0][softc->ipf_active]; (f != NULL);
f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
for (f = ipfilter[1][fr_active]; (f != NULL); f = f->fr_next)
for (f = softc->ipf_rules[1][softc->ipf_active]; (f != NULL);
f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
#ifdef USE_INET6
for (f = ipacct6[0][fr_active]; (f != NULL); f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
for (f = ipacct6[1][fr_active]; (f != NULL); f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
for (f = ipfilter6[0][fr_active]; (f != NULL); f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
for (f = ipfilter6[1][fr_active]; (f != NULL); f = f->fr_next)
if (f->fr_ifa == ifp)
f->fr_ifa = (void *)-1;
#endif
RWLOCK_EXIT(&ipf_mutex);
fr_natsync(ifp);
RWLOCK_EXIT(&softc->ipf_mutex);
ipf_nat_sync(softc, ifp);
ipf_lookup_sync(softc, ifp);
}
static int
#if defined(__sgi) && (IRIX < 60500)
static int no_output(ifp, m, s)
no_output(ifp, m, s)
#else
# if TRU64 >= 1885
static int no_output (ifp, m, s, rt, cp)
char *cp;
no_output (ifp, m, s, rt, cp)
char *cp;
# else
static int no_output(ifp, m, s, rt)
no_output(ifp, m, s, rt)
# endif
struct rtentry *rt;
struct rtentry *rt;
#endif
struct ifnet *ifp;
struct mbuf *m;
struct sockaddr *s;
struct ifnet *ifp;
struct mbuf *m;
struct sockaddr *s;
{
return 0;
}
static int
#if defined(__sgi) && (IRIX < 60500)
static int write_output(ifp, m, s)
write_output(ifp, m, s)
#else
# if TRU64 >= 1885
static int write_output (ifp, m, s, rt, cp)
char *cp;
write_output (ifp, m, s, rt, cp)
char *cp;
# else
static int write_output(ifp, m, s, rt)
write_output(ifp, m, s, rt)
# endif
struct rtentry *rt;
struct rtentry *rt;
#endif
struct ifnet *ifp;
struct mbuf *m;
struct sockaddr *s;
struct ifnet *ifp;
struct mbuf *m;
struct sockaddr *s;
{
char fname[32];
mb_t *mb;
@ -309,9 +181,10 @@ struct sockaddr *s;
}
static void fr_setifpaddr(ifp, addr)
struct ifnet *ifp;
char *addr;
static void
ipf_setifpaddr(ifp, addr)
struct ifnet *ifp;
char *addr;
{
#ifdef __sgi
struct in_ifaddr *ifa;
@ -349,15 +222,28 @@ char *addr;
#else
sin = (struct sockaddr_in *)&ifa->ifa_addr;
#endif
sin->sin_addr.s_addr = inet_addr(addr);
if (sin->sin_addr.s_addr == 0)
abort();
#ifdef USE_INET6
if (index(addr, ':') != NULL) {
struct sockaddr_in6 *sin6;
sin6 = (struct sockaddr_in6 *)&ifa->ifa_addr;
sin6->sin6_family = AF_INET6;
inet_pton(AF_INET6, addr, &sin6->sin6_addr);
} else
#endif
{
sin->sin_family = AF_INET;
sin->sin_addr.s_addr = inet_addr(addr);
if (sin->sin_addr.s_addr == 0)
abort();
}
}
}
struct ifnet *get_unit(name, v)
char *name;
int v;
struct ifnet *
get_unit(name, family)
char *name;
int family;
{
struct ifnet *ifp, **ifpp, **old_ifneta;
char *addr;
@ -365,6 +251,9 @@ int v;
(defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
if (!*name)
return NULL;
if (name == NULL)
name = "anon0";
@ -375,7 +264,7 @@ int v;
for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {
if (!strcmp(name, ifp->if_xname)) {
if (addr != NULL)
fr_setifpaddr(ifp, addr);
ipf_setifpaddr(ifp, addr);
return ifp;
}
}
@ -390,10 +279,10 @@ int v;
*addr++ = '\0';
for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {
COPYIFNAME(v, ifp, ifname);
COPYIFNAME(family, ifp, ifname);
if (!strcmp(name, ifname)) {
if (addr != NULL)
fr_setifpaddr(ifp, addr);
ipf_setifpaddr(ifp, addr);
return ifp;
}
}
@ -437,9 +326,15 @@ int v;
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
(void) strncpy(ifp->if_xname, name, sizeof(ifp->if_xname));
#else
for (s = name; *s && !ISDIGIT(*s); s++)
;
if (*s && ISDIGIT(*s)) {
s = name + strlen(name) - 1;
for (; s > name; s--) {
if (!ISDIGIT(*s)) {
s++;
break;
}
}
if ((s > name) && (*s != 0) && ISDIGIT(*s)) {
ifp->if_unit = atoi(s);
ifp->if_name = (char *)malloc(s - name + 1);
(void) strncpy(ifp->if_name, name, s - name);
@ -452,15 +347,16 @@ int v;
ifp->if_output = (void *)no_output;
if (addr != NULL) {
fr_setifpaddr(ifp, addr);
ipf_setifpaddr(ifp, addr);
}
return ifp;
}
char *get_ifname(ifp)
struct ifnet *ifp;
char *
get_ifname(ifp)
struct ifnet *ifp;
{
static char ifname[LIFNAMSIZ];
@ -468,14 +364,18 @@ struct ifnet *ifp;
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
sprintf(ifname, "%s", ifp->if_xname);
#else
sprintf(ifname, "%s%d", ifp->if_name, ifp->if_unit);
if (ifp->if_unit != -1)
sprintf(ifname, "%s%d", ifp->if_name, ifp->if_unit);
else
strcpy(ifname, ifp->if_name);
#endif
return ifname;
}
void init_ifp()
void
init_ifp()
{
struct ifnet *ifp, **ifpp;
char fname[32];
@ -496,7 +396,7 @@ void init_ifp()
#else
for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {
ifp->if_output = write_output;
ifp->if_output = (void *)write_output;
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600);
if (fd == -1)
@ -508,36 +408,48 @@ void init_ifp()
}
int fr_fastroute(m, mpp, fin, fdp)
mb_t *m, **mpp;
fr_info_t *fin;
frdest_t *fdp;
int
ipf_fastroute(m, mpp, fin, fdp)
mb_t *m, **mpp;
fr_info_t *fin;
frdest_t *fdp;
{
struct ifnet *ifp = fdp->fd_ifp;
struct ifnet *ifp;
ip_t *ip = fin->fin_ip;
frdest_t node;
int error = 0;
frentry_t *fr;
void *sifp;
int sout;
if (!ifp)
return 0; /* no routing table out here */
sifp = fin->fin_ifp;
sout = fin->fin_out;
fr = fin->fin_fr;
ip->ip_sum = 0;
if (!(fr->fr_flags & FR_KEEPSTATE) && (fdp != NULL) &&
(fdp->fd_type == FRD_DSTLIST)) {
bzero(&node, sizeof(node));
ipf_dstlist_select_node(fin, fdp->fd_ptr, NULL, &node);
fdp = &node;
}
ifp = fdp->fd_ptr;
if (ifp == NULL)
return 0; /* no routing table out here */
if (fin->fin_out == 0) {
sifp = fin->fin_ifp;
fin->fin_ifp = ifp;
fin->fin_out = 1;
(void) fr_acctpkt(fin, NULL);
(void) ipf_acctpkt(fin, NULL);
fin->fin_fr = NULL;
if (!fr || !(fr->fr_flags & FR_RETMASK)) {
u_32_t pass;
(void) fr_checkstate(fin, &pass);
(void) ipf_state_check(fin, &pass);
}
switch (fr_checknatout(fin, NULL))
switch (ipf_nat_checkout(fin, NULL))
{
case 0 :
break;
@ -550,10 +462,11 @@ frdest_t *fdp;
break;
}
fin->fin_ifp = sifp;
fin->fin_out = 0;
}
m->mb_ifp = ifp;
printpacket(fin->fin_out, m);
#if defined(__sgi) && (IRIX < 60500)
(*ifp->if_output)(ifp, (void *)ip, NULL);
# if TRU64 >= 1885
@ -563,55 +476,55 @@ frdest_t *fdp;
# endif
#endif
done:
fin->fin_ifp = sifp;
fin->fin_out = sout;
return error;
}
int fr_send_reset(fin)
fr_info_t *fin;
int
ipf_send_reset(fin)
fr_info_t *fin;
{
verbose("- TCP RST sent\n");
ipfkverbose("- TCP RST sent\n");
return 0;
}
int fr_send_icmp_err(type, fin, dst)
int type;
fr_info_t *fin;
int dst;
int
ipf_send_icmp_err(type, fin, dst)
int type;
fr_info_t *fin;
int dst;
{
verbose("- ICMP unreachable sent\n");
ipfkverbose("- ICMP unreachable sent\n");
return 0;
}
void frsync(ifp)
void *ifp;
void
m_freem(m)
mb_t *m;
{
return;
}
void m_freem(m)
mb_t *m;
{
return;
}
void m_copydata(m, off, len, cp)
mb_t *m;
int off, len;
caddr_t cp;
void
m_copydata(m, off, len, cp)
mb_t *m;
int off, len;
caddr_t cp;
{
bcopy((char *)m + off, cp, len);
}
int ipfuiomove(buf, len, rwflag, uio)
caddr_t buf;
int len, rwflag;
struct uio *uio;
int
ipfuiomove(buf, len, rwflag, uio)
caddr_t buf;
int len, rwflag;
struct uio *uio;
{
int left, ioc, num, offset;
struct iovec *io;
@ -648,8 +561,9 @@ struct uio *uio;
}
u_32_t fr_newisn(fin)
fr_info_t *fin;
u_32_t
ipf_newisn(fin)
fr_info_t *fin;
{
static int iss_seq_off = 0;
u_char hash[16];
@ -688,50 +602,76 @@ fr_info_t *fin;
/* ------------------------------------------------------------------------ */
/* Function: fr_nextipid */
/* Function: ipf_nextipid */
/* Returns: int - 0 == success, -1 == error (packet should be droppped) */
/* Parameters: fin(I) - pointer to packet information */
/* */
/* Returns the next IPv4 ID to use for this packet. */
/* ------------------------------------------------------------------------ */
INLINE u_short fr_nextipid(fin)
fr_info_t *fin;
INLINE u_short
ipf_nextipid(fin)
fr_info_t *fin;
{
static u_short ipid = 0;
ipf_main_softc_t *softc = fin->fin_main_soft;
u_short id;
MUTEX_ENTER(&ipf_rw);
id = ipid++;
MUTEX_EXIT(&ipf_rw);
MUTEX_ENTER(&softc->ipf_rw);
if (fin->fin_pktnum != 0) {
/*
* The -1 is for aligned test results.
*/
id = (fin->fin_pktnum - 1) & 0xffff;
} else {
}
id = ipid++;
MUTEX_EXIT(&softc->ipf_rw);
return id;
}
INLINE void fr_checkv4sum(fin)
fr_info_t *fin;
INLINE int
ipf_checkv4sum(fin)
fr_info_t *fin;
{
if (fr_checkl4sum(fin) == -1)
if (fin->fin_flx & FI_SHORT)
return 1;
if (ipf_checkl4sum(fin) == -1) {
fin->fin_flx |= FI_BAD;
return -1;
}
return 0;
}
#ifdef USE_INET6
INLINE void fr_checkv6sum(fin)
fr_info_t *fin;
INLINE int
ipf_checkv6sum(fin)
fr_info_t *fin;
{
if (fr_checkl4sum(fin) == -1)
if (fin->fin_flx & FI_SHORT)
return 1;
if (ipf_checkl4sum(fin) == -1) {
fin->fin_flx |= FI_BAD;
return -1;
}
return 0;
}
#endif
#if 0
/*
* See above for description, except that all addressing is in user space.
*/
int copyoutptr(src, dst, size)
void *src, *dst;
size_t size;
int
copyoutptr(softc, src, dst, size)
void *src, *dst;
size_t size;
{
caddr_t ca;
@ -744,9 +684,10 @@ size_t size;
/*
* See above for description, except that all addressing is in user space.
*/
int copyinptr(src, dst, size)
void *src, *dst;
size_t size;
int
copyinptr(src, dst, size)
void *src, *dst;
size_t size;
{
caddr_t ca;
@ -754,15 +695,18 @@ size_t size;
bcopy(ca, dst, size);
return 0;
}
#endif
/*
* return the first IP Address associated with an interface
*/
int fr_ifpaddr(v, atype, ifptr, inp, inpmask)
int v, atype;
void *ifptr;
struct in_addr *inp, *inpmask;
int
ipf_ifpaddr(softc, v, atype, ifptr, inp, inpmask)
ipf_main_softc_t *softc;
int v, atype;
void *ifptr;
i6addr_t *inp, *inpmask;
{
struct ifnet *ifp = ifptr;
#ifdef __sgi
@ -781,40 +725,145 @@ struct in_addr *inp, *inpmask;
# endif
#endif
if (ifa != NULL) {
struct sockaddr_in *sin, mask;
if (v == 4) {
struct sockaddr_in *sin, mask;
mask.sin_addr.s_addr = 0xffffffff;
mask.sin_addr.s_addr = 0xffffffff;
#ifdef __sgi
sin = (struct sockaddr_in *)&ifa->ia_addr;
sin = (struct sockaddr_in *)&ifa->ia_addr;
#else
sin = (struct sockaddr_in *)&ifa->ifa_addr;
sin = (struct sockaddr_in *)&ifa->ifa_addr;
#endif
return fr_ifpfillv4addr(atype, sin, &mask, inp, inpmask);
return ipf_ifpfillv4addr(atype, sin, &mask,
&inp->in4, &inpmask->in4);
}
#ifdef USE_INET6
if (v == 6) {
struct sockaddr_in6 *sin6, mask;
sin6 = (struct sockaddr_in6 *)&ifa->ifa_addr;
((i6addr_t *)&mask.sin6_addr)->i6[0] = 0xffffffff;
((i6addr_t *)&mask.sin6_addr)->i6[1] = 0xffffffff;
((i6addr_t *)&mask.sin6_addr)->i6[2] = 0xffffffff;
((i6addr_t *)&mask.sin6_addr)->i6[3] = 0xffffffff;
return ipf_ifpfillv6addr(atype, sin6, &mask,
inp, inpmask);
}
#endif
}
return 0;
}
int ipfsync()
/*
* This function is not meant to be random, rather just produce a
* sequence of numbers that isn't linear to show "randomness".
*/
u_32_t
ipf_random()
{
return 0;
}
static unsigned int last = 0xa5a5a5a5;
static int calls = 0;
int number;
#ifndef ipf_random
u_32_t ipf_random()
{
static int seeded = 0;
calls++;
/*
* Choose a non-random seed so that "randomness" can be "tested."
* These are deliberately chosen to ensure that there is some
* attempt to test whether the output covers the range in test n18.
*/
if (seeded == 0) {
srand(0);
seeded = 1;
switch (calls)
{
case 1 :
number = 0;
break;
case 2 :
number = 4;
break;
case 3 :
number = 3999;
break;
case 4 :
number = 4000;
break;
case 5 :
number = 48999;
break;
case 6 :
number = 49000;
break;
default :
number = last;
last *= calls;
last++;
number ^= last;
break;
}
return rand();
return number;
}
int
ipf_verifysrc(fin)
fr_info_t *fin;
{
return 1;
}
int
ipf_inject(fin, m)
fr_info_t *fin;
mb_t *m;
{
FREE_MB_T(m);
return 0;
}
u_int
ipf_pcksum(fin, hlen, sum)
fr_info_t *fin;
int hlen;
u_int sum;
{
u_short *sp;
u_int sum2;
int slen;
slen = fin->fin_plen - hlen;
sp = (u_short *)((u_char *)fin->fin_ip + hlen);
for (; slen > 1; slen -= 2)
sum += *sp++;
if (slen)
sum += ntohs(*(u_char *)sp << 8);
while (sum > 0xffff)
sum = (sum & 0xffff) + (sum >> 16);
sum2 = (u_short)(~sum & 0xffff);
return sum2;
}
void *
ipf_pullup(m, fin, plen)
mb_t *m;
fr_info_t *fin;
int plen;
{
if (M_LEN(m) >= plen)
return fin->fin_ip;
/*
* Fake ipf_pullup failing
*/
fin->fin_reason = FRB_PULLUP;
*fin->fin_mp = NULL;
fin->fin_m = NULL;
fin->fin_ip = NULL;
return NULL;
}
#endif

File diff suppressed because it is too large Load Diff

View File

@ -1,12 +1,12 @@
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001, 2003 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipf.h 1.12 6/5/96
* $Id: ipf.h,v 2.71.2.15 2007/05/11 10:44:14 darrenr Exp $
* $Id$
*/
#ifndef __IPF_H__
@ -80,6 +80,7 @@ struct file;
#include "netinet/ip_scan.h"
#include "netinet/ip_htable.h"
#include "netinet/ip_sync.h"
#include "netinet/ip_dstlist.h"
#include "opts.h"
@ -120,6 +121,9 @@ typedef unsigned int u_32_t;
#define MAX_ICMPCODE 16
#define MAX_ICMPTYPE 19
#define PRINTF (void)printf
#define FPRINTF (void)fprintf
struct ipopt_names {
int on_value;
@ -132,6 +136,7 @@ struct ipopt_names {
typedef struct alist_s {
struct alist_s *al_next;
int al_not;
int al_family;
i6addr_t al_i6addr;
i6addr_t al_i6mask;
} alist_t;
@ -142,6 +147,14 @@ typedef struct alist_s {
#define al_2 al_mask
typedef struct plist_s {
struct plist_s *pl_next;
int pl_compare;
u_short pl_port1;
u_short pl_port2;
} plist_t;
typedef struct {
u_short fb_c;
u_char fb_t;
@ -150,6 +163,35 @@ typedef struct {
} fakebpf_t;
typedef struct {
char *it_name;
int it_v4;
int it_v6;
} icmptype_t;
typedef struct wordtab {
char *w_word;
int w_value;
} wordtab_t;
typedef struct namelist {
struct namelist *na_next;
char *na_name;
int na_value;
} namelist_t;
typedef struct proxyrule {
struct proxyrule *pr_next;
char *pr_proxy;
char *pr_conf;
namelist_t *pr_names;
int pr_proto;
} proxyrule_t;
#if defined(__NetBSD__) || defined(__OpenBSD__) || \
(_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \
SOLARIS || defined(__sgi) || defined(__osf__) || defined(linux)
@ -158,7 +200,7 @@ typedef int (* ioctlfunc_t) __P((int, ioctlcmd_t, ...));
#else
typedef int (* ioctlfunc_t) __P((dev_t, ioctlcmd_t, void *));
#endif
typedef void (* addfunc_t) __P((int, ioctlfunc_t, void *));
typedef int (* addfunc_t) __P((int, ioctlfunc_t, void *));
typedef int (* copyfunc_t) __P((void *, void *, size_t));
@ -178,90 +220,143 @@ extern char *icmpcodes[MAX_ICMPCODE + 1];
extern char *icmptypes[MAX_ICMPTYPE + 1];
extern int use_inet6;
extern int lineNum;
extern int debuglevel;
extern struct ipopt_names v6ionames[];
extern icmptype_t icmptypelist[];
extern wordtab_t statefields[];
extern wordtab_t natfields[];
extern wordtab_t poolfields[];
extern int addicmp __P((char ***, struct frentry *, int));
extern int addipopt __P((char *, struct ipopt_names *, int, char *));
extern void alist_free __P((alist_t *));
extern int addkeep __P((char ***, struct frentry *, int));
extern alist_t *alist_new __P((int, char *));
extern void alist_free __P((alist_t *));
extern void assigndefined __P((char *));
extern void binprint __P((void *, size_t));
extern void initparse __P((void));
extern u_32_t buildopts __P((char *, char *, int));
extern int checkrev __P((char *));
extern int connecttcp __P((char *, int));
extern int count6bits __P((u_32_t *));
extern int count4bits __P((u_32_t));
extern char *fac_toname __P((int));
extern int fac_findname __P((char *));
extern const char *familyname __P((const int));
extern void fill6bits __P((int, u_int *));
extern int gethost __P((char *, u_32_t *));
extern int getport __P((struct frentry *, char *, u_short *));
extern wordtab_t *findword __P((wordtab_t *, char *));
extern int ftov __P((int));
extern char *ipf_geterror __P((int, ioctlfunc_t *));
extern int genmask __P((int, char *, i6addr_t *));
extern int gethost __P((int, char *, i6addr_t *));
extern int geticmptype __P((int, char *));
extern int getport __P((struct frentry *, char *, u_short *, char *));
extern int getportproto __P((char *, int));
extern int getproto __P((char *));
extern char *getnattype __P((struct nat *, int));
extern char *getnattype __P((struct nat *));
extern char *getsumd __P((u_32_t));
extern u_32_t getoptbyname __P((char *));
extern u_32_t getoptbyvalue __P((int));
extern u_32_t getv6optbyname __P((char *));
extern u_32_t getv6optbyvalue __P((int));
extern char *icmptypename __P((int, int));
extern void initparse __P((void));
extern void ipf_dotuning __P((int, char *, ioctlfunc_t));
extern void ipf_addrule __P((int, ioctlfunc_t, void *));
extern void ipf_dotuning __P((int, char *, ioctlfunc_t));
extern int ipf_addrule __P((int, ioctlfunc_t, void *));
extern void ipf_mutex_clean __P((void));
extern int ipf_parsefile __P((int, addfunc_t, ioctlfunc_t *, char *));
extern int ipf_parsesome __P((int, addfunc_t, ioctlfunc_t *, FILE *));
extern void ipf_perror __P((int, char *));
extern int ipf_perror_fd __P(( int, ioctlfunc_t, char *));
extern void ipf_rwlock_clean __P((void));
extern char *ipf_strerror __P((int));
extern void ipferror __P((int, char *));
extern int ipmon_parsefile __P((char *));
extern int ipmon_parsesome __P((FILE *));
extern void ipnat_addrule __P((int, ioctlfunc_t, void *));
extern int ipnat_addrule __P((int, ioctlfunc_t, void *));
extern int ipnat_parsefile __P((int, addfunc_t, ioctlfunc_t, char *));
extern int ipnat_parsesome __P((int, addfunc_t, ioctlfunc_t, FILE *));
extern int ippool_parsefile __P((int, char *, ioctlfunc_t));
extern int ippool_parsesome __P((int, FILE *, ioctlfunc_t));
extern int kmemcpywrap __P((void *, void *, size_t));
extern char *kvatoname __P((ipfunc_t, ioctlfunc_t));
extern int load_dstlist __P((struct ippool_dst *, ioctlfunc_t,
ipf_dstnode_t *));
extern int load_dstlistnode __P((int, char *, struct ipf_dstnode *,
ioctlfunc_t));
extern alist_t *load_file __P((char *));
extern int load_hash __P((struct iphtable_s *, struct iphtent_s *,
ioctlfunc_t));
extern int load_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t));
extern int load_hashnode __P((int, char *, struct iphtent_s *, int,
ioctlfunc_t));
extern alist_t *load_http __P((char *));
extern int load_pool __P((struct ip_pool_s *list, ioctlfunc_t));
extern int load_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t));
extern int load_poolnode __P((int, char *, ip_pool_node_t *, int, ioctlfunc_t));
extern alist_t *load_url __P((char *));
extern alist_t *make_range __P((int, struct in_addr, struct in_addr));
extern void mb_hexdump __P((mb_t *, FILE *));
extern ipfunc_t nametokva __P((char *, ioctlfunc_t));
extern void nat_setgroupmap __P((struct ipnat *));
extern int ntomask __P((int, int, u_32_t *));
extern u_32_t optname __P((char ***, u_short *, int));
extern struct frentry *parse __P((char *, int));
extern wordtab_t *parsefields __P((wordtab_t *, char *));
extern int *parseipfexpr __P((char *, char **));
extern int parsewhoisline __P((char *, addrfamily_t *, addrfamily_t *));
extern void pool_close __P((void));
extern int pool_fd __P((void));
extern int pool_ioctl __P((ioctlfunc_t, ioctlcmd_t, void *));
extern int pool_open __P((void));
extern char *portname __P((int, int));
extern int pri_findname __P((char *));
extern char *pri_toname __P((int));
extern void print_toif __P((char *, struct frdest *));
extern void printaps __P((ap_session_t *, int));
extern void print_toif __P((int, char *, char *, struct frdest *));
extern void printaps __P((ap_session_t *, int, int));
extern void printaddr __P((int, int, char *, int, u_32_t *, u_32_t *));
extern void printbuf __P((char *, int, int));
extern void printfieldhdr __P((wordtab_t *, wordtab_t *));
extern void printfr __P((struct frentry *, ioctlfunc_t));
extern void printtunable __P((ipftune_t *));
extern struct iphtable_s *printhash __P((struct iphtable_s *, copyfunc_t,
char *, int));
extern struct iphtable_s *printhash_live __P((iphtable_t *, int, char *, int));
char *, int, wordtab_t *));
extern struct iphtable_s *printhash_live __P((iphtable_t *, int, char *,
int, wordtab_t *));
extern ippool_dst_t *printdstl_live __P((ippool_dst_t *, int, char *,
int, wordtab_t *));
extern void printhashdata __P((iphtable_t *, int));
extern struct iphtent_s *printhashnode __P((struct iphtable_s *,
struct iphtent_s *,
copyfunc_t, int));
copyfunc_t, int, wordtab_t *));
extern void printhost __P((int, u_32_t *));
extern void printhostmask __P((int, u_32_t *, u_32_t *));
extern void printip __P((u_32_t *));
extern void printip __P((int, u_32_t *));
extern void printlog __P((struct frentry *));
extern void printlookup __P((i6addr_t *addr, i6addr_t *mask));
extern void printmask __P((u_32_t *));
extern void printpacket __P((struct ip *));
extern void printpacket6 __P((struct ip *));
extern void printlookup __P((char *, i6addr_t *addr, i6addr_t *mask));
extern void printmask __P((int, u_32_t *));
extern void printnataddr __P((int, char *, nat_addr_t *, int));
extern void printnatfield __P((nat_t *, int));
extern void printnatside __P((char *, nat_stat_side_t *));
extern void printpacket __P((int, mb_t *));
extern void printpacket6 __P((int, mb_t *));
extern struct ippool_dst *printdstlist __P((struct ippool_dst *, copyfunc_t,
char *, int, ipf_dstnode_t *,
wordtab_t *));
extern void printdstlistdata __P((ippool_dst_t *, int));
extern ipf_dstnode_t *printdstlistnode __P((ipf_dstnode_t *, copyfunc_t,
int, wordtab_t *));
extern void printdstlistpolicy __P((ippool_policy_t));
extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t,
char *, int));
char *, int, wordtab_t *));
extern struct ip_pool_s *printpool_live __P((struct ip_pool_s *, int,
char *, int));
char *, int, wordtab_t *));
extern void printpooldata __P((ip_pool_t *, int));
extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, int));
extern void printpoolfield __P((void *, int, int));
extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *,
int, wordtab_t *));
extern void printproto __P((struct protoent *, int, struct ipnat *));
extern void printportcmp __P((int, struct frpcmp *));
extern void printstatefield __P((ipstate_t *, int));
extern void printtqtable __P((ipftq_t *));
extern void printtunable __P((ipftune_t *));
extern void printunit __P((int));
extern void optprint __P((u_short *, u_long, u_long));
#ifdef USE_INET6
extern void optprintv6 __P((u_short *, u_long, u_long));
@ -270,7 +365,6 @@ extern int remove_hash __P((struct iphtable_s *, ioctlfunc_t));
extern int remove_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t));
extern int remove_pool __P((ip_pool_t *, ioctlfunc_t));
extern int remove_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t));
extern u_char tcp_flags __P((char *, u_char *, int));
extern u_char tcpflags __P((char *));
extern void printc __P((struct frentry *));
extern void printC __P((int));
@ -283,14 +377,26 @@ extern char *hostname __P((int, void *));
extern struct ipstate *printstate __P((struct ipstate *, int, u_long));
extern void printsbuf __P((char *));
extern void printnat __P((struct ipnat *, int));
extern void printactivenat __P((struct nat *, int, int, u_long));
extern void printactiveaddress __P((int, char *, i6addr_t *, char *));
extern void printactivenat __P((struct nat *, int, u_long));
extern void printhostmap __P((struct hostmap *, u_int));
extern void printtqtable __P((ipftq_t *));
extern void printtcpflags __P((u_32_t, u_32_t));
extern void printipfexpr __P((int *));
extern void printstatefield __P((ipstate_t *, int));
extern void printstatefieldhdr __P((int));
extern int sendtrap_v1_0 __P((int, char *, char *, int, time_t));
extern int sendtrap_v2_0 __P((int, char *, char *, int));
extern int vtof __P((int));
extern void set_variable __P((char *, char *));
extern char *get_variable __P((char *, char **, int));
extern void resetlexer __P((void));
extern void debug __P((int, char *, ...));
extern void verbose __P((int, char *, ...));
extern void ipfkdebug __P((char *, ...));
extern void ipfkverbose __P((char *, ...));
#if SOLARIS
extern int gethostname __P((char *, int ));
extern void sync __P((void));

364
contrib/ipfilter/ipf_rb.h Normal file
View File

@ -0,0 +1,364 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
typedef enum rbcolour_e {
C_BLACK = 0,
C_RED = 1
} rbcolour_t;
#define RBI_LINK(_n, _t) \
struct _n##_rb_link { \
struct _t *left; \
struct _t *right; \
struct _t *parent; \
rbcolour_t colour; \
}
#define RBI_HEAD(_n, _t) \
struct _n##_rb_head { \
struct _t top; \
int count; \
int (* compare)(struct _t *, struct _t *); \
}
#define RBI_CODE(_n, _t, _f, _cmp) \
\
typedef void (*_n##_rb_walker_t)(_t *, void *); \
\
_t * _n##_rb_delete(struct _n##_rb_head *, _t *); \
void _n##_rb_init(struct _n##_rb_head *); \
void _n##_rb_insert(struct _n##_rb_head *, _t *); \
_t * _n##_rb_search(struct _n##_rb_head *, void *); \
void _n##_rb_walktree(struct _n##_rb_head *, _n##_rb_walker_t, void *);\
\
static void \
rotate_left(struct _n##_rb_head *head, _t *node) \
{ \
_t *parent, *tmp1, *tmp2; \
\
parent = node->_f.parent; \
tmp1 = node->_f.right; \
tmp2 = tmp1->_f.left; \
node->_f.right = tmp2; \
if (tmp2 != & _n##_rb_zero) \
tmp2->_f.parent = node; \
if (parent == & _n##_rb_zero) \
head->top._f.right = tmp1; \
else if (parent->_f.right == node) \
parent->_f.right = tmp1; \
else \
parent->_f.left = tmp1; \
tmp1->_f.left = node; \
tmp1->_f.parent = parent; \
node->_f.parent = tmp1; \
} \
\
static void \
rotate_right(struct _n##_rb_head *head, _t *node) \
{ \
_t *parent, *tmp1, *tmp2; \
\
parent = node->_f.parent; \
tmp1 = node->_f.left; \
tmp2 = tmp1->_f.right; \
node->_f.left = tmp2; \
if (tmp2 != &_n##_rb_zero) \
tmp2->_f.parent = node; \
if (parent == &_n##_rb_zero) \
head->top._f.right = tmp1; \
else if (parent->_f.right == node) \
parent->_f.right = tmp1; \
else \
parent->_f.left = tmp1; \
tmp1->_f.right = node; \
tmp1->_f.parent = parent; \
node->_f.parent = tmp1; \
} \
\
void \
_n##_rb_insert(struct _n##_rb_head *head, _t *node) \
{ \
_t *n, *parent, **p, *tmp1, *gparent; \
\
parent = &head->top; \
node->_f.left = &_n##_rb_zero; \
node->_f.right = &_n##_rb_zero; \
p = &head->top._f.right; \
while ((n = *p) != &_n##_rb_zero) { \
if (_cmp(node, n) < 0) \
p = &n->_f.left; \
else \
p = &n->_f.right; \
parent = n; \
} \
*p = node; \
node->_f.colour = C_RED; \
node->_f.parent = parent; \
\
while ((node != &_n##_rb_zero) && (parent->_f.colour == C_RED)){\
gparent = parent->_f.parent; \
if (parent == gparent->_f.left) { \
tmp1 = gparent->_f.right; \
if (tmp1->_f.colour == C_RED) { \
parent->_f.colour = C_BLACK; \
tmp1->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
node = gparent; \
} else { \
if (node == parent->_f.right) { \
node = parent; \
rotate_left(head, node); \
parent = node->_f.parent; \
} \
parent->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
rotate_right(head, gparent); \
} \
} else { \
tmp1 = gparent->_f.left; \
if (tmp1->_f.colour == C_RED) { \
parent->_f.colour = C_BLACK; \
tmp1->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
node = gparent; \
} else { \
if (node == parent->_f.left) { \
node = parent; \
rotate_right(head, node); \
parent = node->_f.parent; \
} \
parent->_f.colour = C_BLACK; \
gparent->_f.colour = C_RED; \
rotate_left(head, parent->_f.parent); \
} \
} \
parent = node->_f.parent; \
} \
head->top._f.right->_f.colour = C_BLACK; \
head->count++; \
} \
\
static void \
deleteblack(struct _n##_rb_head *head, _t *parent, _t *node) \
{ \
_t *tmp; \
\
while ((node == &_n##_rb_zero || node->_f.colour == C_BLACK) && \
node != &head->top) { \
if (parent->_f.left == node) { \
tmp = parent->_f.right; \
if (tmp->_f.colour == C_RED) { \
tmp->_f.colour = C_BLACK; \
parent->_f.colour = C_RED; \
rotate_left(head, parent); \
tmp = parent->_f.right; \
} \
if ((tmp->_f.left == &_n##_rb_zero || \
tmp->_f.left->_f.colour == C_BLACK) && \
(tmp->_f.right == &_n##_rb_zero || \
tmp->_f.right->_f.colour == C_BLACK)) { \
tmp->_f.colour = C_RED; \
node = parent; \
parent = node->_f.parent; \
} else { \
if (tmp->_f.right == &_n##_rb_zero || \
tmp->_f.right->_f.colour == C_BLACK) {\
_t *tmp2 = tmp->_f.left; \
\
if (tmp2 != &_n##_rb_zero) \
tmp2->_f.colour = C_BLACK;\
tmp->_f.colour = C_RED; \
rotate_right(head, tmp); \
tmp = parent->_f.right; \
} \
tmp->_f.colour = parent->_f.colour; \
parent->_f.colour = C_BLACK; \
if (tmp->_f.right != &_n##_rb_zero) \
tmp->_f.right->_f.colour = C_BLACK;\
rotate_left(head, parent); \
node = head->top._f.right; \
} \
} else { \
tmp = parent->_f.left; \
if (tmp->_f.colour == C_RED) { \
tmp->_f.colour = C_BLACK; \
parent->_f.colour = C_RED; \
rotate_right(head, parent); \
tmp = parent->_f.left; \
} \
if ((tmp->_f.left == &_n##_rb_zero || \
tmp->_f.left->_f.colour == C_BLACK) && \
(tmp->_f.right == &_n##_rb_zero || \
tmp->_f.right->_f.colour == C_BLACK)) { \
tmp->_f.colour = C_RED; \
node = parent; \
parent = node->_f.parent; \
} else { \
if (tmp->_f.left == &_n##_rb_zero || \
tmp->_f.left->_f.colour == C_BLACK) {\
_t *tmp2 = tmp->_f.right; \
\
if (tmp2 != &_n##_rb_zero) \
tmp2->_f.colour = C_BLACK;\
tmp->_f.colour = C_RED; \
rotate_left(head, tmp); \
tmp = parent->_f.left; \
} \
tmp->_f.colour = parent->_f.colour; \
parent->_f.colour = C_BLACK; \
if (tmp->_f.left != &_n##_rb_zero) \
tmp->_f.left->_f.colour = C_BLACK;\
rotate_right(head, parent); \
node = head->top._f.right; \
break; \
} \
} \
} \
if (node != &_n##_rb_zero) \
node->_f.colour = C_BLACK; \
} \
\
_t * \
_n##_rb_delete(struct _n##_rb_head *head, _t *node) \
{ \
_t *child, *parent, *old = node, *left; \
rbcolour_t color; \
\
if (node->_f.left == &_n##_rb_zero) { \
child = node->_f.right; \
} else if (node->_f.right == &_n##_rb_zero) { \
child = node->_f.left; \
} else { \
node = node->_f.right; \
while ((left = node->_f.left) != &_n##_rb_zero) \
node = left; \
child = node->_f.right; \
parent = node->_f.parent; \
color = node->_f.colour; \
if (child != &_n##_rb_zero) \
child->_f.parent = parent; \
if (parent != &_n##_rb_zero) { \
if (parent->_f.left == node) \
parent->_f.left = child; \
else \
parent->_f.right = child; \
} else { \
head->top._f.right = child; \
} \
if (node->_f.parent == old) \
parent = node; \
*node = *old; \
if (old->_f.parent != &_n##_rb_zero) { \
if (old->_f.parent->_f.left == old) \
old->_f.parent->_f.left = node; \
else \
old->_f.parent->_f.right = node; \
} else { \
head->top._f.right = child; \
} \
old->_f.left->_f.parent = node; \
if (old->_f.right != &_n##_rb_zero) \
old->_f.right->_f.parent = node; \
if (parent != &_n##_rb_zero) { \
left = parent; \
} \
goto colour; \
} \
parent = node->_f.parent; \
color= node->_f.colour; \
if (child != &_n##_rb_zero) \
child->_f.parent = parent; \
if (parent != &_n##_rb_zero) { \
if (parent->_f.left == node) \
parent->_f.left = child; \
else \
parent->_f.right = child; \
} else { \
head->top._f.right = child; \
} \
colour: \
if (color == C_BLACK) \
deleteblack(head, parent, node); \
head->count--; \
return old; \
} \
\
void \
_n##_rb_init(struct _n##_rb_head *head) \
{ \
memset(head, 0, sizeof(*head)); \
memset(&_n##_rb_zero, 0, sizeof(_n##_rb_zero)); \
head->top._f.left = &_n##_rb_zero; \
head->top._f.right = &_n##_rb_zero; \
head->top._f.parent = &head->top; \
_n##_rb_zero._f.left = &_n##_rb_zero; \
_n##_rb_zero._f.right = &_n##_rb_zero; \
_n##_rb_zero._f.parent = &_n##_rb_zero; \
} \
\
void \
_n##_rb_walktree(struct _n##_rb_head *head, _n##_rb_walker_t func, void *arg)\
{ \
_t *prev; \
_t *next; \
_t *node = head->top._f.right; \
_t *base; \
\
while (node != &_n##_rb_zero) \
node = node->_f.left; \
\
for (;;) { \
base = node; \
prev = node; \
while ((node->_f.parent->_f.right == node) && \
(node != &_n##_rb_zero)) { \
prev = node; \
node = node->_f.parent; \
} \
\
node = prev; \
for (node = node->_f.parent->_f.right; node != &_n##_rb_zero;\
node = node->_f.left) \
prev = node; \
next = prev; \
\
if (node != &_n##_rb_zero) \
func(node, arg); \
\
node = next; \
if (node == &_n##_rb_zero) \
break; \
} \
} \
\
_t * \
_n##_rb_search(struct _n##_rb_head *head, void *key) \
{ \
int match; \
_t *node; \
node = head->top._f.right; \
while (node != &_n##_rb_zero) { \
match = _cmp(key, node); \
if (match == 0) \
break; \
if (match< 0) \
node = node->_f.left; \
else \
node = node->_f.right; \
} \
if (node == &_n##_rb_zero || match != 0) \
return (NULL); \
return (node); \
}
#define RBI_DELETE(_n, _h, _v) _n##_rb_delete(_h, _v)
#define RBI_FIELD(_n) struct _n##_rb_link
#define RBI_INIT(_n, _h) _n##_rb_init(_h)
#define RBI_INSERT(_n, _h, _v) _n##_rb_insert(_h, _v)
#define RBI_ISEMPTY(_h) ((_h)->count == 0)
#define RBI_SEARCH(_n, _h, _k) _n##_rb_search(_h, _k)
#define RBI_WALK(_n, _h, _w, _a) _n##_rb_walktree(_h, _w, _a)
#define RBI_ZERO(_n) _n##_rb_zero

View File

@ -1,9 +0,0 @@
y.tab.h
y.output
lex.yy.c
y.tab.c
y.tab.o
lex.yy.o
iplang_y.output
iplang_y.tab.c
iplang_y.tab.h

View File

@ -3,21 +3,20 @@
#
#CC=gcc -Wuninitialized -Wstrict-prototypes -Werror -O
CFLAGS=-I..
CCARGS=$(DEBUG) -I. -I.. $(CFLAGS) -I$(DESTDIR) -I$(DESTDIR)/.. -I../ipsend
all: $(DESTDIR)/iplang_y.o $(DESTDIR)/iplang_l.o
$(DESTDIR)/iplang_y.o: $(DESTDIR)/iplang_y.c
$(CC) $(CCARGS) $(LINUX) -c $(DESTDIR)/iplang_y.c -o $@
$(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/iplang_y.c -o $@
$(DESTDIR)/iplang_l.o: $(DESTDIR)/iplang_l.c
$(CC) $(CCARGS) $(LINUX) -c $(DESTDIR)/iplang_l.c -o $@
$(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/iplang_l.c -o $@
iplang_y.o: iplang_y.c
$(CC) $(CCARGS) $< -o $@
$(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c $< -o $@
iplang_l.o: iplang_l.c
$(CC) $(CCARGS) $< -o $@
$(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c $< -o $@
$(DESTDIR)/iplang_l.c: iplang_l.l $(DESTDIR)/iplang_y.h
lex iplang_l.l

View File

@ -1,7 +1,7 @@
/* $FreeBSD$ */
/*
* Copyright (C) 1997-1998 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/

View File

@ -4,7 +4,7 @@ interface { ifname le0; mtu 1500; } ;
ipv4 {
src 1.1.1.1; dst 2.2.2.2;
tcp {
seq 12345; ack 0; sport 9999; dport 23; flags S;
seq 12345; ack 0; sport 9999; dport 23; flags S;
data { value "abcdef"; } ;
} ;
} ;

View File

@ -2,11 +2,11 @@
%{
/*
* Copyright (C) 1997-1998 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: iplang_l.l,v 2.8 2003/07/28 01:15:31 darrenr Exp $
* $Id$
*/
#include <stdio.h>
#include <string.h>

View File

@ -2,7 +2,7 @@
%{
/*
* Copyright (C) 1997-1998 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
@ -26,17 +26,13 @@
#include <unistd.h>
#include <stddef.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#ifndef linux
# include <netinet/ip_var.h>
#endif
#ifdef __osf__
# include "radix_ipf_local.h"
#endif
#include <net/if.h>
#ifndef linux
# include <net/route.h>
# include <netinet/if_ether.h>
#endif
#include <netdb.h>
@ -605,7 +601,7 @@ struct statetoopt tosecopts[] = {
#ifdef bsdi
struct ether_addr *
ether_aton(s)
char *s;
char *s;
{
static struct ether_addr n;
u_int i[6];
@ -1330,7 +1326,7 @@ void packet_done()
sprintf((char *)t, " ");
t += 8;
for (k = 16; k; k--, s++)
*t++ = (ISPRINT(*s) ? *s : '.');
*t++ = (isprint(*s) ? *s : '.');
s--;
}
@ -1348,7 +1344,7 @@ void packet_done()
t += 7;
s -= j & 0xf;
for (k = j & 0xf; k; k--, s++)
*t++ = (ISPRINT(*s) ? *s : '.');
*t++ = (isprint(*s) ? *s : '.');
*t++ = '\n';
*t = '\0';
}
@ -1840,7 +1836,7 @@ u_long init;
{
u_long sum = init;
int nwords = len >> 1;
for(; nwords > 0; nwords--)
sum += *buf++;
sum = (sum>>16) + (sum & 0xffff);
@ -1855,7 +1851,7 @@ u_int len;
{
u_long sum = 0;
int nwords = len >> 1;
for(; nwords > 0; nwords--)
sum += *buf++;
return sum;

View File

@ -1,22 +1,63 @@
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_fil.h 1.35 6/5/96
* $Id: ipmon.h,v 2.8.2.1 2006/03/21 16:13:31 darrenr Exp $
* $Id$
*/
typedef struct ipmon_msg_s {
int imm_msglen;
char *imm_msg;
int imm_dsize;
void *imm_data;
time_t imm_when;
int imm_loglevel;
} ipmon_msg_t;
typedef struct ipmon_action {
typedef void (*ims_destroy_func_t)(void *);
typedef void *(*ims_dup_func_t)(void *);
typedef int (*ims_match_func_t)(void *, void *);
typedef void *(*ims_parse_func_t)(char **);
typedef void (*ims_print_func_t)(void *);
typedef int (*ims_store_func_t)(void *, ipmon_msg_t *);
typedef struct ipmon_saver_s {
char *ims_name;
ims_destroy_func_t ims_destroy;
ims_dup_func_t ims_dup;
ims_match_func_t ims_match;
ims_parse_func_t ims_parse;
ims_print_func_t ims_print;
ims_store_func_t ims_store;
} ipmon_saver_t;
typedef struct ipmon_saver_int_s {
struct ipmon_saver_int_s *imsi_next;
ipmon_saver_t *imsi_stor;
void *imsi_handle;
} ipmon_saver_int_t;
typedef struct ipmon_doing_s {
struct ipmon_doing_s *ipmd_next;
void *ipmd_token;
ipmon_saver_t *ipmd_saver;
/*
* ipmd_store is "cached" in this structure to avoid a double
* deref when doing saves....
*/
int (*ipmd_store)(void *, ipmon_msg_t *);
} ipmon_doing_t;
typedef struct ipmon_action {
struct ipmon_action *ac_next;
int ac_mflag; /* collection of things to compare */
int ac_dflag; /* flags to compliment the doing fields */
int ac_syslog; /* = 1 to syslog rules. */
char *ac_savefile; /* filename to save log records to */
FILE *ac_savefp;
int ac_logpri;
int ac_direction;
char ac_group[FR_GROUPLEN];
char ac_nattag[16];
@ -28,19 +69,21 @@ typedef struct ipmon_action {
int ac_second;
int ac_result;
u_32_t ac_sip;
u_32_t ac_smsk;
u_32_t ac_smsk;
u_32_t ac_dip;
u_32_t ac_dmsk;
u_32_t ac_dmsk;
u_short ac_sport;
u_short ac_dport;
char *ac_exec; /* execute argument */
char *ac_run; /* actual command that gets run */
char *ac_iface;
/*
* used with ac_packet/ac_second
*/
struct timeval ac_last;
int ac_pktcnt;
/*
* What to do with matches
*/
ipmon_doing_t *ac_doing;
} ipmon_action_t;
#define ac_lastsec ac_last.tv_sec
@ -70,19 +113,18 @@ typedef struct ipmon_action {
#define IPMR_NOMATCH 3
#define IPMR_LOG 4
#define IPMDO_SAVERAW 0x0001
#define OPT_SYSLOG 0x001
#define OPT_RESOLVE 0x002
#define OPT_HEXBODY 0x004
#define OPT_VERBOSE 0x008
#define OPT_HEXHDR 0x010
#define OPT_TAIL 0x020
#define OPT_NAT 0x080
#define OPT_STATE 0x100
#define OPT_FILTER 0x200
#define OPT_PORTNUM 0x400
#define OPT_LOGALL (OPT_NAT|OPT_STATE|OPT_FILTER)
#define IPMON_SYSLOG 0x001
#define IPMON_RESOLVE 0x002
#define IPMON_HEXBODY 0x004
#define IPMON_HEXHDR 0x010
#define IPMON_TAIL 0x020
#define IPMON_VERBOSE 0x040
#define IPMON_NAT 0x080
#define IPMON_STATE 0x100
#define IPMON_FILTER 0x200
#define IPMON_PORTNUM 0x400
#define IPMON_LOGALL (IPMON_NAT|IPMON_STATE|IPMON_FILTER)
#define IPMON_LOGBODY 0x800
#define HOSTNAME_V4(a,b) hostname((a), 4, (u_32_t *)&(b))
@ -90,8 +132,11 @@ typedef struct ipmon_action {
#define LOGFAC LOG_LOCAL0
#endif
extern void dump_config __P((void));
extern int load_config __P((char *));
extern void unload_config __P((void));
extern void dumphex __P((FILE *, int, char *, int));
extern int check_action __P((char *, char *, int, int));
extern char *getword __P((int));
extern int fac_findname __P((char *));
extern void *add_doing __P((ipmon_saver_t *));

View File

@ -1,5 +1,5 @@
#
# Copyright (C) 1993-1998 by Darren Reed.
# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#

View File

@ -34,7 +34,7 @@
#ifndef lint
static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipsd.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
extern char *optarg;
@ -66,7 +66,7 @@ int writes = 0;
int ipcmp(sh1, sh2)
sdhit_t *sh1, *sh2;
sdhit_t *sh1, *sh2;
{
return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr;
}
@ -77,9 +77,9 @@ sdhit_t *sh1, *sh2;
* port.
*/
int findhit(ihp, src, dport)
ipsd_t *ihp;
struct in_addr src;
u_short dport;
ipsd_t *ihp;
struct in_addr src;
u_short dport;
{
int i, j, k;
sdhit_t *sh;
@ -110,8 +110,8 @@ u_short dport;
* interested in.
*/
int detect(ip, tcp)
ip_t *ip;
tcphdr_t *tcp;
ip_t *ip;
tcphdr_t *tcp;
{
ipsd_t *ihp;
sdhit_t *sh;
@ -179,7 +179,7 @@ waiter()
* Write statistics out to a file
*/
writestats(nwrites)
int nwrites;
int nwrites;
{
ipsd_t **ipsd, *ips;
char fname[32];
@ -219,7 +219,7 @@ void writenow()
void usage(prog)
char *prog;
char *prog;
{
fprintf(stderr, "Usage: %s [-d device]\n", prog);
exit(1);
@ -227,7 +227,7 @@ char *prog;
void detecthits(fd, writecount)
int fd, writecount;
int fd, writecount;
{
struct in_addr ip;
int hits = 0;
@ -243,8 +243,8 @@ int fd, writecount;
main(argc, argv)
int argc;
char *argv[];
int argc;
char *argv[];
{
char *name = argv[0], *dev = NULL;
int fd, writeafter = 10000, angelic = 0, c;

View File

@ -35,7 +35,7 @@
#ifndef lint
static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
extern char *optarg;
@ -57,21 +57,21 @@ int pkts;
int ipcmp(sh1, sh2)
sdhit_t *sh1, *sh2;
sdhit_t *sh1, *sh2;
{
return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr;
}
int ssipcmp(sh1, sh2)
ipss_t *sh1, *sh2;
ipss_t *sh1, *sh2;
{
return sh1->ss_ip.s_addr - sh2->ss_ip.s_addr;
}
int countpbits(num)
u_long num;
u_long num;
{
int i, j;
@ -87,9 +87,9 @@ u_long num;
* port.
*/
int findhit(ihp, src, dport)
ipsd_t *ihp;
struct in_addr src;
u_short dport;
ipsd_t *ihp;
struct in_addr src;
u_short dport;
{
int i, j, k;
sdhit_t *sh;
@ -120,9 +120,9 @@ u_short dport;
* interested in.
*/
int detect(srcip, dport, date)
struct in_addr srcip;
u_short dport;
time_t date;
struct in_addr srcip;
u_short dport;
time_t date;
{
ipsd_t *ihp;
sdhit_t *sh;
@ -181,7 +181,7 @@ setuphits()
* Write statistics out to a file
*/
addfile(file)
char *file;
char *file;
{
ipsd_t ipsd, *ips = &ipsd;
sdhit_t hit, *hp;
@ -209,7 +209,7 @@ char *file;
readfiles(dir)
char *dir;
char *dir;
{
struct direct **d;
int i, j;
@ -226,8 +226,8 @@ char *dir;
void printreport(ss, num)
ipss_t *ss;
int num;
ipss_t *ss;
int num;
{
struct in_addr ip;
ipss_t *sp;
@ -301,8 +301,8 @@ collectips()
main(argc, argv)
int argc;
char *argv[];
int argc;
char *argv[];
{
char c, *name = argv[0], *dir = NULL;
int fd;

View File

@ -1,7 +1,7 @@
/* $FreeBSD$ */
/*
* Copyright (C) 1997-1998 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*

View File

@ -68,7 +68,7 @@ static u_int bufsize = 32768, timeout = 1;
int ack_recv(ep)
char *ep;
char *ep;
{
struct tcpiphdr tip;
tcphdr_t *tcp;
@ -89,8 +89,8 @@ char *ep;
int readloop(fd, port, dst)
int fd, port;
struct in_addr dst;
int fd, port;
struct in_addr dst;
{
register u_char *bp, *cp, *bufend;
register struct bpf_hdr *bh;
@ -119,8 +119,8 @@ struct in_addr dst;
}
int initdevice(device, tout)
char *device;
int tout;
char *device;
int tout;
{
struct bpf_program prog;
struct bpf_version bv;

View File

@ -60,7 +60,7 @@ void nullbell()
int ack_recv(ep)
char *ep;
char *ep;
{
struct tcpiphdr tip;
tcphdr_t *tcp;
@ -80,8 +80,8 @@ char *ep;
int readloop(fd, port, dst)
int fd, port;
struct in_addr dst;
int fd, port;
struct in_addr dst;
{
static u_char buf[BUFSPACE];
register u_char *bp, *cp, *bufend;
@ -145,8 +145,8 @@ struct in_addr dst;
}
int initdevice(device, tout)
char *device;
int tout;
char *device;
int tout;
{
struct strioctl si;
struct timeval to;

View File

@ -43,7 +43,7 @@ static char *eth_dev = NULL;
int ack_recv(bp)
char *bp;
char *bp;
{
struct tcpip tip;
tcphdr_t *tcp;
@ -61,8 +61,8 @@ char *bp;
void readloop(fd, port, dst)
int fd, port;
struct in_addr dst;
int fd, port;
struct in_addr dst;
{
static u_char buf[BUFSPACE];
struct sockaddr dest;
@ -102,8 +102,8 @@ struct in_addr dst;
}
int initdevice(dev, tout)
char *dev;
int tout;
char *dev;
int tout;
{
int fd;

View File

@ -55,7 +55,7 @@ static int timeout;
int ack_recv(ep)
char *ep;
char *ep;
{
struct tcpiphdr tip;
struct tcphdr *tcp;
@ -74,8 +74,8 @@ char *ep;
int readloop(fd, dst)
int fd;
struct in_addr dst;
int fd;
struct in_addr dst;
{
static u_char buf[BUFSPACE];
register u_char *bp, *cp, *bufend;
@ -114,8 +114,8 @@ struct in_addr dst;
}
int initdevice(device, tout)
char *device;
int tout;
char *device;
int tout;
{
struct strioctl si;
struct timeval to;

View File

@ -1,3 +0,0 @@
ipsend
ipresend
iptest

View File

@ -13,9 +13,6 @@
#endif
#include <net/if_dl.h>
#include <net/if_types.h>
#if defined(__FreeBSD__)
# include "radix_ipf.h"
#endif
#ifndef __osf__
# include <net/route.h>
#endif
@ -44,7 +41,7 @@
* (4 bytes)
*/
int resolve(host, address)
char *host, *address;
char *host, *address;
{
struct hostent *hp;
u_long add;
@ -66,7 +63,7 @@ char *host, *address;
int arp(addr, eaddr)
char *addr, *eaddr;
char *addr, *eaddr;
{
int mib[6];
size_t needed;

View File

@ -1,5 +1,5 @@
#
# Copyright (C) 1993-1998 by Darren Reed.
# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#

View File

@ -1,8 +0,0 @@
This distribution contains *ONLY* the code required to build the 'ipsend'
directory of programs (including man pages) found in the IP Filter package:
http://coombs.anu.edu.au/~avalon/ip-filter.html
Patches, bugs, etc, please send to:
darrenr@pobox.com

View File

@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.2 2007/02/17 12:41:50 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/types.h>
#include <sys/socket.h>
@ -17,9 +17,6 @@ static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.2 2007/02/17 12:41:50 darren
#include <sys/ioctl.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#ifdef __osf__
# include "radix_ipf_local.h"
#endif
#include <net/if.h>
#include <netinet/if_ether.h>
#ifndef ultrix
@ -42,7 +39,7 @@ static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.2 2007/02/17 12:41:50 darren
* (4 bytes)
*/
int resolve(host, address)
char *host, *address;
char *host, *address;
{
struct hostent *hp;
u_long add;
@ -68,8 +65,8 @@ char *host, *address;
* some BSD program, I cant remember which.
*/
int arp(ip, ether)
char *ip;
char *ether;
char *ip;
char *ether;
{
static int sfd = -1;
static char ethersave[6], ipsave[4];

View File

@ -32,18 +32,18 @@ typedef unsigned long ulong;
#define CASERET(s) case s: return ("s")
char *dlprim();
char *dlstate();
char *dlerrno();
char *dlpromisclevel();
char *dlservicemode();
char *dlstyle();
char *dlmactype();
char *dlprim();
char *dlstate();
char *dlerrno();
char *dlpromisclevel();
char *dlservicemode();
char *dlstyle();
char *dlmactype();
void
dlinforeq(fd)
int fd;
int fd;
{
dl_info_req_t info_req;
struct strbuf ctl;
@ -63,8 +63,8 @@ int fd;
void
dlinfoack(fd, bufp)
int fd;
char *bufp;
int fd;
char *bufp;
{
union DL_primitives *dlp;
struct strbuf ctl;
@ -92,8 +92,8 @@ char *bufp;
void
dlattachreq(fd, ppa)
int fd;
u_long ppa;
int fd;
u_long ppa;
{
dl_attach_req_t attach_req;
struct strbuf ctl;
@ -114,9 +114,9 @@ u_long ppa;
void
dlenabmultireq(fd, addr, length)
int fd;
char *addr;
int length;
int fd;
char *addr;
int length;
{
long buf[MAXDLBUF];
union DL_primitives *dlp;
@ -143,9 +143,9 @@ int length;
void
dldisabmultireq(fd, addr, length)
int fd;
char *addr;
int length;
int fd;
char *addr;
int length;
{
long buf[MAXDLBUF];
union DL_primitives *dlp;
@ -172,8 +172,8 @@ int length;
void
dlpromisconreq(fd, level)
int fd;
u_long level;
int fd;
u_long level;
{
dl_promiscon_req_t promiscon_req;
struct strbuf ctl;
@ -195,8 +195,8 @@ u_long level;
void
dlpromiscoff(fd, level)
int fd;
u_long level;
int fd;
u_long level;
{
dl_promiscoff_req_t promiscoff_req;
struct strbuf ctl;
@ -217,8 +217,8 @@ u_long level;
void
dlphysaddrreq(fd, addrtype)
int fd;
u_long addrtype;
int fd;
u_long addrtype;
{
dl_phys_addr_req_t phys_addr_req;
struct strbuf ctl;
@ -239,9 +239,9 @@ u_long addrtype;
void
dlsetphysaddrreq(fd, addr, length)
int fd;
char *addr;
int length;
int fd;
char *addr;
int length;
{
long buf[MAXDLBUF];
union DL_primitives *dlp;
@ -268,7 +268,7 @@ int length;
void
dldetachreq(fd)
int fd;
int fd;
{
dl_detach_req_t detach_req;
struct strbuf ctl;
@ -288,12 +288,12 @@ int fd;
void
dlbindreq(fd, sap, max_conind, service_mode, conn_mgmt, xidtest)
int fd;
u_long sap;
u_long max_conind;
u_long service_mode;
u_long conn_mgmt;
u_long xidtest;
int fd;
u_long sap;
u_long max_conind;
u_long service_mode;
u_long conn_mgmt;
u_long xidtest;
{
dl_bind_req_t bind_req;
struct strbuf ctl;
@ -318,12 +318,12 @@ u_long xidtest;
void
dlunitdatareq(fd, addrp, addrlen, minpri, maxpri, datap, datalen)
int fd;
u_char *addrp;
int addrlen;
u_long minpri, maxpri;
u_char *datap;
int datalen;
int fd;
u_char *addrp;
int addrlen;
u_long minpri, maxpri;
u_char *datap;
int datalen;
{
long buf[MAXDLBUF];
union DL_primitives *dlp;
@ -353,7 +353,7 @@ int datalen;
void
dlunbindreq(fd)
int fd;
int fd;
{
dl_unbind_req_t unbind_req;
struct strbuf ctl;
@ -373,8 +373,8 @@ int fd;
void
dlokack(fd, bufp)
int fd;
char *bufp;
int fd;
char *bufp;
{
union DL_primitives *dlp;
struct strbuf ctl;
@ -402,8 +402,8 @@ char *bufp;
void
dlerrorack(fd, bufp)
int fd;
char *bufp;
int fd;
char *bufp;
{
union DL_primitives *dlp;
struct strbuf ctl;
@ -431,8 +431,8 @@ char *bufp;
void
dlbindack(fd, bufp)
int fd;
char *bufp;
int fd;
char *bufp;
{
union DL_primitives *dlp;
struct strbuf ctl;
@ -457,8 +457,8 @@ char *bufp;
void
dlphysaddrack(fd, bufp)
int fd;
char *bufp;
int fd;
char *bufp;
{
union DL_primitives *dlp;
struct strbuf ctl;
@ -488,10 +488,10 @@ sigalrm()
}
strgetmsg(fd, ctlp, datap, flagsp, caller)
int fd;
struct strbuf *ctlp, *datap;
int *flagsp;
char *caller;
int fd;
struct strbuf *ctlp, *datap;
int *flagsp;
char *caller;
{
int rc;
static char errmsg[80];
@ -540,8 +540,8 @@ char *caller;
}
expecting(prim, dlp)
int prim;
union DL_primitives *dlp;
int prim;
union DL_primitives *dlp;
{
if (dlp->dl_primitive != (u_long)prim) {
printdlprim(dlp);
@ -555,7 +555,7 @@ union DL_primitives *dlp;
* Print any DLPI msg in human readable format.
*/
printdlprim(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
switch (dlp->dl_primitive) {
case DL_INFO_REQ:
@ -659,13 +659,13 @@ union DL_primitives *dlp;
/* ARGSUSED */
printdlinforeq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
(void) printf("DL_INFO_REQ\n");
}
printdlinfoack(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char addr[MAXDLADDR];
u_char brdcst[MAXDLADDR];
@ -702,21 +702,21 @@ union DL_primitives *dlp;
}
printdlattachreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
(void) printf("DL_ATTACH_REQ: ppa %d\n",
dlp->attach_req.dl_ppa);
}
printdlokack(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
(void) printf("DL_OK_ACK: correct_primitive %s\n",
dlprim(dlp->ok_ack.dl_correct_primitive));
}
printdlerrorack(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
(void) printf("DL_ERROR_ACK: error_primitive %s errno %s unix_errno %d: %s\n",
dlprim(dlp->error_ack.dl_error_primitive),
@ -726,7 +726,7 @@ union DL_primitives *dlp;
}
printdlenabmultireq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char addr[MAXDLADDR];
@ -740,7 +740,7 @@ union DL_primitives *dlp;
}
printdldisabmultireq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char addr[MAXDLADDR];
@ -754,28 +754,28 @@ union DL_primitives *dlp;
}
printdlpromisconreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
(void) printf("DL_PROMISCON_REQ: level %s\n",
dlpromisclevel(dlp->promiscon_req.dl_level));
}
printdlpromiscoffreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
(void) printf("DL_PROMISCOFF_REQ: level %s\n",
dlpromisclevel(dlp->promiscoff_req.dl_level));
}
printdlphysaddrreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
(void) printf("DL_PHYS_ADDR_REQ: addr_type 0x%x\n",
dlp->physaddr_req.dl_addr_type);
}
printdlphysaddrack(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char addr[MAXDLADDR];
@ -789,7 +789,7 @@ union DL_primitives *dlp;
}
printdlsetphysaddrreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char addr[MAXDLADDR];
@ -804,13 +804,13 @@ union DL_primitives *dlp;
/* ARGSUSED */
printdldetachreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
(void) printf("DL_DETACH_REQ\n");
}
printdlbindreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
(void) printf("DL_BIND_REQ: sap %d max_conind %d\n",
dlp->bind_req.dl_sap,
@ -822,7 +822,7 @@ union DL_primitives *dlp;
}
printdlbindack(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char addr[MAXDLADDR];
@ -841,13 +841,13 @@ union DL_primitives *dlp;
/* ARGSUSED */
printdlunbindreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
(void) printf("DL_UNBIND_REQ\n");
}
printdlsubsbindreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char sap[MAXDLADDR];
@ -861,7 +861,7 @@ union DL_primitives *dlp;
}
printdlsubsbindack(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char sap[MAXDLADDR];
@ -875,7 +875,7 @@ union DL_primitives *dlp;
}
printdlsubsunbindreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char sap[MAXDLADDR];
@ -889,7 +889,7 @@ union DL_primitives *dlp;
}
printdlunitdatareq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char addr[MAXDLADDR];
@ -906,7 +906,7 @@ union DL_primitives *dlp;
}
printdlunitdataind(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char dest[MAXDLADDR];
u_char src[MAXDLADDR];
@ -929,7 +929,7 @@ union DL_primitives *dlp;
}
printdluderrorind(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char addr[MAXDLADDR];
@ -946,7 +946,7 @@ union DL_primitives *dlp;
}
printdltestreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char addr[MAXDLADDR];
@ -961,7 +961,7 @@ union DL_primitives *dlp;
}
printdltestind(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char dest[MAXDLADDR];
u_char src[MAXDLADDR];
@ -983,7 +983,7 @@ union DL_primitives *dlp;
}
printdltestres(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char dest[MAXDLADDR];
@ -998,7 +998,7 @@ union DL_primitives *dlp;
}
printdltestcon(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char dest[MAXDLADDR];
u_char src[MAXDLADDR];
@ -1020,7 +1020,7 @@ union DL_primitives *dlp;
}
printdlxidreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char dest[MAXDLADDR];
@ -1035,7 +1035,7 @@ union DL_primitives *dlp;
}
printdlxidind(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char dest[MAXDLADDR];
u_char src[MAXDLADDR];
@ -1057,7 +1057,7 @@ union DL_primitives *dlp;
}
printdlxidres(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char dest[MAXDLADDR];
@ -1072,7 +1072,7 @@ union DL_primitives *dlp;
}
printdlxidcon(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
u_char dest[MAXDLADDR];
u_char src[MAXDLADDR];
@ -1094,7 +1094,7 @@ union DL_primitives *dlp;
}
printdludqosreq(dlp)
union DL_primitives *dlp;
union DL_primitives *dlp;
{
(void) printf("DL_UDQOS_REQ: qos_length %d qos_offset %d\n",
dlp->udqos_req.dl_qos_length,
@ -1105,9 +1105,9 @@ union DL_primitives *dlp;
* Return string.
*/
addrtostring(addr, length, s)
u_char *addr;
u_long length;
u_char *s;
u_char *addr;
u_long length;
u_char *s;
{
int i;
@ -1123,8 +1123,8 @@ u_char *s;
* Return length
*/
stringtoaddr(sp, addr)
char *sp;
char *addr;
char *sp;
char *addr;
{
int n = 0;
char *p;
@ -1140,14 +1140,14 @@ char *addr;
n++;
p = NULL;
}
return (n);
}
static char
hexnibble(c)
char c;
char c;
{
static char hextab[] = {
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
@ -1159,7 +1159,7 @@ char c;
char*
dlprim(prim)
u_long prim;
u_long prim;
{
static char primbuf[80];
@ -1200,7 +1200,7 @@ u_long prim;
char*
dlstate(state)
u_long state;
u_long state;
{
static char statebuf[80];
@ -1234,7 +1234,7 @@ u_long state;
char*
dlerrno(errno)
u_long errno;
u_long errno;
{
static char errnobuf[80];
@ -1276,7 +1276,7 @@ u_long errno;
char*
dlpromisclevel(level)
u_long level;
u_long level;
{
static char levelbuf[80];
@ -1292,7 +1292,7 @@ u_long level;
char*
dlservicemode(servicemode)
u_long servicemode;
u_long servicemode;
{
static char servicemodebuf[80];
@ -1309,7 +1309,7 @@ u_long servicemode;
char*
dlstyle(style)
long style;
long style;
{
static char stylebuf[80];
@ -1324,7 +1324,7 @@ long style;
char*
dlmactype(media)
u_long media;
u_long media;
{
static char mediabuf[80];
@ -1345,8 +1345,8 @@ u_long media;
/*VARARGS1*/
err(fmt, a1, a2, a3, a4)
char *fmt;
char *a1, *a2, *a3, *a4;
char *fmt;
char *a1, *a2, *a3, *a4;
{
(void) fprintf(stderr, fmt, a1, a2, a3, a4);
(void) fprintf(stderr, "\n");
@ -1354,18 +1354,18 @@ char *a1, *a2, *a3, *a4;
}
syserr(s)
char *s;
char *s;
{
(void) perror(s);
exit(1);
}
strioctl(fd, cmd, timout, len, dp)
int fd;
int cmd;
int timout;
int len;
char *dp;
int fd;
int cmd;
int timout;
int len;
char *dp;
{
struct strioctl sioc;
int rc;

View File

@ -1,114 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1997-1998 Darren Reed. (from tcplog)
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
#include <stdio.h>
#include <strings.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
int initdevice(device, sport, tout)
char *device;
int sport, tout;
{
int fd;
if ((fd = socket(AF_DLI, SOCK_RAW, 0)) == -1)
perror("socket");
return fd;
}
/*
* output an IP packet onto a fd opened for /dev/bpf
*/
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
{
if (send(fd, pkt, len, 0) == -1)
{
perror("send");
return -1;
}
return len;
}
char *strdup(str)
char *str;
{
char *s;
if ((s = (char *)malloc(strlen(str) + 1)))
return strcpy(s, str);
return NULL;
}
/*
* (C)opyright 1997 Darren Reed. (from tcplog)
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
#include <stdio.h>
#include <strings.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
int initdevice(device, sport, tout)
char *device;
int sport, tout;
{
int fd;
if ((fd = socket(AF_DLI, SOCK_RAW, 0)) == -1)
perror("socket");
return fd;
}
/*
* output an IP packet onto a fd opened for /dev/bpf
*/
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
{
if (send(fd, pkt, len, 0) == -1)
{
perror("send");
return -1;
}
return len;
}
char *strdup(str)
char *str;
{
char *s;
if ((s = (char *)malloc(strlen(str) + 1)))
return strcpy(s, str);
return NULL;
}

View File

@ -1,179 +0,0 @@
/* $FreeBSD$ */
/* @(#)in_var.h 1.3 88/08/19 SMI; from UCB 7.1 6/5/86 */
/*
* Copyright (c) 1985, 1986 Regents of the University of California.
* All rights reserved. The Berkeley software License Agreement
* specifies the terms and conditions for redistribution.
*/
/*
* Interface address, Internet version. One of these structures
* is allocated for each interface with an Internet address.
* The ifaddr structure contains the protocol-independent part
* of the structure and is assumed to be first.
*/
#ifndef _netinet_in_var_h
#define _netinet_in_var_h
struct in_ifaddr {
struct ifaddr ia_ifa; /* protocol-independent info */
#define ia_addr ia_ifa.ifa_addr
#define ia_broadaddr ia_ifa.ifa_broadaddr
#define ia_dstaddr ia_ifa.ifa_dstaddr
#define ia_ifp ia_ifa.ifa_ifp
u_long ia_net; /* network number of interface */
u_long ia_netmask; /* mask of net part */
u_long ia_subnet; /* subnet number, including net */
u_long ia_subnetmask; /* mask of net + subnet */
struct in_addr ia_netbroadcast; /* broadcast addr for (logical) net */
int ia_flags;
struct in_ifaddr *ia_next; /* next in list of internet addresses */
struct in_multi *ia_multiaddrs;/* list of multicast addresses */
};
/*
* Given a pointer to an in_ifaddr (ifaddr),
* return a pointer to the addr as a sockadd_in.
*/
#define IA_SIN(ia) ((struct sockaddr_in *)(&((struct in_ifaddr *)ia)->ia_addr))
/*
* ia_flags
*/
#define IFA_ROUTE 0x01 /* routing entry installed */
#ifdef KERNEL
struct in_ifaddr *in_ifaddr;
struct in_ifaddr *in_iaonnetof();
struct ifqueue ipintrq; /* ip packet input queue */
#endif
#ifdef KERNEL
/*
* Macro for finding the interface (ifnet structure) corresponding to one
* of our IP addresses.
*/
#define INADDR_TO_IFP(addr, ifp) \
/* struct in_addr addr; */ \
/* struct ifnet *ifp; */ \
{ \
register struct in_ifaddr *ia; \
\
for (ia = in_ifaddr; \
ia != NULL && IA_SIN(ia)->sin_addr.s_addr != (addr).s_addr; \
ia = ia->ia_next); \
(ifp) = (ia == NULL) ? NULL : ia->ia_ifp; \
}
/*
* Macro for finding the internet address structure (in_ifaddr) corresponding
* to a given interface (ifnet structure).
*/
#define IFP_TO_IA(ifp, ia) \
/* struct ifnet *ifp; */ \
/* struct in_ifaddr *ia; */ \
{ \
for ((ia) = in_ifaddr; \
(ia) != NULL && (ia)->ia_ifp != (ifp); \
(ia) = (ia)->ia_next); \
}
#endif /* KERNEL */
/*
* Per-interface router version information is kept in this list.
* This information should be part of the ifnet structure but we don't wish
* to change that - as it might break a number of things
*/
struct router_info {
struct ifnet *ifp;
int type; /* type of router which is querier on this interface */
int time; /* # of slow timeouts since last old query */
struct router_info *next;
};
/*
* Internet multicast address structure. There is one of these for each IP
* multicast group to which this host belongs on a given network interface.
* They are kept in a linked list, rooted in the interface's in_ifaddr
* structure.
*/
struct in_multi {
struct in_addr inm_addr; /* IP multicast address */
struct ifnet *inm_ifp; /* back pointer to ifnet */
struct in_ifaddr *inm_ia; /* back pointer to in_ifaddr */
u_int inm_refcount;/* no. membership claims by sockets */
u_int inm_timer; /* IGMP membership report timer */
struct in_multi *inm_next; /* ptr to next multicast address */
u_int inm_state; /* state of the membership */
struct router_info *inm_rti; /* router info*/
};
#ifdef KERNEL
/*
* Structure used by macros below to remember position when stepping through
* all of the in_multi records.
*/
struct in_multistep {
struct in_ifaddr *i_ia;
struct in_multi *i_inm;
};
/*
* Macro for looking up the in_multi record for a given IP multicast address
* on a given interface. If no matching record is found, "inm" returns NULL.
*/
#define IN_LOOKUP_MULTI(addr, ifp, inm) \
/* struct in_addr addr; */ \
/* struct ifnet *ifp; */ \
/* struct in_multi *inm; */ \
{ \
register struct in_ifaddr *ia; \
\
IFP_TO_IA((ifp), ia); \
if (ia == NULL) \
(inm) = NULL; \
else \
for ((inm) = ia->ia_multiaddrs; \
(inm) != NULL && (inm)->inm_addr.s_addr != (addr).s_addr; \
(inm) = inm->inm_next); \
}
/*
* Macro to step through all of the in_multi records, one at a time.
* The current position is remembered in "step", which the caller must
* provide. IN_FIRST_MULTI(), below, must be called to initialize "step"
* and get the first record. Both macros return a NULL "inm" when there
* are no remaining records.
*/
#define IN_NEXT_MULTI(step, inm) \
/* struct in_multistep step; */ \
/* struct in_multi *inm; */ \
{ \
if (((inm) = (step).i_inm) != NULL) { \
(step).i_inm = (inm)->inm_next; \
} \
else while ((step).i_ia != NULL) { \
(inm) = (step).i_ia->ia_multiaddrs; \
(step).i_ia = (step).i_ia->ia_next; \
if ((inm) != NULL) { \
(step).i_inm = (inm)->inm_next; \
break; \
} \
} \
}
#define IN_FIRST_MULTI(step, inm) \
/* struct in_multistep step; */ \
/* struct in_multi *inm; */ \
{ \
(step).i_ia = in_ifaddr; \
(step).i_inm = NULL; \
IN_NEXT_MULTI((step), (inm)); \
}
struct in_multi *in_addmulti();
#endif /* KERNEL */
#endif /*!_netinet_in_var_h*/

View File

@ -7,20 +7,18 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995";
static const char rcsid[] = "@(#)$Id: ip.c,v 2.8.2.2 2007/02/17 12:41:51 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <sys/socket.h>
#ifdef __osf__
# include "radix_ipf_local.h"
#endif
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <sys/param.h>
#ifndef linux
# include <net/route.h>
# include <netinet/if_ether.h>
# include <netinet/ip_var.h>
# if __FreeBSD_version >= 300000
@ -39,8 +37,8 @@ static char *ipbuf = NULL, *ethbuf = NULL;
u_short chksum(buf,len)
u_short *buf;
int len;
u_short *buf;
int len;
{
u_long sum = 0;
int nwords = len >> 1;
@ -54,9 +52,9 @@ int len;
int send_ether(nfd, buf, len, gwip)
int nfd, len;
char *buf;
struct in_addr gwip;
int nfd, len;
char *buf;
struct in_addr gwip;
{
static struct in_addr last_gw;
static char last_arp[6] = { 0, 0, 0, 0, 0, 0};
@ -89,10 +87,10 @@ struct in_addr gwip;
/*
*/
int send_ip(nfd, mtu, ip, gwip, frag)
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
int frag;
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
int frag;
{
static struct in_addr last_gw, local_ip;
static char local_arp[6] = { 0, 0, 0, 0, 0, 0};
@ -250,9 +248,9 @@ int frag;
* send a tcp packet.
*/
int send_tcp(nfd, mtu, ip, gwip)
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
{
static tcp_seq iss = 2;
tcphdr_t *t, *t2;
@ -303,9 +301,9 @@ struct in_addr gwip;
* send a udp packet.
*/
int send_udp(nfd, mtu, ip, gwip)
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
{
struct tcpiphdr *ti;
int thlen;
@ -335,9 +333,9 @@ struct in_addr gwip;
* send an icmp packet.
*/
int send_icmp(nfd, mtu, ip, gwip)
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
{
struct icmp *ic;
@ -351,9 +349,9 @@ struct in_addr gwip;
int send_packet(nfd, mtu, ip, gwip)
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
int nfd, mtu;
ip_t *ip;
struct in_addr gwip;
{
switch (ip->ip_p)
{

View File

@ -1,125 +0,0 @@
/* $FreeBSD$ */
/* @(#)ip_var.h 1.11 88/08/19 SMI; from UCB 7.1 6/5/86 */
/*
* Copyright (c) 1982, 1986 Regents of the University of California.
* All rights reserved. The Berkeley software License Agreement
* specifies the terms and conditions for redistribution.
*/
/*
* Overlay for ip header used by other protocols (tcp, udp).
*/
#ifndef _netinet_ip_var_h
#define _netinet_ip_var_h
struct ipovly {
caddr_t ih_next, ih_prev; /* for protocol sequence q's */
u_char ih_x1; /* (unused) */
u_char ih_pr; /* protocol */
short ih_len; /* protocol length */
struct in_addr ih_src; /* source internet address */
struct in_addr ih_dst; /* destination internet address */
};
/*
* Ip reassembly queue structure. Each fragment
* being reassembled is attached to one of these structures.
* They are timed out after ipq_ttl drops to 0, and may also
* be reclaimed if memory becomes tight.
*/
struct ipq {
struct ipq *next,*prev; /* to other reass headers */
u_char ipq_ttl; /* time for reass q to live */
u_char ipq_p; /* protocol of this fragment */
u_short ipq_id; /* sequence id for reassembly */
struct ipasfrag *ipq_next,*ipq_prev;
/* to ip headers of fragments */
struct in_addr ipq_src,ipq_dst;
};
/*
* Ip header, when holding a fragment.
*
* Note: ipf_next must be at same offset as ipq_next above
*/
struct ipasfrag {
#if defined(vax) || defined(i386)
u_char ip_hl:4,
ip_v:4;
#endif
#if defined(mc68000) || defined(sparc)
u_char ip_v:4,
ip_hl:4;
#endif
u_char ipf_mff; /* copied from (ip_off&IP_MF) */
short ip_len;
u_short ip_id;
short ip_off;
u_char ip_ttl;
u_char ip_p;
u_short ip_sum;
struct ipasfrag *ipf_next; /* next fragment */
struct ipasfrag *ipf_prev; /* previous fragment */
};
/*
* Structure stored in mbuf in inpcb.ip_options
* and passed to ip_output when ip options are in use.
* The actual length of the options (including ipopt_dst)
* is in m_len.
*/
#define MAX_IPOPTLEN 40
struct ipoption {
struct in_addr ipopt_dst; /* first-hop dst if source routed */
char ipopt_list[MAX_IPOPTLEN]; /* options proper */
};
/*
* Structure stored in an mbuf attached to inpcb.ip_moptions and
* passed to ip_output when IP multicast options are in use.
*/
struct ip_moptions {
struct ifnet *imo_multicast_ifp; /* ifp for outgoing multicasts */
u_char imo_multicast_ttl; /* TTL for outgoing multicasts */
u_char imo_multicast_loop; /* 1 => hear sends if a member */
u_short imo_num_memberships;/* no. memberships this socket */
struct in_multi *imo_membership[IP_MAX_MEMBERSHIPS];
#ifdef RSVP_ISI
long imo_multicast_vif; /* vif for outgoing multicasts */
#endif /* RSVP_ISI */
};
struct ipstat {
long ips_total; /* total packets received */
long ips_badsum; /* checksum bad */
long ips_tooshort; /* packet too short */
long ips_toosmall; /* not enough data */
long ips_badhlen; /* ip header length < data size */
long ips_badlen; /* ip length < ip header length */
long ips_fragments; /* fragments received */
long ips_fragdropped; /* frags dropped (dups, out of space) */
long ips_fragtimeout; /* fragments timed out */
long ips_forward; /* packets forwarded */
long ips_cantforward; /* packets rcvd for unreachable dest */
long ips_redirectsent; /* packets forwarded on same net */
};
#ifdef KERNEL
/* flags passed to ip_output as last parameter */
#define IP_FORWARDING 0x1 /* most of ip header exists */
#define IP_MULTICASTOPTS 0x2 /* multicast opts present */
#define IP_ROUTETOIF SO_DONTROUTE /* bypass routing tables */
#define IP_ALLOWBROADCAST SO_BROADCAST /* can send broadcast packets */
struct ipstat ipstat;
struct ipq ipq; /* ip reass. queue */
u_short ip_id; /* ip packet ctr, for ids */
struct mbuf *ip_srcroute();
#endif
#endif /*!_netinet_ip_var_h*/

View File

@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
@ -32,7 +32,7 @@ static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darre
extern char *optarg;
extern int optind;
#ifndef NO_IPF
extern struct ipread snoop, pcap, etherf, iphex, tcpd, iptext;
extern struct ipread pcap, iphex, iptext;
#endif
int opts = 0;
@ -68,7 +68,7 @@ int main __P((int, char **));
static void usage(prog)
char *prog;
char *prog;
{
fprintf(stderr, "Usage: %s [options] <-r filename|-R filename>\n\
\t\t-r filename\tsnoop data file to resend\n\
@ -83,8 +83,8 @@ char *prog;
int main(argc, argv)
int argc;
char **argv;
int argc;
char **argv;
{
struct in_addr gwip;
struct ipread *ipr = NULL;
@ -115,21 +115,12 @@ char **argv;
opts |= OPT_RAW;
break;
#ifndef NO_IPF
case 'E' :
ipr = &etherf;
break;
case 'H' :
ipr = &iphex;
break;
case 'P' :
ipr = &pcap;
break;
case 'S' :
ipr = &snoop;
break;
case 'T' :
ipr = &tcpd;
break;
case 'X' :
ipr = &iptext;
break;

View File

@ -123,7 +123,7 @@ be adjusted to accommodate data or further protocol headers.
sets the fragment offset field of the IP packet. Default is 0.
.TP
.B ttl <number>
sets the time to live (TTL) field of the IP header. Default is 60.
sets the time to live (TTL) field of the IP header. Default is 60.
.TP
.B proto <protocol>
sets the protocol field of the IP header. The protocol can either be a

View File

@ -6,7 +6,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.8.2.3 2006/03/17 13:45:34 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
@ -67,7 +67,7 @@ int main __P((int, char **));
static void usage(prog)
char *prog;
char *prog;
{
fprintf(stderr, "Usage: %s [options] dest [flags]\n\
\toptions:\n\
@ -96,8 +96,8 @@ char *prog;
static void do_icmp(ip, args)
ip_t *ip;
char *args;
ip_t *ip;
char *args;
{
struct icmp *ic;
char *s;
@ -147,10 +147,10 @@ char *args;
int send_packets(dev, mtu, ip, gwip)
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
{
int wfd;
@ -193,8 +193,8 @@ udpcksum(ip_t *ip, struct udphdr *udp, int len)
}
int main(argc, argv)
int argc;
char **argv;
int argc;
char **argv;
{
FILE *langfile = NULL;
struct in_addr gwip;

View File

@ -29,7 +29,9 @@
#ifdef linux
#include <linux/sockios.h>
#endif
#include "tcpip.h"
/* XXX: The following is needed by tcpip.h */
#include <netinet/ip_var.h>
#include "netinet/tcpip.h"
#include "ipt.h"
extern int resolve __P((char *, char *));

View File

@ -1,14 +1,14 @@
/* $FreeBSD$ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.4.4.1 2004/03/23 12:58:05 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
@ -62,7 +62,7 @@ struct ipopt_names secnames[] = {
u_short ipseclevel(slevel)
char *slevel;
char *slevel;
{
struct ipopt_names *so;
@ -79,10 +79,10 @@ char *slevel;
int addipopt(op, io, len, class)
char *op;
struct ipopt_names *io;
int len;
char *class;
char *op;
struct ipopt_names *io;
int len;
char *class;
{
struct in_addr ipadr;
int olen = len, srr = 0;
@ -150,8 +150,8 @@ char *class;
u_32_t buildopts(cp, op, len)
char *cp, *op;
int len;
char *cp, *op;
int len;
{
struct ipopt_names *io;
u_32_t msk = 0;

View File

@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: iptest.c,v 2.6 2004/01/08 13:34:31 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
@ -63,7 +63,7 @@ int main __P((int, char **));
static void usage(prog)
char *prog;
char *prog;
{
fprintf(stderr, "Usage: %s [options] dest\n\
\toptions:\n\
@ -85,8 +85,8 @@ char *prog;
int main(argc, argv)
int argc;
char **argv;
int argc;
char **argv;
{
struct tcpiphdr *ti;
struct in_addr gwip;

View File

@ -1,14 +1,14 @@
/* $FreeBSD$ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.9 2007/09/13 07:19:34 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
@ -22,7 +22,7 @@ typedef int boolean_t;
#endif
#include <sys/time.h>
#if !defined(__osf__)
# ifdef __NetBSD__
# ifdef __NetBSD__
# include <machine/lock.h>
# include <machine/mutex.h>
# endif
@ -52,8 +52,9 @@ typedef int boolean_t;
#endif
#if defined(solaris)
# include <sys/stream.h>
#else
# include <sys/socketvar.h>
#endif
#include <sys/socketvar.h>
#ifdef sun
#include <sys/systm.h>
#include <sys/session.h>
@ -68,9 +69,6 @@ typedef int boolean_t;
#ifdef __hpux
# define _NET_ROUTE_INCLUDED
#endif
#ifdef __osf__
# include "radix_ipf_local.h"
#endif
#include <net/if.h>
#if defined(linux) && (LINUX >= 0200)
# include <asm/atomic.h>
@ -79,7 +77,9 @@ typedef int boolean_t;
# if defined(__FreeBSD__)
# include "radix_ipf.h"
# endif
# include <net/route.h>
# if !defined(solaris)
# include <net/route.h>
# endif
#else
# define __KERNEL__ /* because there's a macro not wrapped by this */
# include <net/route.h> /* in this file :-/ */
@ -87,12 +87,6 @@ typedef int boolean_t;
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
#if !defined(linux)
# include <netinet/ip_var.h>
# if !defined(__hpux)
# include <netinet/in_pcb.h>
# endif
#endif
#if defined(__SVR4) || defined(__svr4__) || defined(__sgi)
# include <sys/sysmacros.h>
#endif
@ -103,6 +97,12 @@ typedef int boolean_t;
#ifdef __hpux
# undef _NET_ROUTE_INCLUDED
#endif
#if !defined(linux)
# include <netinet/ip_var.h>
# if !defined(__hpux) && !defined(solaris)
# include <netinet/in_pcb.h>
# endif
#endif
#include "ipsend.h"
#if !defined(linux) && !defined(__hpux)
# include <netinet/tcp_timer.h>
@ -123,11 +123,11 @@ typedef int boolean_t;
void ip_test1(dev, mtu, ip, gwip, ptest)
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
{
#ifdef USE_NANOSLEEP
struct timespec ts;
@ -474,11 +474,11 @@ int ptest;
void ip_test2(dev, mtu, ip, gwip, ptest)
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
{
#ifdef USE_NANOSLEEP
struct timespec ts;
@ -570,11 +570,11 @@ int ptest;
* test 3 (ICMP)
*/
void ip_test3(dev, mtu, ip, gwip, ptest)
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
{
static int ict1[10] = { 8, 9, 10, 13, 14, 15, 16, 17, 18, 0 };
static int ict2[8] = { 3, 9, 10, 13, 14, 17, 18, 0 };
@ -771,11 +771,11 @@ int ptest;
/* Perform test 4 (UDP) */
void ip_test4(dev, mtu, ip, gwip, ptest)
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
{
#ifdef USE_NANOSLEEP
struct timespec ts;
@ -936,11 +936,11 @@ int ptest;
/* Perform test 5 (TCP) */
void ip_test5(dev, mtu, ip, gwip, ptest)
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
{
#ifdef USE_NANOSLEEP
struct timespec ts;
@ -1286,11 +1286,11 @@ int ptest;
/* Perform test 6 (exhaust mbuf test) */
void ip_test6(dev, mtu, ip, gwip, ptest)
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
{
#ifdef USE_NANOSLEEP
struct timespec ts;
@ -1368,11 +1368,11 @@ int ptest;
static u_long tbuf[64];
void ip_test7(dev, mtu, ip, gwip, ptest)
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
char *dev;
int mtu;
ip_t *ip;
struct in_addr gwip;
int ptest;
{
ip_t *pip;
#ifdef USE_NANOSLEEP

View File

@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)larp.c 1.1 8/19/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
@ -30,7 +30,7 @@ static const char rcsid[] = "@(#)$Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr E
* (4 bytes)
*/
int resolve(host, address)
char *host, *address;
char *host, *address;
{
struct hostent *hp;
u_long add;
@ -56,8 +56,8 @@ char *host, *address;
* some BSD program, I cant remember which.
*/
int arp(ip, ether)
char *ip;
char *ether;
char *ip;
char *ether;
{
static int s = -1;
struct arpreq ar;

View File

@ -1,7 +1,7 @@
/* $FreeBSD$ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* This code may be freely distributed as long as it retains this notice
* and is not changed in any way. The author accepts no responsibility

View File

@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: lsock.c,v 2.3.4.1 2006/03/17 13:45:34 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <stdio.h>
#include <unistd.h>
@ -66,9 +66,9 @@ struct task_struct *proc;
#endif
int kmemcpy(buf, pos, n)
char *buf;
void *pos;
int n;
char *buf;
void *pos;
int n;
{
static int kfd = -1;
@ -150,8 +150,8 @@ struct task_struct *getproc()
struct sock *find_tcp(fd, ti)
int fd;
struct tcpiphdr *ti;
int fd;
struct tcpiphdr *ti;
{
struct sock *s;
struct inode *i;
@ -189,10 +189,10 @@ struct tcpiphdr *ti;
}
int do_socket(dev, mtu, ti, gwip)
char *dev;
int mtu;
struct tcpiphdr *ti;
struct in_addr gwip;
char *dev;
int mtu;
struct tcpiphdr *ti;
struct in_addr gwip;
{
struct sockaddr_in rsin, lsin;
struct sock *s, sk;

View File

@ -8,15 +8,12 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: resend.c,v 2.8.2.3 2007/02/17 12:41:51 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#ifdef __osf__
# include "radix_ipf_local.h"
#endif
#include <net/if.h>
#include <netinet/in.h>
#include <arpa/inet.h>
@ -38,12 +35,11 @@ static const char rcsid[] = "@(#)$Id: resend.c,v 2.8.2.3 2007/02/17 12:41:51 dar
extern int opts;
static u_char pbuf[65536]; /* 1 big packet */
void printpacket __P((ip_t *));
void dumppacket __P((ip_t *));
void printpacket(ip)
ip_t *ip;
void dumppacket(ip)
ip_t *ip;
{
tcphdr_t *t;
int i, j;
@ -73,16 +69,17 @@ ip_t *ip;
int ip_resend(dev, mtu, r, gwip, datain)
char *dev;
int mtu;
struct in_addr gwip;
struct ipread *r;
char *datain;
char *dev;
int mtu;
struct in_addr gwip;
struct ipread *r;
char *datain;
{
ether_header_t *eh;
char dhost[6];
ip_t *ip;
int fd, wfd = initdevice(dev, 5), len, i;
mb_t mb;
if (wfd == -1)
return -1;
@ -95,7 +92,7 @@ char *datain;
if (fd < 0)
exit(-1);
ip = (struct ip *)pbuf;
ip = (struct ip *)mb.mb_buf;
eh = (ether_header_t *)malloc(sizeof(*eh));
if(!eh)
{
@ -111,7 +108,7 @@ char *datain;
return -2;
}
while ((i = (*r->r_readip)((char *)pbuf, sizeof(pbuf), NULL, NULL)) > 0)
while ((i = (*r->r_readip)(&mb, NULL, NULL)) > 0)
{
if (!(opts & OPT_RAW)) {
len = ntohs(ip->ip_len);
@ -131,9 +128,9 @@ char *datain;
IP_HL(ip) << 2);
bcopy(ip, (char *)(eh + 1), len);
len += sizeof(*eh);
printpacket(ip);
dumppacket(ip);
} else {
eh = (ether_header_t *)pbuf;
eh = (ether_header_t *)mb.mb_buf;
len = i;
}

View File

@ -26,7 +26,8 @@
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <stdio.h>
#include <netdb.h>
@ -44,7 +45,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: sbpf.c,v 2.5.4.1 2006/03/21 16:32:58 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
/*
@ -55,8 +56,8 @@ static int bufsize = 0, timeout = 1;
int initdevice(device, tout)
char *device;
int tout;
char *device;
int tout;
{
struct bpf_version bv;
struct timeval to;
@ -139,9 +140,9 @@ int tout;
* output an IP packet onto a fd opened for /dev/bpf
*/
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
{
int fd, len;
char *pkt;
{
if (write(fd, pkt, len) == -1)
{
perror("send");

View File

@ -27,7 +27,6 @@
#endif
#ifdef __osf__
# include <sys/dlpihdr.h>
# include "radix_ipf_local.h"
#else
# include <sys/dlpi.h>
#endif
@ -49,7 +48,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.8.2.2 2007/02/17 12:41:51 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#define CHUNKSIZE 8192
@ -61,8 +60,8 @@ static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.8.2.2 2007/02/17 12:41:51 darr
* interface are included in the header size.
*/
int initdevice(device, tout)
char *device;
int tout;
char *device;
int tout;
{
char devname[16], *s, buf[256];
int i, fd;
@ -136,9 +135,9 @@ int tout;
* output an IP packet onto a fd opened for /dev/nit
*/
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
{
int fd, len;
char *pkt;
{
struct strbuf dbuf, *dp = &dbuf, *cp = NULL;
int pri = 0;
#ifdef DL_HP_RAWDLS

View File

@ -60,7 +60,7 @@ int initdevice(char *device, int tout)
* output an IP packet
*/
int sendip(int fd, char *pkt, int len)
{
{
struct sockaddr_raw sr;
int srlen = sizeof(sr);
struct ifreq ifr;

View File

@ -30,7 +30,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)slinux.c 1.2 8/25/95";
static const char rcsid[] = "@(#)$Id: slinux.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#define CHUNKSIZE 8192
@ -46,8 +46,8 @@ static char *eth_dev = NULL;
int initdevice(dev, spare)
char *dev;
int spare;
char *dev;
int spare;
{
int fd;
@ -66,8 +66,8 @@ int spare;
* output an IP packet onto a fd opened for /dev/nit
*/
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
int fd, len;
char *pkt;
{
struct sockaddr s;
struct ifreq ifr;

View File

@ -41,7 +41,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)snit.c 1.5 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#define CHUNKSIZE 8192
@ -58,8 +58,8 @@ static int timeout;
int initdevice(device, tout)
char *device;
int tout;
char *device;
int tout;
{
struct strioctl si;
struct timeval to;
@ -115,9 +115,9 @@ int tout;
* output an IP packet onto a fd opened for /dev/nit
*/
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
{
int fd, len;
char *pkt;
{
struct sockaddr sk, *sa = &sk;
struct strbuf cbuf, *cp = &cbuf, dbuf, *dp = &dbuf;

View File

@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.7 2007/09/13 07:19:34 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/param.h>
#include <sys/types.h>
@ -30,9 +30,8 @@ typedef int boolean_t;
# include <sys/dir.h>
#endif
#if !defined(__osf__)
# ifdef __NetBSD__
# ifdef __NetBSD__
# include <machine/lock.h>
# include <machine/mutex.h>
# endif
# ifdef __FreeBSD__
# define _WANT_FILE
@ -75,9 +74,6 @@ typedef int boolean_t;
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/if.h>
#if defined(__FreeBSD__)
# include "radix_ipf.h"
#endif
#ifndef __osf__
# include <net/route.h>
#endif
@ -123,9 +119,9 @@ static struct kinfo_proc *getproc __P((void));
int kmemcpy(buf, pos, n)
char *buf;
void *pos;
int n;
char *buf;
void *pos;
int n;
{
static int kfd = -1;
off_t offset = (u_long)pos;
@ -203,8 +199,8 @@ static struct proc *getproc()
struct tcpcb *find_tcp(fd, ti)
int fd;
struct tcpiphdr *ti;
int fd;
struct tcpiphdr *ti;
{
struct tcpcb *t;
struct inpcb *i;
@ -294,8 +290,8 @@ static struct kinfo_proc *getproc()
struct tcpcb *find_tcp(tfd, ti)
int tfd;
struct tcpiphdr *ti;
int tfd;
struct tcpiphdr *ti;
{
struct tcpcb *t;
struct inpcb *i;
@ -390,10 +386,10 @@ struct tcpiphdr *ti;
#endif /* BSD < 199301 */
int do_socket(dev, mtu, ti, gwip)
char *dev;
int mtu;
struct tcpiphdr *ti;
struct in_addr gwip;
char *dev;
int mtu;
struct tcpiphdr *ti;
struct in_addr gwip;
{
struct sockaddr_in rsin, lsin;
struct tcpcb *t, tcb;

View File

@ -1,86 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (c) 1982, 1986, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)tcpip.h 8.1 (Berkeley) 6/10/93
* $Id: tcpip.h,v 2.2.2.3 2004/05/26 15:45:48 darrenr Exp $
*/
#ifndef _NETINET_TCPIP_H_
#define _NETINET_TCPIP_H_
# if defined(linux) && !defined(LINUX_IPOVLY)
# define LINUX_IPOVLY
struct ipovly {
caddr_t ih_next, ih_prev; /* for protocol sequence q's */
u_char ih_x1; /* (unused) */
u_char ih_pr; /* protocol */
short ih_len; /* protocol length */
struct in_addr ih_src; /* source internet address */
struct in_addr ih_dst; /* destination internet address */
};
# endif
/*
* Tcp+ip header, after ip options removed.
*/
struct tcpiphdr {
struct ipovly ti_i; /* overlaid ip structure */
struct tcphdr ti_t; /* tcp header */
};
#ifdef notyet
/*
* Tcp+ip header, after ip options removed but including TCP options.
*/
struct full_tcpiphdr {
struct ipovly ti_i; /* overlaid ip structure */
struct tcphdr ti_t; /* tcp header */
char ti_o[TCP_MAXOLEN]; /* space for tcp options */
};
#endif /* notyet */
#define ti_next ti_i.ih_next
#define ti_prev ti_i.ih_prev
#define ti_x1 ti_i.ih_x1
#define ti_pr ti_i.ih_pr
#define ti_len ti_i.ih_len
#define ti_src ti_i.ih_src
#define ti_dst ti_i.ih_dst
#define ti_sport ti_t.th_sport
#define ti_dport ti_t.th_dport
#define ti_seq ti_t.th_seq
#define ti_ack ti_t.th_ack
#define ti_x2 ti_t.th_x2
#define ti_off ti_t.th_off
#define ti_flags ti_t.th_flags
#define ti_win ti_t.th_win
#define ti_sum ti_t.th_sum
#define ti_urp ti_t.th_urp
#endif

View File

@ -1,11 +1,11 @@
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: ipt.h,v 2.6.4.2 2006/03/26 23:42:04 darrenr Exp $
* $Id$
*/
#ifndef __IPT_H__
@ -26,15 +26,12 @@
struct ipread {
int (*r_open) __P((char *));
int (*r_close) __P((void));
int (*r_readip) __P((char *, int, char **, int *));
int (*r_readip) __P((mb_t *, char **, int *));
int r_flags;
};
#define R_DO_CKSUM 0x01
extern void debug __P((char *, ...));
extern void verbose __P((char *, ...));
#ifdef P_DEF
# undef __P
# undef P_DEF

View File

@ -1,10 +1,10 @@
/* $FreeBSD$ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
* $Id: kmem.h,v 2.5 2002/08/21 22:57:36 darrenr Exp $
* $Id$
*/
#ifndef __KMEM_H__

View File

@ -4,7 +4,7 @@
all: l4check
l4check: l4check.c
$(CC) -g -I.. -Wall $(CFLAGS) $(LIBS) l4check.c -o $@
$(CC) -g -I.. $(CFLAGS) $(LIBS) l4check.c -o $@
clean:
/bin/rm -f l4check

View File

@ -1,7 +1,7 @@
/* $FreeBSD$ */
/*
* (C)Copyright March, 2000 - Darren Reed.
* (C)Copyright (C) 2012 by Darren Reed.
*/
#include <sys/types.h>
#include <sys/stat.h>
@ -27,7 +27,6 @@
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_nat.h"
#include "ipl.h"
#include "ipf.h"
@ -68,7 +67,7 @@ int opts = 0;
char *copystr(dst, src)
char *dst, *src;
char *dst, *src;
{
register char *s, *t, c;
register int esc = 0;
@ -97,44 +96,29 @@ char *dst, *src;
}
void addnat(l4)
l4cfg_t *l4;
l4cfg_t *l4;
{
ipnat_t *ipn = &l4->l4_nat;
printf("Add NAT rule for %s/%#x,%u -> ", inet_ntoa(ipn->in_out[0].in4),
printf("Add NAT rule for %s/%#x,%u -> ", inet_ntoa(ipn->in_out[0]),
ipn->in_outmsk, ntohs(ipn->in_pmin));
printf("%s,%u\n", inet_ntoa(ipn->in_in[0].in4), ntohs(ipn->in_pnext));
printf("%s,%u\n", inet_ntoa(ipn->in_in[0]), ntohs(ipn->in_pnext));
if (!(opts & OPT_DONOTHING)) {
ipfobj_t obj;
bzero(&obj, sizeof(obj));
obj.ipfo_rev = IPFILTER_VERSION;
obj.ipfo_size = sizeof(*ipn);
obj.ipfo_ptr = ipn;
if (ioctl(natfd, SIOCADNAT, &obj) == -1)
if (ioctl(natfd, SIOCADNAT, &ipn) == -1)
perror("ioctl(SIOCADNAT)");
}
}
void delnat(l4)
l4cfg_t *l4;
l4cfg_t *l4;
{
ipnat_t *ipn = &l4->l4_nat;
printf("Remove NAT rule for %s/%#x,%u -> ",
inet_ntoa(ipn->in_out[0].in4), ipn->in_outmsk, ipn->in_pmin);
printf("%s,%u\n", inet_ntoa(ipn->in_in[0].in4), ipn->in_pnext);
inet_ntoa(ipn->in_out[0]), ipn->in_outmsk, ipn->in_pmin);
printf("%s,%u\n", inet_ntoa(ipn->in_in[0]), ipn->in_pnext);
if (!(opts & OPT_DONOTHING)) {
ipfobj_t obj;
bzero(&obj, sizeof(obj));
obj.ipfo_rev = IPFILTER_VERSION;
obj.ipfo_size = sizeof(*ipn);
obj.ipfo_ptr = ipn;
if (ioctl(natfd, SIOCRMNAT, &ipn) == -1)
perror("ioctl(SIOCRMNAT)");
}
@ -142,7 +126,7 @@ l4cfg_t *l4;
void connectl4(l4)
l4cfg_t *l4;
l4cfg_t *l4;
{
l4->l4_rw = 1;
l4->l4_rlen = 0;
@ -156,8 +140,8 @@ l4cfg_t *l4;
void closel4(l4, dead)
l4cfg_t *l4;
int dead;
l4cfg_t *l4;
int dead;
{
close(l4->l4_fd);
l4->l4_fd = -1;
@ -170,7 +154,7 @@ int dead;
void connectfd(l4)
l4cfg_t *l4;
l4cfg_t *l4;
{
if (connect(l4->l4_fd, (struct sockaddr *)&l4->l4_sin,
sizeof(l4->l4_sin)) == -1) {
@ -192,8 +176,9 @@ l4cfg_t *l4;
void writefd(l4)
l4cfg_t *l4;
l4cfg_t *l4;
{
char buf[80], *ptr;
int n, i, fd;
fd = l4->l4_fd;
@ -223,7 +208,7 @@ l4cfg_t *l4;
void readfd(l4)
l4cfg_t *l4;
l4cfg_t *l4;
{
char buf[80], *ptr;
int n, i, fd;
@ -417,14 +402,15 @@ int runconfig()
int gethostport(str, lnum, ipp, portp)
char *str;
int lnum;
u_32_t *ipp;
u_short *portp;
char *str;
int lnum;
u_32_t *ipp;
u_short *portp;
{
struct servent *sp;
struct hostent *hp;
char *host, *port;
struct in_addr ip;
host = str;
port = strchr(host, ',');
@ -467,8 +453,8 @@ u_short *portp;
char *mapfile(file, sizep)
char *file;
size_t *sizep;
char *file;
size_t *sizep;
{
struct stat sb;
caddr_t addr;
@ -499,7 +485,7 @@ size_t *sizep;
int readconfig(filename)
char *filename;
char *filename;
{
char c, buf[512], *s, *t, *errtxt = NULL, *line;
int num, err = 0;
@ -569,8 +555,7 @@ char *filename;
break;
}
strncpy(ipn->in_ifnames[0], s, LIFNAMSIZ);
strncpy(ipn->in_ifnames[1], s, LIFNAMSIZ);
strncpy(ipn->in_ifname, s, sizeof(ipn->in_ifname));
if (!gethostport(t, num, &ipn->in_outip,
&ipn->in_pmin)) {
errtxt = line;
@ -582,11 +567,11 @@ char *filename;
if (opts & OPT_VERBOSE)
fprintf(stderr,
"Interface %s %s/%#x port %u\n",
ipn->in_ifnames[0],
inet_ntoa(ipn->in_out[0].in4),
ipn->in_ifname,
inet_ntoa(ipn->in_out[0]),
ipn->in_outmsk, ipn->in_pmin);
} else if (!strcasecmp(t, "remote")) {
if (!*ipn->in_ifnames[0]) {
if (!*ipn->in_ifname) {
fprintf(stderr,
"%d: ifname not set prior to remote\n",
num);
@ -621,7 +606,7 @@ char *filename;
break;
}
bcopy((char *)&template, (char *)l4, sizeof(*l4));
l4->l4_sin.sin_addr = ipn->in_in[0].in4;
l4->l4_sin.sin_addr = ipn->in_in[0];
l4->l4_sin.sin_port = ipn->in_pnext;
l4->l4_next = l4list;
l4list = l4;
@ -768,7 +753,7 @@ char *filename;
void usage(prog)
char *prog;
char *prog;
{
fprintf(stderr, "Usage: %s -f <configfile>\n", prog);
exit(1);
@ -776,8 +761,8 @@ char *prog;
int main(argc, argv)
int argc;
char *argv[];
int argc;
char *argv[];
{
char *config = NULL;
int c;
@ -808,7 +793,7 @@ char *argv[];
}
if (!(opts & OPT_DONOTHING)) {
natfd = open(IPNAT_NAME, O_RDWR);
natfd = open(IPL_NAT, O_RDWR);
if (natfd == -1) {
perror("open(IPL_NAT)");
exit(1);
@ -819,6 +804,4 @@ char *argv[];
fprintf(stderr, "Starting...\n");
while (runconfig() == 0)
;
exit(1);
}

View File

@ -1,27 +1,37 @@
#
# Copyright (C) 1993-2001 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
# $Id: Makefile,v 1.41.2.14 2007/09/21 08:30:43 darrenr Exp $
#
# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
# $Id$
#
INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h
LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/addipopt.o \
$(DEST)/alist_free.o \
$(DEST)/alist_new.o \
$(DEST)/allocmbt.o \
$(DEST)/assigndefined.o \
$(DEST)/bcopywrap.o \
$(DEST)/binprint.o \
$(DEST)/buildopts.o \
$(DEST)/checkrev.o \
$(DEST)/connecttcp.o \
$(DEST)/count6bits.o \
$(DEST)/count4bits.o \
$(DEST)/debug.o \
$(DEST)/dupmbt.o \
$(DEST)/familyname.o \
$(DEST)/facpri.o \
$(DEST)/flags.o \
$(DEST)/fill6bits.o \
$(DEST)/findword.o \
$(DEST)/flags.o \
$(DEST)/freembt.o \
$(DEST)/ftov.o \
$(DEST)/genmask.o \
$(DEST)/gethost.o \
$(DEST)/geticmptype.o \
$(DEST)/getifname.o \
$(DEST)/getnattype.o \
$(DEST)/getport.o \
@ -30,27 +40,30 @@ LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/getsumd.o \
$(DEST)/hostname.o \
$(DEST)/icmpcode.o \
$(DEST)/inet_addr.o \
$(DEST)/icmptypename.o \
$(DEST)/icmptypes.o \
$(DEST)/initparse.o \
$(DEST)/interror.o \
$(DEST)/ionames.o \
$(DEST)/ipoptsec.o \
$(DEST)/ipf_dotuning.o \
$(DEST)/ipft_ef.o \
$(DEST)/ipf_perror.o \
$(DEST)/ipft_hx.o \
$(DEST)/ipft_pc.o \
$(DEST)/ipft_sn.o \
$(DEST)/ipft_td.o \
$(DEST)/ipft_tx.o \
$(DEST)/ipoptsec.o \
$(DEST)/kmem.o \
$(DEST)/kmemcpywrap.o \
$(DEST)/kvatoname.o \
$(DEST)/load_file.o \
$(DEST)/load_dstlist.o \
$(DEST)/load_dstlistnode.o \
$(DEST)/load_hash.o \
$(DEST)/load_hashnode.o \
$(DEST)/load_http.o \
$(DEST)/load_pool.o \
$(DEST)/load_poolnode.o \
$(DEST)/load_url.o \
$(DEST)/msgdsize.o \
$(DEST)/mutex_emul.o \
$(DEST)/nametokva.o \
$(DEST)/nat_setgroupmap.o \
@ -59,46 +72,74 @@ LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/optprint.o \
$(DEST)/optprintv6.o \
$(DEST)/optvalue.o \
$(DEST)/parsefields.o \
$(DEST)/parseipfexpr.o \
$(DEST)/parsewhoisline.o \
$(DEST)/poolio.o \
$(DEST)/portname.o \
$(DEST)/print_toif.o \
$(DEST)/printactiveaddr.o \
$(DEST)/printactivenat.o \
$(DEST)/printaddr.o \
$(DEST)/printaps.o \
$(DEST)/printbuf.o \
$(DEST)/printdstlist.o \
$(DEST)/printdstlistdata.o \
$(DEST)/printdstlistnode.o \
$(DEST)/printdstlistpolicy.o \
$(DEST)/printdstl_live.o \
$(DEST)/printfieldhdr.o \
$(DEST)/printfr.o \
$(DEST)/printfraginfo.o \
$(DEST)/printhash.o \
$(DEST)/printhashdata.o \
$(DEST)/printhashnode.o \
$(DEST)/printhash_live.o \
$(DEST)/printhost.o \
$(DEST)/printhostmap.o \
$(DEST)/printhostmask.o \
$(DEST)/printifname.o \
$(DEST)/printip.o \
$(DEST)/printipfexpr.o \
$(DEST)/printlog.o \
$(DEST)/printlookup.o \
$(DEST)/printmask.o \
$(DEST)/printnat.o \
$(DEST)/printnataddr.o \
$(DEST)/printnatfield.o \
$(DEST)/printnatside.o \
$(DEST)/printpool.o \
$(DEST)/printpooldata.o \
$(DEST)/printpoolfield.o \
$(DEST)/printpoolnode.o \
$(DEST)/printpool_live.o \
$(DEST)/printproto.o \
$(DEST)/printfr.o \
$(DEST)/printfraginfo.o \
$(DEST)/printhostmap.o \
$(DEST)/printifname.o \
$(DEST)/printhostmask.o \
$(DEST)/printlog.o \
$(DEST)/printmask.o \
$(DEST)/printnat.o \
$(DEST)/printportcmp.o \
$(DEST)/printpacket.o \
$(DEST)/printpacket6.o \
$(DEST)/printsbuf.o \
$(DEST)/printstate.o \
$(DEST)/printstatefields.o \
$(DEST)/printtcpflags.o \
$(DEST)/printtqtable.o \
$(DEST)/printtunable.o \
$(DEST)/printunit.o \
$(DEST)/remove_hash.o \
$(DEST)/remove_hashnode.o \
$(DEST)/remove_pool.o \
$(DEST)/remove_poolnode.o \
$(DEST)/resetlexer.o \
$(DEST)/rwlock_emul.o \
$(DEST)/save_execute.o \
$(DEST)/save_file.o \
$(DEST)/save_nothing.o \
$(DEST)/save_syslog.o \
$(DEST)/save_v1trap.o \
$(DEST)/save_v2trap.o \
$(DEST)/tcpflags.o \
$(DEST)/tcp_flags.o \
$(DEST)/var.o \
$(DEST)/verbose.o \
$(DEST)/vtof.o \
$(DEST)/v6ionames.o \
$(DEST)/v6optvalue.o
@ -115,12 +156,18 @@ $(DEST)/alist_free.o: $(LIBSRC)/alist_free.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/alist_free.c -o $@
$(DEST)/alist_new.o: $(LIBSRC)/alist_new.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/alist_new.c -o $@
$(DEST)/allocmbt.o: $(LIBSRC)/allocmbt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/allocmbt.c -o $@
$(DEST)/assigndefined.o: $(LIBSRC)/assigndefined.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/assigndefined.c -o $@
$(DEST)/bcopywrap.o: $(LIBSRC)/bcopywrap.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/bcopywrap.c -o $@
$(DEST)/binprint.o: $(LIBSRC)/binprint.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/binprint.c -o $@
$(DEST)/buildopts.o: $(LIBSRC)/buildopts.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/buildopts.c -o $@
$(DEST)/connecttcp.o: $(LIBSRC)/connecttcp.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/connecttcp.c -o $@
$(DEST)/count6bits.o: $(LIBSRC)/count6bits.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/count6bits.c -o $@
$(DEST)/checkrev.o: $(LIBSRC)/checkrev.c $(INCDEP) $(TOP)/ipl.h
@ -129,17 +176,31 @@ $(DEST)/count4bits.o: $(LIBSRC)/count4bits.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/count4bits.c -o $@
$(DEST)/debug.o: $(LIBSRC)/debug.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/debug.c -o $@
$(DEST)/dupmbt.o: $(LIBSRC)/dupmbt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/dupmbt.c -o $@
$(DEST)/facpri.o: $(LIBSRC)/facpri.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/facpri.c -o $@
$(DEST)/familyname.o: $(LIBSRC)/familyname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/familyname.c -o $@
$(DEST)/fill6bits.o: $(LIBSRC)/fill6bits.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/fill6bits.c -o $@
$(DEST)/findword.o: $(LIBSRC)/findword.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/findword.c -o $@
$(DEST)/flags.o: $(LIBSRC)/flags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/flags.c -o $@
$(DEST)/freembt.o: $(LIBSRC)/freembt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/freembt.c -o $@
$(DEST)/ftov.o: $(LIBSRC)/ftov.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ftov.c -o $@
$(DEST)/genmask.o: $(LIBSRC)/genmask.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/genmask.c -o $@
$(DEST)/gethost.o: $(LIBSRC)/gethost.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/gethost.c -o $@
$(DEST)/geticmptype.o: $(LIBSRC)/geticmptype.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/geticmptype.c -o $@
$(DEST)/getifname.o: $(LIBSRC)/getifname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getifname.c -o $@
$(DEST)/getnattype.o: $(LIBSRC)/getnattype.c $(INCDEP)
$(DEST)/getnattype.o: $(LIBSRC)/getnattype.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/getnattype.c -o $@
$(DEST)/getport.o: $(LIBSRC)/getport.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getport.c -o $@
@ -153,26 +214,26 @@ $(DEST)/hostname.o: $(LIBSRC)/hostname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/hostname.c -o $@
$(DEST)/icmpcode.o: $(LIBSRC)/icmpcode.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/icmpcode.c -o $@
$(DEST)/icmptypename.o: $(LIBSRC)/icmptypename.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/icmptypename.c -o $@
$(DEST)/icmptypes.o: $(LIBSRC)/icmptypes.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/icmptypes.c -o $@
$(DEST)/interror.o: $(LIBSRC)/interror.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/interror.c -o $@
$(DEST)/ipoptsec.o: $(LIBSRC)/ipoptsec.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipoptsec.c -o $@
$(DEST)/inet_addr.o: $(LIBSRC)/inet_addr.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/inet_addr.c -o $@
$(DEST)/initparse.o: $(LIBSRC)/initparse.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/initparse.c -o $@
$(DEST)/ionames.o: $(LIBSRC)/ionames.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ionames.c -o $@
$(DEST)/ipf_dotuning.o: $(LIBSRC)/ipf_dotuning.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipf_dotuning.c -o $@
$(DEST)/ipft_ef.o: $(LIBSRC)/ipft_ef.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_ef.c -o $@
$(DEST)/ipf_perror.o: $(LIBSRC)/ipf_perror.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipf_perror.c -o $@
$(DEST)/ipft_hx.o: $(LIBSRC)/ipft_hx.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_hx.c -o $@
$(DEST)/ipft_pc.o: $(LIBSRC)/ipft_pc.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_pc.c -o $@
$(DEST)/ipft_sn.o: $(LIBSRC)/ipft_sn.c $(TOP)/snoop.h
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_sn.c -o $@
$(DEST)/ipft_td.o: $(LIBSRC)/ipft_td.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_td.c -o $@
$(DEST)/ipft_tx.o: $(LIBSRC)/ipft_tx.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/ipft_tx.c -o $@
$(DEST)/kmem.o: $(LIBSRC)/kmem.c $(INCDEP)
@ -183,6 +244,11 @@ $(DEST)/kvatoname.o: $(LIBSRC)/kvatoname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/kvatoname.c -o $@
$(DEST)/load_file.o: $(LIBSRC)/load_file.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/load_file.c -o $@
$(DEST)/load_dstlist.o: $(LIBSRC)/load_dstlist.c $(INCDEP) $(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_dstlist.c -o $@
$(DEST)/load_dstlistnode.o: $(LIBSRC)/load_dstlistnode.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_dstlistnode.c -o $@
$(DEST)/load_hash.o: $(LIBSRC)/load_hash.c $(INCDEP) $(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_hash.c -o $@
$(DEST)/load_hashnode.o: $(LIBSRC)/load_hashnode.c $(INCDEP) $(TOP)/ip_htable.h
@ -195,8 +261,8 @@ $(DEST)/load_poolnode.o: $(LIBSRC)/load_poolnode.c $(INCDEP) $(TOP)/ip_pool.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_poolnode.c -o $@
$(DEST)/load_url.o: $(LIBSRC)/load_url.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/load_url.c -o $@
$(DEST)/make_range.o: $(LIBSRC)/make_range.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/make_range.c -o $@
$(DEST)/msgdsize.o: $(LIBSRC)/msgdsize.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/msgdsize.c -o $@
$(DEST)/mutex_emul.o: $(LIBSRC)/mutex_emul.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/mutex_emul.c -o $@
$(DEST)/nametokva.o: $(LIBSRC)/nametokva.c $(INCDEP)
@ -214,35 +280,78 @@ $(DEST)/optprintv6.o: $(LIBSRC)/optprintv6.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/optprintv6.c -o $@
$(DEST)/optvalue.o: $(LIBSRC)/optvalue.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/optvalue.c -o $@
$(DEST)/parsefields.o: $(LIBSRC)/parsefields.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/parsefields.c -o $@
$(DEST)/parseipfexpr.o: $(LIBSRC)/parseipfexpr.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/parseipfexpr.c -o $@
$(DEST)/parsewhoisline.o: $(LIBSRC)/parsewhoisline.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/parsewhoisline.c -o $@
$(DEST)/poolio.o: $(LIBSRC)/poolio.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/poolio.c -o $@
$(DEST)/portname.o: $(LIBSRC)/portname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/portname.c -o $@
$(DEST)/print_toif.o: $(LIBSRC)/print_toif.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/print_toif.c -o $@
$(DEST)/printactivenat.o: $(LIBSRC)/printactivenat.c $(INCDEP)
$(DEST)/printactiveaddr.o: $(LIBSRC)/printactiveaddr.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printactiveaddr.c -o $@
$(DEST)/printactivenat.o: $(LIBSRC)/printactivenat.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printactivenat.c -o $@
$(DEST)/printaddr.o: $(LIBSRC)/printaddr.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printaddr.c -o $@
$(DEST)/printaps.o: $(LIBSRC)/printaps.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printaps.c -o $@
$(DEST)/printbuf.o: $(LIBSRC)/printbuf.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printbuf.c -o $@
$(DEST)/printdstlist.o: $(LIBSRC)/printdstlist.c $(INCDEP) $(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlist.c -o $@
$(DEST)/printdstlistdata.o: $(LIBSRC)/printdstlistdata.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlistdata.c -o $@
$(DEST)/printdstlistnode.o: $(LIBSRC)/printdstlistnode.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlistnode.c -o $@
$(DEST)/printdstlistpolicy.o: $(LIBSRC)/printdstlistpolicy.c $(INCDEP) \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstlistpolicy.c -o $@
$(DEST)/printfieldhdr.o: $(LIBSRC)/printfieldhdr.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printfieldhdr.c -o $@
$(DEST)/printfr.o: $(LIBSRC)/printfr.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printfr.c -o $@
$(DEST)/printfraginfo.o: $(LIBSRC)/printfraginfo.c $(TOP)/ip_fil.h
$(DEST)/printfraginfo.o: $(LIBSRC)/printfraginfo.c $(TOP)/ip_fil.h \
$(TOP)/ip_frag.h
$(CC) $(CCARGS) -c $(LIBSRC)/printfraginfo.c -o $@
$(DEST)/printhash.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhash.c -o $@
$(DEST)/printhashdata.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h
$(DEST)/printhashdata.o: $(LIBSRC)/printhashdata.c $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhashdata.c -o $@
$(DEST)/printhashnode.o: $(LIBSRC)/printhashnode.c $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhashnode.c -o $@
$(DEST)/printhash_live.o: $(LIBSRC)/printhash_live.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h
$(DEST)/printhash_live.o: $(LIBSRC)/printhash_live.c $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhash_live.c -o $@
$(DEST)/printdstl_live.o: $(LIBSRC)/printdstl_live.c $(TOP)/ip_fil.h \
$(TOP)/ip_dstlist.h
$(CC) $(CCARGS) -c $(LIBSRC)/printdstl_live.c -o $@
$(DEST)/printip.o: $(LIBSRC)/printip.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printip.c -o $@
$(DEST)/printipfexpr.o: $(LIBSRC)/printipfexpr.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printipfexpr.c -o $@
$(DEST)/printlookup.o: $(LIBSRC)/printlookup.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printlookup.c -o $@
$(DEST)/printnataddr.o: $(LIBSRC)/printnataddr.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnataddr.c -o $@
$(DEST)/printnatside.o: $(LIBSRC)/printnatside.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnatside.c -o $@
$(DEST)/printpool.o: $(LIBSRC)/printpool.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpool.c -o $@
$(DEST)/printpooldata.o: $(LIBSRC)/printpooldata.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h
$(DEST)/printpooldata.o: $(LIBSRC)/printpooldata.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpooldata.c -o $@
$(DEST)/printpoolfield.o: $(LIBSRC)/printpoolfield.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpoolfield.c -o $@
$(DEST)/printpoolnode.o: $(LIBSRC)/printpoolnode.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpoolnode.c -o $@
@ -251,14 +360,18 @@ $(DEST)/printpool_live.o: $(LIBSRC)/printpool_live.c $(TOP)/ip_fil.h \
$(CC) $(CCARGS) -c $(LIBSRC)/printpool_live.c -o $@
$(DEST)/printproto.o: $(LIBSRC)/printproto.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printproto.c -o $@
$(DEST)/printhost.o: $(LIBSRC)/printhost.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhost.c -o $@
$(DEST)/printhostmap.o: $(LIBSRC)/printhostmap.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhostmap.c -o $@
$(DEST)/printifname.o: $(LIBSRC)/printifname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printifname.c -o $@
$(DEST)/printmask.o: $(LIBSRC)/printmask.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printmask.c -o $@
$(DEST)/printnat.o: $(LIBSRC)/printnat.c $(INCDEP)
$(DEST)/printnat.o: $(LIBSRC)/printnat.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnat.c -o $@
$(DEST)/printnatfield.o: $(LIBSRC)/printnatfield.c $(INCDEP) $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(LIBSRC)/printnatfield.c -o $@
$(DEST)/printhostmask.o: $(LIBSRC)/printhostmask.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printhostmask.c -o $@
$(DEST)/printlog.o: $(LIBSRC)/printlog.c $(INCDEP)
@ -273,10 +386,16 @@ $(DEST)/printsbuf.o: $(LIBSRC)/printsbuf.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printsbuf.c -o $@
$(DEST)/printstate.o: $(LIBSRC)/printstate.c $(INCDEP) $(TOP)/ip_state.h
$(CC) $(CCARGS) -c $(LIBSRC)/printstate.c -o $@
$(DEST)/printstatefields.o: $(LIBSRC)/printstatefields.c $(INCDEP) $(TOP)/ip_state.h
$(CC) $(CCARGS) -c $(LIBSRC)/printstatefields.c -o $@
$(DEST)/printtcpflags.o: $(LIBSRC)/printtcpflags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printtcpflags.c -o $@
$(DEST)/printtqtable.o: $(LIBSRC)/printtqtable.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printtqtable.c -o $@
$(DEST)/printtunable.o: $(LIBSRC)/printtunable.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printtunable.c -o $@
$(DEST)/printunit.o: $(LIBSRC)/printunit.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printunit.c -o $@
$(DEST)/remove_hash.o: $(LIBSRC)/remove_hash.c $(INCDEP) \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/remove_hash.c -o $@
@ -301,6 +420,20 @@ $(DEST)/var.o: $(LIBSRC)/var.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/var.c -o $@
$(DEST)/verbose.o: $(LIBSRC)/verbose.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/verbose.c -o $@
$(DEST)/save_execute.o: $(LIBSRC)/save_execute.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_execute.c -o $@
$(DEST)/save_file.o: $(LIBSRC)/save_file.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_file.c -o $@
$(DEST)/save_nothing.o: $(LIBSRC)/save_nothing.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_nothing.c -o $@
$(DEST)/save_syslog.o: $(LIBSRC)/save_syslog.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_syslog.c -o $@
$(DEST)/vtof.o: $(LIBSRC)/vtof.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/vtof.c -o $@
$(DEST)/save_v1trap.o: $(LIBSRC)/save_v1trap.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_v1trap.c -o $@
$(DEST)/save_v2trap.o: $(LIBSRC)/save_v2trap.c $(TOP)/ipl.h
$(CC) $(CCARGS) -c $(LIBSRC)/save_v2trap.c -o $@
$(DEST)/v6ionames.o: $(LIBSRC)/v6ionames.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/v6ionames.c -o $@
$(DEST)/v6optvalue.o: $(LIBSRC)/v6optvalue.c $(INCDEP)

View File

@ -1,11 +1,11 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2006 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: addicmp.c,v 1.10.2.5 2006/06/16 17:20:55 darrenr Exp $
* $Id$
*/
#include <ctype.h>

View File

@ -1,21 +1,21 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2002 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: addipopt.c,v 1.7.4.1 2006/06/16 17:20:56 darrenr Exp $
* $Id$
*/
#include "ipf.h"
int addipopt(op, io, len, class)
char *op;
struct ipopt_names *io;
int len;
char *class;
char *op;
struct ipopt_names *io;
int len;
char *class;
{
int olen = len;
struct in_addr ipadr;
@ -41,6 +41,10 @@ char *class;
lvl = seclevel(class);
*(op - 1) = lvl;
break;
case IPOPT_RR :
case IPOPT_TS :
s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4;
break;
case IPOPT_LSRR :
case IPOPT_SSRR :
ipadr.s_addr = inet_addr(class);
@ -53,12 +57,6 @@ char *class;
break;
}
}
op += io->on_siz - 3;
if (len & 3) {
*op++ = IPOPT_NOP;
len++;
}
}
if (opts & OPT_DEBUG)
fprintf(stderr, "bo: %s %d %#x: %d\n",

View File

@ -1,15 +1,15 @@
/*
* Copyright (C) 2006 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: alist_free.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $
* $Id: alist_free.c,v 1.3.2.2 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
void
alist_free(hosts)
alist_t *hosts;
alist_t *hosts;
{
alist_t *a, *next;

View File

@ -1,20 +1,30 @@
/*
* Copyright (C) 2006 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: alist_new.c,v 1.1.2.3 2007/06/06 08:05:33 darrenr Exp $
* $Id: alist_new.c,v 1.5.2.2 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
#include <ctype.h>
alist_t *
alist_new(int v, char *host)
alist_t *
alist_new(int family, char *host)
{
int a, b, c, d, bits;
char *slash;
alist_t *al;
u_int mask;
char *slash;
alist_t *al;
u_int mask;
if (family == AF_UNSPEC) {
if (strchr(host, ':') != NULL)
family = AF_INET6;
else
family = AF_INET;
}
if (family != AF_INET && family != AF_INET6)
return NULL;
al = calloc(1, sizeof(*al));
if (al == NULL) {
@ -22,45 +32,62 @@ alist_new(int v, char *host)
return NULL;
}
bits = -1;
while (ISSPACE(*host))
host++;
if (*host == '!') {
al->al_not = 1;
host++;
while (ISSPACE(*host))
host++;
}
bits = -1;
slash = strchr(host, '/');
if (slash != NULL) {
*slash = '\0';
bits = atoi(slash + 1);
}
a = b = c = d = -1;
sscanf(host, "%d.%d.%d.%d", &a, &b, &c, &d);
if (family == AF_INET) {
if (bits > 32)
goto bad;
if (bits > 0 && bits < 33) {
mask = 0xffffffff << (32 - bits);
} else if (b == -1) {
mask = 0xff000000;
b = c = d = 0;
} else if (c == -1) {
mask = 0xffff0000;
c = d = 0;
} else if (d == -1) {
mask = 0xffffff00;
d = 0;
a = b = c = d = -1;
sscanf(host, "%d.%d.%d.%d", &a, &b, &c, &d);
if (bits > 0 && bits < 33) {
mask = 0xffffffff << (32 - bits);
} else if (b == -1) {
mask = 0xff000000;
b = c = d = 0;
} else if (c == -1) {
mask = 0xffff0000;
c = d = 0;
} else if (d == -1) {
mask = 0xffffff00;
d = 0;
} else {
mask = 0xffffffff;
}
al->al_mask = htonl(mask);
} else {
mask = 0xffffffff;
if (bits > 128)
goto bad;
fill6bits(bits, al->al_i6mask.i6);
}
if (*host == '!') {
al->al_not = 1;
host++;
}
if (gethost(host, &al->al_addr) == -1) {
if (gethost(family, host, &al->al_i6addr) == -1) {
if (slash != NULL)
*slash = '/';
fprintf(stderr, "Cannot parse hostname\n");
free(al);
return NULL;
goto bad;
}
al->al_mask = htonl(mask);
al->al_family = family;
if (slash != NULL)
*slash = '/';
return al;
bad:
free(al);
return NULL;
}

View File

@ -0,0 +1,22 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: allocmbt.c,v 1.1.4.1 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
mb_t *allocmbt(size_t len)
{
mb_t *m;
m = (mb_t *)malloc(sizeof(mb_t));
if (m == NULL)
return NULL;
m->mb_len = len;
m->mb_next = NULL;
m->mb_data = (char *)m->mb_buf;
return m;
}

View File

@ -0,0 +1,27 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: assigndefined.c,v 1.4.2.2 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
void assigndefined(env)
char *env;
{
char *s, *t;
if (env == NULL)
return;
for (s = strtok(env, ";"); s != NULL; s = strtok(NULL, ";")) {
t = strchr(s, '=');
if (t == NULL)
continue;
*t++ = '\0';
set_variable(s, t);
*--t = '=';
}
}

View File

@ -1,18 +1,18 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2002 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: bcopywrap.c,v 1.1.4.1 2006/06/16 17:20:56 darrenr Exp $
*/
*
* $Id$
*/
#include "ipf.h"
int bcopywrap(from, to, size)
void *from, *to;
size_t size;
void *from, *to;
size_t size;
{
bcopy((caddr_t)from, (caddr_t)to, size);
return 0;

View File

@ -1,19 +1,19 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2002 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: binprint.c,v 1.8.4.1 2006/06/16 17:20:56 darrenr Exp $
* $Id$
*/
#include "ipf.h"
void binprint(ptr, size)
void *ptr;
size_t size;
void *ptr;
size_t size;
{
u_char *s;
int i, j;

View File

@ -1,19 +1,19 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2002 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: buildopts.c,v 1.6.4.1 2006/06/16 17:20:56 darrenr Exp $
* $Id$
*/
#include "ipf.h"
u_32_t buildopts(cp, op, len)
char *cp, *op;
int len;
char *cp, *op;
int len;
{
struct ipopt_names *io;
u_32_t msk = 0;
@ -23,6 +23,8 @@ int len;
for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) {
if ((t = strchr(s, '=')))
*t++ = '\0';
else
t = "";
for (io = ionames; io->on_name; io++) {
if (strcasecmp(s, io->on_name) || (msk & io->on_bit))
continue;
@ -38,6 +40,10 @@ int len;
return 0;
}
}
while ((len & 3) != 3) {
*op++ = IPOPT_NOP;
len++;
}
*op++ = IPOPT_EOL;
len++;
return len;

View File

@ -1,11 +1,11 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2004 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: checkrev.c,v 1.12.2.2 2006/06/16 17:20:56 darrenr Exp $
* $Id$
*/
#include <sys/ioctl.h>
@ -15,25 +15,25 @@
#include "netinet/ipl.h"
int checkrev(ipfname)
char *ipfname;
char *ipfname;
{
static int vfd = -1;
struct friostat fio, *fiop = &fio;
ipfobj_t ipfo;
struct friostat fio;
ipfobj_t obj;
bzero((caddr_t)&ipfo, sizeof(ipfo));
ipfo.ipfo_rev = IPFILTER_VERSION;
ipfo.ipfo_size = sizeof(*fiop);
ipfo.ipfo_ptr = (void *)fiop;
ipfo.ipfo_type = IPFOBJ_IPFSTAT;
bzero((caddr_t)&obj, sizeof(obj));
obj.ipfo_rev = IPFILTER_VERSION;
obj.ipfo_size = sizeof(fio);
obj.ipfo_ptr = (void *)&fio;
obj.ipfo_type = IPFOBJ_IPFSTAT;
if ((vfd == -1) && ((vfd = open(ipfname, O_RDONLY)) == -1)) {
perror("open device");
return -1;
}
if (ioctl(vfd, SIOCGETFS, &ipfo)) {
perror("ioctl(SIOCGETFS)");
if (ioctl(vfd, SIOCGETFS, &obj)) {
ipferror(vfd, "ioctl(SIOCGETFS)");
close(vfd);
vfd = -1;
return -1;

View File

@ -0,0 +1,48 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: connecttcp.c,v 1.3.2.2 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
#include <ctype.h>
/*
* Format expected is one addres per line, at the start of each line.
*/
int
connecttcp(char *server, int port)
{
struct sockaddr_in sin;
struct hostent *host;
int fd;
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_port = htons(port & 65535);
if (ISDIGIT(*server)) {
if (inet_aton(server, &sin.sin_addr) == -1) {
return -1;
}
} else {
host = gethostbyname(server);
if (host == NULL)
return -1;
memcpy(&sin.sin_addr, host->h_addr_list[0],
sizeof(sin.sin_addr));
}
fd = socket(AF_INET, SOCK_STREAM, 0);
if (fd == -1)
return -1;
if (connect(fd, (struct sockaddr *)&sin, sizeof(sin)) == -1) {
close(fd);
return -1;
}
return fd;
}

View File

@ -1,11 +1,11 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2002 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: count4bits.c,v 1.1.4.1 2006/06/16 17:20:57 darrenr Exp $
* $Id$
*/
#include "ipf.h"
@ -17,7 +17,7 @@
* of bits.
*/
int count4bits(ip)
u_int ip;
u_int ip;
{
int cnt = 0, i, j;
u_int ipn;

View File

@ -1,18 +1,18 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2001 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: count6bits.c,v 1.4.4.1 2006/06/16 17:20:57 darrenr Exp $
* $Id$
*/
#include "ipf.h"
int count6bits(msk)
u_32_t *msk;
u_32_t *msk;
{
int i = 0, k;
u_32_t j;

View File

@ -1,11 +1,11 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2001 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: debug.c,v 1.6.4.1 2006/06/16 17:20:57 darrenr Exp $
* $Id$
*/
#if defined(__STDC__)
@ -15,16 +15,37 @@
#endif
#include <stdio.h>
#include "ipt.h"
#include "ipf.h"
#include "opts.h"
int debuglevel = 0;
#ifdef __STDC__
void debug(char *fmt, ...)
void debug(int level, char *fmt, ...)
#else
void debug(fmt, va_alist)
char *fmt;
va_dcl
void debug(level, fmt, va_alist)
int level;
char *fmt;
va_dcl
#endif
{
va_list pvar;
va_start(pvar, fmt);
if ((debuglevel > 0) && (level <= debuglevel))
vfprintf(stderr, fmt, pvar);
va_end(pvar);
}
#ifdef __STDC__
void ipfkdebug(char *fmt, ...)
#else
void ipfkdebug(fmt, va_alist)
char *fmt;
va_dcl
#endif
{
va_list pvar;
@ -32,6 +53,6 @@ va_dcl
va_start(pvar, fmt);
if (opts & OPT_DEBUG)
vprintf(fmt, pvar);
debug(0x1fffffff, fmt, pvar);
va_end(pvar);
}

View File

@ -0,0 +1,24 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: dupmbt.c,v 1.3.2.2 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
mb_t *dupmbt(orig)
mb_t *orig;
{
mb_t *m;
m = (mb_t *)malloc(sizeof(mb_t));
if (m == NULL)
return NULL;
m->mb_len = orig->mb_len;
m->mb_next = NULL;
m->mb_data = (char *)m->mb_buf + (orig->mb_data - (char *)orig->mb_buf);
bcopy(orig->mb_data, m->mb_data, m->mb_len);
return m;
}

View File

@ -1,11 +1,11 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2006 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp $
* $Id$
*/
#include <stdio.h>
@ -22,7 +22,7 @@
#include "facpri.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp $";
static const char rcsid[] = "@(#)$Id$";
#endif
@ -96,7 +96,7 @@ fac_toname(facpri)
/*
* map a facility name to its number
*/
int
int
fac_findname(name)
char *name;
{
@ -118,6 +118,22 @@ table_t pris[] = {
};
/*
* map a facility name to its number
*/
int
pri_findname(name)
char *name;
{
int i;
for (i = 0; pris[i].name; i++)
if (!strcmp(pris[i].name, name))
return pris[i].value;
return -1;
}
/*
* map a priority number to its name
*/

View File

@ -1,11 +1,11 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2001 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: facpri.h,v 1.3.4.1 2006/06/16 17:20:58 darrenr Exp $
* $Id$
*/
#ifndef __FACPRI_H__

View File

@ -0,0 +1,12 @@
#include "ipf.h"
const char *familyname(int family)
{
if (family == AF_INET)
return "inet";
#ifdef AF_INET6
if (family == AF_INET6)
return "inet6";
#endif
return "unknown";
}

View File

@ -1,19 +1,19 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2000-2002 by Darren Reed.
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: fill6bits.c,v 1.5.4.1 2006/06/16 17:20:58 darrenr Exp $
* $Id$
*/
#include "ipf.h"
void fill6bits(bits, msk)
int bits;
u_int *msk;
int bits;
u_int *msk;
{
if (bits == 0) {
msk[0] = 0;

View File

@ -0,0 +1,25 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: findword.c,v 1.3.4.1 2012/07/22 08:04:24 darren_r Exp $
*/
#include "ipf.h"
wordtab_t *findword(words, name)
wordtab_t *words;
char *name;
{
wordtab_t *w;
for (w = words; w->w_word != NULL; w++)
if (!strcmp(name, w->w_word))
break;
if (w->w_word == NULL)
return NULL;
return w;
}

Some files were not shown because too many files have changed in this diff Show More